Solved

Scammer is serving our website under another domain

Posted on 2013-05-27
8
224 Views
Last Modified: 2013-08-04
While searching the name of our website in google I discovered another domain that is pretending to be us. Basically they created a subdomain which when you go to it they download our website and serve it as their own (i.e.: mywebsite.hackerwebsite.com). To the user it appears to be exact same website as they browse around but if I look at the source code I see the scammer added some additional javascript code that does who knows what.

If I look at my access logs on apache I can see their IP Address is the one sending the request for each page not the visitor so it's not hard to block it for now. But how do I block this kind of scam in the future in case they change their IP or another scammer does this? Is there a way I can verify my site is only being viewed on my domain?
0
Comment
Question by:itcdr
8 Comments
 
LVL 12

Expert Comment

by:duttcom
ID: 39200222
You should be able to block access to your site from other domains by editing the htaccess file in the root of your web server.

This article may be useful - http://stackoverflow.com/questions/13872892/htaccess-deny-requests-from-unauthorized-domains
0
 
LVL 1

Author Comment

by:itcdr
ID: 39200255
The scammer domain isn't pointing to our name servers or IP Address. Instead they seem to be just downloading each page and then serving it themselves. I already have it setup in apache to redirect any domain that's not our own but in this case it doesn't do any good.

So if I visit mydomain.hackerdomain.com/random_page I see a request from the hackerdomain IP address for "random_page". And then they are editing the javascript in the page and then serving it to the visitor.
0
 
LVL 12

Expert Comment

by:duttcom
ID: 39200273
Pointing to your IP or name servers would somewhat defeat the hacker's purpose, but that isn't what the htaccess file does. The htaccess file provides directory level security to your site and would block attempts to access mydomain.hackerdomain.com/random_page from hackerdomain.com if set up correctly.

Using htaccess files is not as ideal as using the main apache config file (if you have the right permissions). How did you set up Apache to redirect any domain that isn't your own?
0
 
LVL 1

Author Comment

by:itcdr
ID: 39202570
I'm using apache and htttpd.conf main configuration file for my setup. I'm using virtualhost tags and the default one does a 302 redirect to my domain.

so then you're suggesting I add tags in apache to block the hackerdomain referrer. But what if the scammer just changes to hackerdomain2.com? no way to verify the site is serving on my domain?
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 82

Expert Comment

by:Dave Baldwin
ID: 39202643
There are a lot of other things that you can do but they involve changing the way you code you site.  Between frames and PHP and AJAX, you can make it either not show up or redirect to your correct domain.  But it can be a lot of work.
0
 
LVL 1

Accepted Solution

by:
itcdr earned 0 total points
ID: 39202838
just thought of something. couldn't I just include some javascript in all pages that checks the current url and redirects if it's not my domain. although this solution assumes the user has javascript enabled and the scammer doesn't remove this piece of code before serving the page.

Example:

<script type='text/javascript'>
  var dm=window.location.hostname;
  var path=window.location.pathname;
  if(dm!="mysite.com") window.location="http://mysite.com"+path;
</script>


Would this be the best solution or any other ideas? I feel like I should do this plus block the hackerdomain.com in apache as duttcom suggested.
0
 
LVL 4

Expert Comment

by:artsec
ID: 39206205
The scammer is using your site contents (images) for their fake website. You may use Image Leech prevention to stop this. Please check the following URLs for more information:

http://www.webmasterworld.com/forum92/2783.htm

https://my.bluehost.com/cgi/help/95
0
 
LVL 1

Author Closing Comment

by:itcdr
ID: 39380403
This is the best solution I was able to come up with. I implemented it and seems to fix the problem for now. Not perfect but gets the job done until the scammer finds another way around it. I also encoded the name of my site in a javascript variable for this code in case the scammer just replaces all instances of our domain with theirs.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Join & Write a Comment

This article will show, step by step, how to integrate R code into a R Sweave document
A brand new malware strain was recently discovered by security researchers at Palo Alto Networks dubbed “AceDeceiver.” This new strain of iOS malware can successfully infect non-jailbroken devices and jailbroken devices alike.
Learn the basics of strings in Python: declaration, operations, indices, and slicing. Strings are declared with quotations; for example: s = "string": Strings are immutable.: Strings may be concatenated or multiplied using the addition and multiplic…
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now