Scammer is serving our website under another domain

While searching the name of our website in google I discovered another domain that is pretending to be us. Basically they created a subdomain which when you go to it they download our website and serve it as their own (i.e.: mywebsite.hackerwebsite.com). To the user it appears to be exact same website as they browse around but if I look at the source code I see the scammer added some additional javascript code that does who knows what.

If I look at my access logs on apache I can see their IP Address is the one sending the request for each page not the visitor so it's not hard to block it for now. But how do I block this kind of scam in the future in case they change their IP or another scammer does this? Is there a way I can verify my site is only being viewed on my domain?
LVL 1
itcdrAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
itcdrConnect With a Mentor Author Commented:
just thought of something. couldn't I just include some javascript in all pages that checks the current url and redirects if it's not my domain. although this solution assumes the user has javascript enabled and the scammer doesn't remove this piece of code before serving the page.

Example:

<script type='text/javascript'>
  var dm=window.location.hostname;
  var path=window.location.pathname;
  if(dm!="mysite.com") window.location="http://mysite.com"+path;
</script>


Would this be the best solution or any other ideas? I feel like I should do this plus block the hackerdomain.com in apache as duttcom suggested.
0
 
duttcomCommented:
You should be able to block access to your site from other domains by editing the htaccess file in the root of your web server.

This article may be useful - http://stackoverflow.com/questions/13872892/htaccess-deny-requests-from-unauthorized-domains
0
 
itcdrAuthor Commented:
The scammer domain isn't pointing to our name servers or IP Address. Instead they seem to be just downloading each page and then serving it themselves. I already have it setup in apache to redirect any domain that's not our own but in this case it doesn't do any good.

So if I visit mydomain.hackerdomain.com/random_page I see a request from the hackerdomain IP address for "random_page". And then they are editing the javascript in the page and then serving it to the visitor.
0
Get 10% Off Your First Squarespace Website

Ready to showcase your work, publish content or promote your business online? With Squarespace’s award-winning templates and 24/7 customer service, getting started is simple. Head to Squarespace.com and use offer code ‘EXPERTS’ to get 10% off your first purchase.

 
duttcomCommented:
Pointing to your IP or name servers would somewhat defeat the hacker's purpose, but that isn't what the htaccess file does. The htaccess file provides directory level security to your site and would block attempts to access mydomain.hackerdomain.com/random_page from hackerdomain.com if set up correctly.

Using htaccess files is not as ideal as using the main apache config file (if you have the right permissions). How did you set up Apache to redirect any domain that isn't your own?
0
 
itcdrAuthor Commented:
I'm using apache and htttpd.conf main configuration file for my setup. I'm using virtualhost tags and the default one does a 302 redirect to my domain.

so then you're suggesting I add tags in apache to block the hackerdomain referrer. But what if the scammer just changes to hackerdomain2.com? no way to verify the site is serving on my domain?
0
 
Dave BaldwinFixer of ProblemsCommented:
There are a lot of other things that you can do but they involve changing the way you code you site.  Between frames and PHP and AJAX, you can make it either not show up or redirect to your correct domain.  But it can be a lot of work.
0
 
artsecCommented:
The scammer is using your site contents (images) for their fake website. You may use Image Leech prevention to stop this. Please check the following URLs for more information:

http://www.webmasterworld.com/forum92/2783.htm

https://my.bluehost.com/cgi/help/95
0
 
itcdrAuthor Commented:
This is the best solution I was able to come up with. I implemented it and seems to fix the problem for now. Not perfect but gets the job done until the scammer finds another way around it. I also encoded the name of my site in a javascript variable for this code in case the scammer just replaces all instances of our domain with theirs.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.