This section provides information on how to prevent domain hijacking.
Domain Name Server (DNS) hijacking is a type of DNS attack in which bad actors search for subdomains that are unused but pointed to an existing service. Attackers will then sign up for those services and use those subdomains to host malicious sites.
Pantheon requires you to validate ownership of your custom domains at the time of adding domains to Pantheon sites. For the specific steps on adding custom domains, see Add a Custom Domain. Validating ownership (which is now enforced) would ensure that your custom domains will not be taken over by bad actors.
When removing unused sites, delete the corresponding A or CNAME records with your DNS provider.
Using wildcard DNS settings is not considered best practice on a cloud-hosted platform such as Pantheon.
Take advantage of the security features offered by your DNS Manager to ensure that bad actors can't access your subdomains.
For example, regularly audit your DNS records and periodically make sure that you're still in control of everything your subdomains point to.