Solved

Scammer is serving our website under another domain

Posted on 2013-05-27
8
227 Views
Last Modified: 2013-08-04
While searching the name of our website in google I discovered another domain that is pretending to be us. Basically they created a subdomain which when you go to it they download our website and serve it as their own (i.e.: mywebsite.hackerwebsite.com). To the user it appears to be exact same website as they browse around but if I look at the source code I see the scammer added some additional javascript code that does who knows what.

If I look at my access logs on apache I can see their IP Address is the one sending the request for each page not the visitor so it's not hard to block it for now. But how do I block this kind of scam in the future in case they change their IP or another scammer does this? Is there a way I can verify my site is only being viewed on my domain?
0
Comment
Question by:itcdr
8 Comments
 
LVL 12

Expert Comment

by:duttcom
ID: 39200222
You should be able to block access to your site from other domains by editing the htaccess file in the root of your web server.

This article may be useful - http://stackoverflow.com/questions/13872892/htaccess-deny-requests-from-unauthorized-domains
0
 
LVL 1

Author Comment

by:itcdr
ID: 39200255
The scammer domain isn't pointing to our name servers or IP Address. Instead they seem to be just downloading each page and then serving it themselves. I already have it setup in apache to redirect any domain that's not our own but in this case it doesn't do any good.

So if I visit mydomain.hackerdomain.com/random_page I see a request from the hackerdomain IP address for "random_page". And then they are editing the javascript in the page and then serving it to the visitor.
0
 
LVL 12

Expert Comment

by:duttcom
ID: 39200273
Pointing to your IP or name servers would somewhat defeat the hacker's purpose, but that isn't what the htaccess file does. The htaccess file provides directory level security to your site and would block attempts to access mydomain.hackerdomain.com/random_page from hackerdomain.com if set up correctly.

Using htaccess files is not as ideal as using the main apache config file (if you have the right permissions). How did you set up Apache to redirect any domain that isn't your own?
0
 
LVL 1

Author Comment

by:itcdr
ID: 39202570
I'm using apache and htttpd.conf main configuration file for my setup. I'm using virtualhost tags and the default one does a 302 redirect to my domain.

so then you're suggesting I add tags in apache to block the hackerdomain referrer. But what if the scammer just changes to hackerdomain2.com? no way to verify the site is serving on my domain?
0
3 Use Cases for Connected Systems

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, testing some more, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us.

 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 39202643
There are a lot of other things that you can do but they involve changing the way you code you site.  Between frames and PHP and AJAX, you can make it either not show up or redirect to your correct domain.  But it can be a lot of work.
0
 
LVL 1

Accepted Solution

by:
itcdr earned 0 total points
ID: 39202838
just thought of something. couldn't I just include some javascript in all pages that checks the current url and redirects if it's not my domain. although this solution assumes the user has javascript enabled and the scammer doesn't remove this piece of code before serving the page.

Example:

<script type='text/javascript'>
  var dm=window.location.hostname;
  var path=window.location.pathname;
  if(dm!="mysite.com") window.location="http://mysite.com"+path;
</script>


Would this be the best solution or any other ideas? I feel like I should do this plus block the hackerdomain.com in apache as duttcom suggested.
0
 
LVL 4

Expert Comment

by:artsec
ID: 39206205
The scammer is using your site contents (images) for their fake website. You may use Image Leech prevention to stop this. Please check the following URLs for more information:

http://www.webmasterworld.com/forum92/2783.htm

https://my.bluehost.com/cgi/help/95
0
 
LVL 1

Author Closing Comment

by:itcdr
ID: 39380403
This is the best solution I was able to come up with. I implemented it and seems to fix the problem for now. Not perfect but gets the job done until the scammer finds another way around it. I also encoded the name of my site in a javascript variable for this code in case the scammer just replaces all instances of our domain with theirs.
0

Featured Post

3 Use Cases for Connected Systems

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, testing some more, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Read about achieving the basic levels of HRIS security in the workplace.
Meet the world's only “Transparent Cloud™” from Superb Internet Corporation. Now, you can experience firsthand a cloud platform that consistently outperforms Amazon Web Services (AWS), IBM’s Softlayer, and Microsoft’s Azure when it comes to CPU and …
The viewer will learn how to count occurrences of each item in an array.
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.

862 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now