Table of Contents
LUCY works with virtualized servers. That’s why you can run multiple campaigns with different domain names in parallel on the same IP. There are no limitations on the number of domains you can map to LUCY. When you buy our VPS option you already have 1 domain included. You can add more domains to the VPS yourself using the registration wizard in LUCY or ask us to configure this for you. Depending on the license model you will already have credits within your installation which you can use to reserve new domains. The prices vary between 0.15 cent per domain (e.g. .xyz or .online) to 15 USD per domain (e.g. TLD like .com).
If you define a domain in LUCY's web GUI, it can only be used for the phishing campaign – not the Admin access. By default the administrative access works only with an IP address; however, LUCY’s administrative access can still be reached using a domain name in the browser. This works only if you have defined Domain Name in the Initial Setup Script. Please note that this can be done only if you choose the Manual Setup instead of the Automatic Setup. It is also only possible to map 1 domain for the administration UI.
DNS Records for the admin interface
In order to reach the admin interface with your custom domain you need to configure this domain within the Linux setup script. Choose the domain configuration and enter the FQDN of your server in there:
LUCY will generate the according certificate for that domain and you will be able to access LUCY using this domain name. If you want to create a trusted certificate for this domain you can go to the ssl settings menu and choose "Lets Encrypt" which will automatically display the domain name created in the setup script. The field is always greyed out as it cannot be configured within the web interface:
Access LUCY from remote
The DNS record determines under which name or IP address LUCY can be reached in a campaign from the internet/intranet. If you want remote users to be able to access LUCY with a domain name, you need to define a DNS entry. You have four options:
- Use the Public IP from LUCY
- Use the Private IP from LUCY
- Use a Public Domain for LUCY
- Use a Dynamic Domain for LUCY
Use the Public IP from LUCY
If LUCY is located on a private network, you have to select the option "Custom Domain" and enter the private IP address which you see in the browser into the proper field. Using Port Forwarding on your firewall you still might be able to make LUCY accessible from the internet.
Use a Dynamic Domain for LUCY
This option allows you to run LUCY in a private network (e.g. on your laptop) and make it accessible from the internet (assuming your firewall allows port forwarding rules for a specific host). Service like DynDNS will allow you to run LUCY on a private IP behind a NAT Device. The Dynamic DNS account information can be saved in Settings/DynamicDNS.
First, define the Dynamic Domain in "Settings/Domain" and mark the domain as "Dynamic".
After selecting your Dynamic DNS service you can save your authentication details and the domain will become available in the Base Settings of the campaign.
Use a Public Domain for LUCY
- Option 1: You don't have a domain yet: If you don't have a domain registered yet, you can use the integrated LUCY Domain Registration Wizard. This feature is only available for commercial licenses, allowing you to reserve all the available domain names for an affordable price. Commercial clients have a built-in budget for using the domain API and are also able to later add credits for the domain reservation.
- Option 2: You already have a domain: In order to use a Public Domain you need to add the domain in the settings menu "Domain Settings". The domain has to be saved without the subdomain (correct domain: "example.com" | wrong domain: "www.example.com"). The subdomain can be defined in the campaign at a later stage.
Note: If you defined a domain within the Settings like example.com, you can select it in the drop-down menu “Domain”. Once you have selected the domain, another drop-down menu appears where you can add the subdomain like “www”.
If you configure as a domain "example.com" the phishing campaign will be only reachable via: http(s):example.com but not http(s):www.example.com-
Configuring Sub Domains (A-records)
LUCY allows you to allocate specific subdomains for a given Domain Name. Let's assume you have registered the domain "example.com" and want traffic only for the A-Record "phishing" to be redirected to LUCY. You need to first enter the Domain Name "example.com" in the Domain Settings (create a new record called "example.com" without the subdomain).
The subdomain can be later defined in the specific campaign (see screenshot) under Scenario Settings.
Please note: you can host campaigns with multiple subdomains using the same domain name in different campaigns within LUCY (e.g. domain1.example.com & domain2.example.com). In order to map multiple a-records to LUCY you need to create the according DNS record (usually providers offer you to save a wildcard DNS A-record like *.yourdomain.com which allows you to use any subdomain you want). If you registered the domain through LUCY's API, then we have automatically created such a wildcard subdomain record for you and it will work immediately.
