Get Paid to Participate - up to $1 per post!     Twitter     Facebook     Google+
Hosting Discussion
 

Hosting Discussion > Web Hosting Forums > Hardware and Server Configuration > How to prevent unauthorized domain forwarding?
forgot password?



Reply


Old
  Post #1 (permalink)   06-14-2017, 03:07 AM
HD Newbie
 
Join Date: Jun 2017
Posts: 3

Status: ravimittal99 is offline
Hi All,

I am not sure if this is the right place to ask this question, but we are facing a peculiar issue.

An unknown domain http://unauthdomain.cf is forwarding (with masking) to our domain http://ourdomain.com.
The data, files, content are being served from our server even at folder levels. Any changes made to our pages is reflecting on their pages as well.
However, the URLs are showing as http://unauthdomain.cf/folder1 instead of http://ourdomain.com/folder1.

We detected this issue when we got an alert in our Google Webmaster tools. We reported this to Cloudfront / Hosting provider and the same was removed after a few hours. However, now we have found 3 other unauthorized domains with the same forwarding/linking.

How do we stop these domains from spoofing our site? Can this be handled at domain DNS configuration level? If not, what changes should we do to server (We use Nginx) level to prevent such issues?
 
 


Old
  Post #2 (permalink)   06-14-2017, 08:40 AM
HD Newbie
 
Join Date: May 2014
Location: BA
Posts: 25
Send a message via MSN to nelsa Send a message via Yahoo to nelsa Send a message via Skype™ to nelsa

Status: nelsa is offline
Domain forwarding with masking is done by iframe,you can resolve this with X-FRAME-OPTIONS and Javascript,I suggest to use second option since not all browser respect x-frame-options.Google "how to prevent my site to be loaded inside iframe"..there are many writen JS codes you can use right now.
 
 


Old
  Post #3 (permalink)   06-14-2017, 11:08 PM
HD Newbie
 
Join Date: Jun 2017
Posts: 3

Status: ravimittal99 is offline
Quote:
Originally Posted by nelsa View Post
Domain forwarding with masking is done by iframe,you can resolve this with X-FRAME-OPTIONS and Javascript,I suggest to use second option since not all browser respect x-frame-options.Google "how to prevent my site to be loaded inside iframe"..there are many writen JS codes you can use right now.
We've checked and it's not done via iframe. This seems to be domain forwarding with masking.

The actual unauthorized domain is koyblanafuc.cf
Our domain is quackquack.in
 
 
 


Old
  Post #4 (permalink)   06-14-2017, 11:52 PM
HD Community Advisor
 
ughosting's Avatar
 
Join Date: Jan 2011
Location: London
Posts: 602

Status: ughosting is offline
They could be using Apache or nginx to proxy your site, but this would be easily overcome with a .htaccess entry

RewriteCond %{HTTP_HOST} !^www\.quackquack\.in [NC]
RewriteCond %{HTTP_HOST} !^$
RewriteRule ^/?(.*) http://www.quackquack.in/$1 [L,R,NE]

See whether this works, if it does enjoy the free traffic you get for a while.

If they are rewriting all of the links stopping the from working then.

create a file like zxcvb.html and visit "their" sites and call this URL, then visit your weblogs and find their ip and the public won't find this file.

the stick something like

Order Deny,Allow
Deny from 10.10.10.10
Deny from 10.11.11.11

In your .htaccess file to block their IPs
(I'm assuming here that you are not a host, if you are, block the IPs in the firewall instead)

That's where I would start.
__________________
DDoS Protected, LiteSpeed + LiteMage on CloudLinux with SSD Disks, R1Soft, Softaculous, SIteBuilder, BitNinja, LetsEncypt & Patchman
UnixGuru: Accounts with 1-16 CPU Cores, 2-32GB RAM. Why use a VPS?
█ Choose from Shared, Reseller and Elastic-Sites Hosting
 
 
 
The Following User Says Thank You to ughosting For This Useful Post:
Artashes (06-15-2017)


Old
  Post #5 (permalink)   06-15-2017, 12:02 AM
HD Newbie
 
Join Date: Jun 2017
Posts: 3

Status: ravimittal99 is offline
Quote:
Originally Posted by ughosting View Post
They could be using Apache or nginx to proxy your site, but this would be easily overcome with a .htaccess entry

RewriteCond %{HTTP_HOST} !^www\.quackquack\.in [NC]
RewriteCond %{HTTP_HOST} !^$
RewriteRule ^/?(.*) http://www.quackquack.in/$1 [L,R,NE]

See whether this works, if it does enjoy the free traffic you get for a while.

If they are rewriting all of the links stopping the from working then.

create a file like zxcvb.html and visit "their" sites and call this URL, then visit your weblogs and find their ip and the public won't find this file.

the stick something like

Order Deny,Allow
Deny from 10.10.10.10
Deny from 10.11.11.11

In your .htaccess file to block their IPs
(I'm assuming here that you are not a host, if you are, block the IPs in the firewall instead)

That's where I would start.
Hey! We're using Nginx and hence dont have a .htaccess file. We tried blocking an individual IP last time but thats not a permanent solution as days later, two more such domains cropped up! And this issue is that these domains could later be an issue for our SEO, so not keen on free traffic
 
 
 
Reply

Thread Tools

New Post New Post   Old Post Old Post
Posting Rules:
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On
Sponsored By: