PyPI Takes Step Towards Securing Python Packages: Blocking Expired Domains
The Python Package Index (PyPI), a crucial repository for Python packages, has implemented measures to prevent "domain resurrection attacks" that have been gaining traction in recent times. These attacks, also known as supply chain attacks, involve threat actors registering or re-registering domains that were once owned by legitimate package maintainers, but have since expired.
Package metadata often lists contact information, including a maintainer's email address, which is usually tied to a custom domain. When the maintainer quits the project (or forgets to renew), the domain becomes available for purchase. Threat actors then snipe the domain, taking control over the email service. This allows them to receive password reset emails for the maintainer's PyPI account and use it to push tainted updates.
The problem has been observed in the wild since 2022, when an unidentified threat actor purchased a domain used for the ctx PyPI package and delivered malware through it. To tackle this issue, PyPI's package manager has started checking for expired domains.
A New Era of Security
"These changes improve PyPI's overall account security posture, making it harder for attackers to exploit expired domain names to gain unauthorized access to accounts," said Mike Fiedler, PyPI's admin in an announcement. This is a significant step towards securing the Python community.
A Proactive Approach
Since June 2025, PyPI has already unverified almost 2,000 email addresses that were associated with expired domains. While this will not end all of PyPI's hacking troubles, it marks an improvement in their security posture.
Prevention is Key
"Checking for expired domains is not a silver bullet," advises PyPI. "It's essential to enable two-factor authentication (2FA) and add a second, verified email address, from a reputable provider such as Gmail or Outlook, especially in cases where the account only has one verified email address from a custom domain name."
By taking proactive measures, users can significantly reduce the risk of falling victim to these types of attacks. It's essential for the Python community to stay vigilant and follow best practices to protect themselves against these threats.
The Future of Security
While PyPI is taking steps in the right direction, it's crucial that users continue to prioritize their security. By staying informed about potential threats and taking proactive measures, we can all contribute to a safer Python community.
Stay Safe Online
"The future of cybersecurity depends on our collective efforts," said [Your Name], a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. "By staying vigilant and informed, we can create a safer online environment for everyone."