Register a New Domain through LUCY
LUCY offers a Domain Registration Wizard (either within a campaign or by accessing the Domain settings). You can see your current balance within the license (under settings/license).
What TLD's are supported for registration?
How to reserve your domain
You can look for specific domain names and buy them using the Domain Wizard. LUCY will automatically create a DNS record for your domain and register LUCY's Public IP for the domain. We also automatically reserve a wildcard domain. So if you would reserve a domain like "webmailaccess24.com" we would make sure that all subdomains (like access.webmailaccess24.com, test.webmailaccess24.com, www.webmailaccess24.com, etc.) also point to LUCY.
Make sure you leave a valid e-mail address within the domain reservation form.
Our provider will send you a confirmation mail with access to the portal where the purchased domain can be edited (for example, the DNS entries added or modified)
How long does it take before the domain can be used in a campaign? When you make a DNS change, it takes time for the changes to take effect. This is called DNS propagation. It is the time it takes for the domain DNS to refresh the cache on the network. DNS will refresh according to the "TTL" or "Time To Live". When the DNS refreshes according to its TTL. When you create new DNS records it can take up to 48 hours for those updates to propagate throughout the Internet.
Will my registration information be available to anyone on the internet? Your info from the registration form will not appear within the WHOIS database as we automatically add the WHOIS protection package to your order (free of charge).
Are domains auto-renewed? Domains are only purchased for one year. They do not auto-renew
How can the domains be renewed? You will get a notification on the LUCY dashboard before a domain expires. Additionally, our provider will send you an expiry notification. If you want to renew the domain you can drop us an email and we will renew it for you.
How can I terminate a domain? Domains are terminated automatically after a year. If you don't want the domain to work anymore, you can delete the corresponding DNS records within the domain admin panel yourself.
Will you be able to manually take control over the DNS settings/administration? The API will create all the necessary DNS settings (SPF, wildcard a-record, MX record, etc.) so there will be no need to do any DNS settings yourself. But if you still need to take control over the domain purchased through LUCY, you can edit the DNS entries by accessing the domain portal (provided during the initial domain registration) or by contacting the LUCY Support team.
I see an error message "Error creating domain" - what can I do? This error appears if our DNS provider is not accepting the registration. There are many reasons for such an error (temporary network issue on the provider's side, the domain requires an additional verification process which cannot be provided via API, the domain syntax is incorrect and cannot be reserved, you didn't provide the necessary information, etc.). Try the following steps:
- You can re-try a few minutes later.
- Please try again filling out ALL fields in the registration form
- If it still fails please try to register the domain directly at a provider (e.g. www.namecheap.com) and enter all the necessary registrant information manually.
Which license is required to reserve a domain through LUCY? The domain registration feature is only available for commercial clients (clients who bought a variable or fixed priced license).
Register a New Domain through your provider
Add your domain to Lucy
You can register the desired domain with your own provider and point the DNS records to LUCY. Simply go to Settings → Domain. Then click "+New" (1). Add your domain without the subdomain (2) and then click "Save" (3):
Create the DNS records that point to Lucy
You should create the following DNS records (the name of the fields may vary from provider to provider. Please check the online documentation of your provider to learn how to set those DNS records):
- Create a wildcard subdomain record: this record will allow you to use any type of subdomain in LUCY (e.g. www.yourdomain.com, test.yourdomain.com, access.yourdomain.com, etc.). All subdomains will point to the same IP address. To create a wildcard record click "Create/Add new record" in your domain administration panel, choose record type as "A" and as a host/name choose "*" (without the quotes) and as a value use the public IP of LUCY.
- Create an A-record with a host/name field set to "@" (without the quotes) and public IP of LUCY as a value.
- Create two SPF records. In your domain administration panel click "Create/Add new record", choose record type as "TXT" then set the host/name field to "@" and insert the TXT Value field with your SPF record (if your IP is 188.8.131.52 then your SPF could be "v=spf1 ip4:184.108.40.206 ~all"). Then create another SPF record with the host/name field to "*" and insert the TXT Value field with your SPF record.
- Create an MX record by selecting "Create/Add new record". Choose record type as "MX", put "@" in the host field, and an a-record like "mail.yourdomain.com" as a value(any a-record will work since you created a wildcard DNS record before). If necessary set a priority (e.g. "10").