Solved

Scammer is serving our website under another domain

Posted on 2013-05-27
8
239 Views
Last Modified: 2013-08-04
While searching the name of our website in google I discovered another domain that is pretending to be us. Basically they created a subdomain which when you go to it they download our website and serve it as their own (i.e.: mywebsite.hackerwebsite.com). To the user it appears to be exact same website as they browse around but if I look at the source code I see the scammer added some additional javascript code that does who knows what.

If I look at my access logs on apache I can see their IP Address is the one sending the request for each page not the visitor so it's not hard to block it for now. But how do I block this kind of scam in the future in case they change their IP or another scammer does this? Is there a way I can verify my site is only being viewed on my domain?
0
Comment
Question by:itcdr
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 12

Expert Comment

by:duttcom
ID: 39200222
You should be able to block access to your site from other domains by editing the htaccess file in the root of your web server.

This article may be useful - http://stackoverflow.com/questions/13872892/htaccess-deny-requests-from-unauthorized-domains
0
 
LVL 1

Author Comment

by:itcdr
ID: 39200255
The scammer domain isn't pointing to our name servers or IP Address. Instead they seem to be just downloading each page and then serving it themselves. I already have it setup in apache to redirect any domain that's not our own but in this case it doesn't do any good.

So if I visit mydomain.hackerdomain.com/random_page I see a request from the hackerdomain IP address for "random_page". And then they are editing the javascript in the page and then serving it to the visitor.
0
 
LVL 12

Expert Comment

by:duttcom
ID: 39200273
Pointing to your IP or name servers would somewhat defeat the hacker's purpose, but that isn't what the htaccess file does. The htaccess file provides directory level security to your site and would block attempts to access mydomain.hackerdomain.com/random_page from hackerdomain.com if set up correctly.

Using htaccess files is not as ideal as using the main apache config file (if you have the right permissions). How did you set up Apache to redirect any domain that isn't your own?
0
Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

 
LVL 1

Author Comment

by:itcdr
ID: 39202570
I'm using apache and htttpd.conf main configuration file for my setup. I'm using virtualhost tags and the default one does a 302 redirect to my domain.

so then you're suggesting I add tags in apache to block the hackerdomain referrer. But what if the scammer just changes to hackerdomain2.com? no way to verify the site is serving on my domain?
0
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 39202643
There are a lot of other things that you can do but they involve changing the way you code you site.  Between frames and PHP and AJAX, you can make it either not show up or redirect to your correct domain.  But it can be a lot of work.
0
 
LVL 1

Accepted Solution

by:
itcdr earned 0 total points
ID: 39202838
just thought of something. couldn't I just include some javascript in all pages that checks the current url and redirects if it's not my domain. although this solution assumes the user has javascript enabled and the scammer doesn't remove this piece of code before serving the page.

Example:

<script type='text/javascript'>
  var dm=window.location.hostname;
  var path=window.location.pathname;
  if(dm!="mysite.com") window.location="http://mysite.com"+path;
</script>


Would this be the best solution or any other ideas? I feel like I should do this plus block the hackerdomain.com in apache as duttcom suggested.
0
 
LVL 4

Expert Comment

by:artsec
ID: 39206205
The scammer is using your site contents (images) for their fake website. You may use Image Leech prevention to stop this. Please check the following URLs for more information:

http://www.webmasterworld.com/forum92/2783.htm

https://my.bluehost.com/cgi/help/95
0
 
LVL 1

Author Closing Comment

by:itcdr
ID: 39380403
This is the best solution I was able to come up with. I implemented it and seems to fix the problem for now. Not perfect but gets the job done until the scammer finds another way around it. I also encoded the name of my site in a javascript variable for this code in case the scammer just replaces all instances of our domain with theirs.
0

Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
Learn the basics of strings in Python: declaration, operations, indices, and slicing. Strings are declared with quotations; for example: s = "string": Strings are immutable.: Strings may be concatenated or multiplied using the addition and multiplic…
The viewer will learn the basics of jQuery, including how to invoke it on a web page. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery.: (CODE)

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question