Hosting Discussion

Hosting Discussion (https://www.hostingdiscussion.com/)
-   Hardware and Server Configuration (https://www.hostingdiscussion.com/hardware-server-configuration/)
-   -   How to prevent unauthorized domain forwarding? (https://www.hostingdiscussion.com/hardware-server-configuration/63993-how-prevent-unauthorized-domain-forwarding.html)


ravimittal99 06-14-2017 03:07 AM

How to prevent unauthorized domain forwarding?
 
Hi All,

I am not sure if this is the right place to ask this question, but we are facing a peculiar issue.

An unknown domain http://unauthdomain.cf is forwarding (with masking) to our domain http://ourdomain.com.
The data, files, content are being served from our server even at folder levels. Any changes made to our pages is reflecting on their pages as well.
However, the URLs are showing as http://unauthdomain.cf/folder1 instead of http://ourdomain.com/folder1.

We detected this issue when we got an alert in our Google Webmaster tools. We reported this to Cloudfront / Hosting provider and the same was removed after a few hours. However, now we have found 3 other unauthorized domains with the same forwarding/linking.

How do we stop these domains from spoofing our site? Can this be handled at domain DNS configuration level? If not, what changes should we do to server (We use Nginx) level to prevent such issues?

nelsa 06-14-2017 08:40 AM

Domain forwarding with masking is done by iframe,you can resolve this with X-FRAME-OPTIONS and Javascript,I suggest to use second option since not all browser respect x-frame-options.Google "how to prevent my site to be loaded inside iframe"..there are many writen JS codes you can use right now.

ravimittal99 06-14-2017 11:08 PM

Quote:

Originally Posted by nelsa (Post 222947)
Domain forwarding with masking is done by iframe,you can resolve this with X-FRAME-OPTIONS and Javascript,I suggest to use second option since not all browser respect x-frame-options.Google "how to prevent my site to be loaded inside iframe"..there are many writen JS codes you can use right now.

We've checked and it's not done via iframe. This seems to be domain forwarding with masking.

The actual unauthorized domain is koyblanafuc.cf
Our domain is quackquack.in

ughosting 06-14-2017 11:52 PM

They could be using Apache or nginx to proxy your site, but this would be easily overcome with a .htaccess entry

RewriteCond %{HTTP_HOST} !^www\.quackquack\.in [NC]
RewriteCond %{HTTP_HOST} !^$
RewriteRule ^/?(.*) http://www.quackquack.in/$1 [L,R,NE]

See whether this works, if it does enjoy the free traffic you get for a while.

If they are rewriting all of the links stopping the from working then.

create a file like zxcvb.html and visit "their" sites and call this URL, then visit your weblogs and find their ip and the public won't find this file.

the stick something like

Order Deny,Allow
Deny from 10.10.10.10
Deny from 10.11.11.11

In your .htaccess file to block their IPs
(I'm assuming here that you are not a host, if you are, block the IPs in the firewall instead)

That's where I would start.

ravimittal99 06-15-2017 12:02 AM

Quote:

Originally Posted by ughosting (Post 222956)
They could be using Apache or nginx to proxy your site, but this would be easily overcome with a .htaccess entry

RewriteCond %{HTTP_HOST} !^www\.quackquack\.in [NC]
RewriteCond %{HTTP_HOST} !^$
RewriteRule ^/?(.*) http://www.quackquack.in/$1 [L,R,NE]

See whether this works, if it does enjoy the free traffic you get for a while.

If they are rewriting all of the links stopping the from working then.

create a file like zxcvb.html and visit "their" sites and call this URL, then visit your weblogs and find their ip and the public won't find this file.

the stick something like

Order Deny,Allow
Deny from 10.10.10.10
Deny from 10.11.11.11

In your .htaccess file to block their IPs
(I'm assuming here that you are not a host, if you are, block the IPs in the firewall instead)

That's where I would start.

Hey! We're using Nginx and hence dont have a .htaccess file. We tried blocking an individual IP last time but thats not a permanent solution as days later, two more such domains cropped up! And this issue is that these domains could later be an issue for our SEO, so not keen on free traffic :(

ughosting 02-07-2018 10:06 AM

It looks to me that you must be using a single site environment.

If you configure your nginx with virtual hosts put your domain in the correct virtual so that:-

1. your site is shown when you use your domain to resolve to your IP

2. Any other domain resolving to the same IP get another site with a standard index.html page
In that page place, inside the <head> and </head>

Put
<meta http-equiv="refresh" content="0;URL='http://www.quackquack.in'" />

This does not require .htaccess rules.

webconfigure 02-07-2018 12:43 PM

You should contact Google webmaster first for this. You can set the rules in your index file or .htaccess file to stop this.


All times are GMT -6. The time now is 08:39 AM.

Powered by vBulletin® Version 3.6.8
Copyright ©2000 - 2018, Jelsoft Enterprises Ltd.
Search Engine Friendly URLs by vBSEO 3.1.0