Solved

Scammer is serving our website under another domain

Posted on 2013-05-27
8
230 Views
Last Modified: 2013-08-04
While searching the name of our website in google I discovered another domain that is pretending to be us. Basically they created a subdomain which when you go to it they download our website and serve it as their own (i.e.: mywebsite.hackerwebsite.com). To the user it appears to be exact same website as they browse around but if I look at the source code I see the scammer added some additional javascript code that does who knows what.

If I look at my access logs on apache I can see their IP Address is the one sending the request for each page not the visitor so it's not hard to block it for now. But how do I block this kind of scam in the future in case they change their IP or another scammer does this? Is there a way I can verify my site is only being viewed on my domain?
0
Comment
Question by:itcdr
8 Comments
 
LVL 12

Expert Comment

by:duttcom
ID: 39200222
You should be able to block access to your site from other domains by editing the htaccess file in the root of your web server.

This article may be useful - http://stackoverflow.com/questions/13872892/htaccess-deny-requests-from-unauthorized-domains
0
 
LVL 1

Author Comment

by:itcdr
ID: 39200255
The scammer domain isn't pointing to our name servers or IP Address. Instead they seem to be just downloading each page and then serving it themselves. I already have it setup in apache to redirect any domain that's not our own but in this case it doesn't do any good.

So if I visit mydomain.hackerdomain.com/random_page I see a request from the hackerdomain IP address for "random_page". And then they are editing the javascript in the page and then serving it to the visitor.
0
 
LVL 12

Expert Comment

by:duttcom
ID: 39200273
Pointing to your IP or name servers would somewhat defeat the hacker's purpose, but that isn't what the htaccess file does. The htaccess file provides directory level security to your site and would block attempts to access mydomain.hackerdomain.com/random_page from hackerdomain.com if set up correctly.

Using htaccess files is not as ideal as using the main apache config file (if you have the right permissions). How did you set up Apache to redirect any domain that isn't your own?
0
3 Use Cases for Connected Systems

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, testing some more, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us.

 
LVL 1

Author Comment

by:itcdr
ID: 39202570
I'm using apache and htttpd.conf main configuration file for my setup. I'm using virtualhost tags and the default one does a 302 redirect to my domain.

so then you're suggesting I add tags in apache to block the hackerdomain referrer. But what if the scammer just changes to hackerdomain2.com? no way to verify the site is serving on my domain?
0
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 39202643
There are a lot of other things that you can do but they involve changing the way you code you site.  Between frames and PHP and AJAX, you can make it either not show up or redirect to your correct domain.  But it can be a lot of work.
0
 
LVL 1

Accepted Solution

by:
itcdr earned 0 total points
ID: 39202838
just thought of something. couldn't I just include some javascript in all pages that checks the current url and redirects if it's not my domain. although this solution assumes the user has javascript enabled and the scammer doesn't remove this piece of code before serving the page.

Example:

<script type='text/javascript'>
  var dm=window.location.hostname;
  var path=window.location.pathname;
  if(dm!="mysite.com") window.location="http://mysite.com"+path;
</script>


Would this be the best solution or any other ideas? I feel like I should do this plus block the hackerdomain.com in apache as duttcom suggested.
0
 
LVL 4

Expert Comment

by:artsec
ID: 39206205
The scammer is using your site contents (images) for their fake website. You may use Image Leech prevention to stop this. Please check the following URLs for more information:

http://www.webmasterworld.com/forum92/2783.htm

https://my.bluehost.com/cgi/help/95
0
 
LVL 1

Author Closing Comment

by:itcdr
ID: 39380403
This is the best solution I was able to come up with. I implemented it and seems to fix the problem for now. Not perfect but gets the job done until the scammer finds another way around it. I also encoded the name of my site in a javascript variable for this code in case the scammer just replaces all instances of our domain with theirs.
0

Featured Post

Gigs: Get Your Project Delivered by an Expert

Select from freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
Read about achieving the basic levels of HRIS security in the workplace.
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
In this fourth video of the Xpdf series, we discuss and demonstrate the PDFinfo utility, which retrieves the contents of a PDF's Info Dictionary, as well as some other information, including the page count. We show how to isolate the page count in a…

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now