All Collections
UpGuard BreachSight
How to handle domains that aren't in use
How to handle domains that aren't in use

Learn how to handle a domain you don't want to see in your UpGuard BreachSight reports.

Abi Tyas Tunggal avatar
Written by Abi Tyas Tunggal
Updated over a week ago

Sometimes, you may have a domain that you don't want to see in your reports. This can be the case for a variety of reasons, and you have a few options on how to handle these sites:

  1. Secure the domain: Even if you're not using the site regularly, it's important that you take steps to properly secure all domains associated with your business. Improperly secured sites give bad actors a way into your ecosystem and can be used to engineer access to other, active sites and secure systems. 

  2. Set up allow-list IP filtering: Implement a filter list that allows only certain IPs to access this site - namely, IPs belonging to your organization - this would keep potential bad actors from accessing the domain and taking advantage of security issues. It would also keep the site from being picked up on our scans, which has the side benefit of bringing up your overall security score

  3. Set the domain up as a redirect to your main site: Taking this option means you'd still need to fix the security risks associated with the domain, as redirects have to be secured on their own in addition to properly securing your main site. However, it would allow you to keep the domain and use it to direct customers/contacts to your current, active page, while also keeping you more secure overall.

  4. Take the domain down: Fully decommission the domain and remove any DNS records associated with it. If you're holding onto this domain to keep others from registering it (which is very reasonable), we realize this may not be a viable option, and so would encourage you to go with one of the others listed above.

  5. If none of the above work for you: If none of the above options suit your needs, and you don't want to see risks associated with that site listed in your reports, the best option would be to take advantage of the Risk Waivers feature. This will allow you to "dismiss" the risks associated with this domain and keep them from showing up in your risk profile or impacting your score. While we strongly encourage you to go with one of the other options to keep yourself secure, if this is a better fit for you, it's always available within the tool.

Related Articles

Did this answer your question?