Neo Posted November 5, 2015 Share Posted November 5, 2015 A couple of months ago I created a portfolio website with ProcessWire for a client of mine. For both server and CMS I used strong passwords and the usual security measures. My client contacted me now that an exact, dynamic copy of the website was created on another domain. I already filed a complaint with the respective Domain registrar (GoDaddy) and also notified Google via the DMCA procedure. The violating domain uses the same IP like the VPS of my client. The question is now how this could have happened. I know that there are tools like HTTrack on Kali Linux, which would to my knowledge require access to the MySQL database to create an exact copy. As you don't easily hack a secured Linux server, this makes me think that the intrusion must come from inside the hosting company; i.e. a system administrator accessed the VPS. Would appreciate your advice. Link to comment Share on other sites More sharing options...
adrian Posted November 5, 2015 Share Posted November 5, 2015 HTTrack (at least how I have used it) just downloads the served HTML pages - it doesn't need any access to your server for this - it just grabs the pages that any browser can view. How do you know that the copy isn't just serving static HTML pages? If that is the case, then there really isn't anything that can be done. Even if they have duplicated some dynamic functionality from your site, that doesn't necessarily mean anything was hacked. The violating domain uses the same IP like the VPS of my client. This does seem a bit weird though. I assume you mean the same IP CIDR block, rather than the exact same IP address? Link to comment Share on other sites More sharing options...
kongondo Posted November 5, 2015 Share Posted November 5, 2015 The violating domain uses the same IP like the VPS of my client. Is this even possible? Two machines to have the same IP address? Link to comment Share on other sites More sharing options...
Craig Posted November 5, 2015 Share Posted November 5, 2015 Have you checked the copied site using http://isit.pw/? If you update content on your client's site, is it coming up on the copied site; or is the content "as it was" at the time it was copied? Are you able to access the control panel with your known credentials? Is there a chance that the new domain is "pointing" to your client's site? Is this even possible? Two machines to have the same IP address? It depends. If the servers are behind a load balancer or caching server, then many websites would appear to use the same IP. It would all depend on the hosting provider's configuration and DNS configuration of the domains in question. 3 Link to comment Share on other sites More sharing options...
adrian Posted November 5, 2015 Share Posted November 5, 2015 Is there a chance that the new domain is "pointing" to your client's site? Seems like a very possible scenario! Link to comment Share on other sites More sharing options...
Neo Posted November 6, 2015 Author Share Posted November 6, 2015 I just changed some content on the original site and the changes also appear on the other domain, i.e. the domain just seems to point to the site. Could I redirect incoming traffic from this specific domain (both www and non-www) with .htaccess? Or what would you do? I am just asking myself why you would redirect to another domain like that? Earn domain authority with someone's content? The original content is the personal portfolio of a graphic designer, so there is really not much commercial value... Link to comment Share on other sites More sharing options...
Peter Knight Posted November 6, 2015 Share Posted November 6, 2015 Is the other domain for a business in the same industry? Just trying to establish if this is a genuine mistake. You could also consider that someone did a deliberate point to harm your rankings? Duplicate content etc? Link to comment Share on other sites More sharing options...
OrganizedFellow Posted November 6, 2015 Share Posted November 6, 2015 When you view the offenders website source code, what does it show? An iframe? Your content? Maybe some crafty hotlink protection in your htaccess file is needed. Link to comment Share on other sites More sharing options...
pwired Posted November 6, 2015 Share Posted November 6, 2015 This happened to me once when I forgot to delete a development site on a free hosting. Once the production site was online the two where still connected through the .htaccess file. It looked exactly as you describe your situation now. Link to comment Share on other sites More sharing options...
LostKobrakai Posted November 6, 2015 Share Posted November 6, 2015 I just changed some content on the original site and the changes also appear on the other domain, i.e. the domain just seems to point to the site. Use both of these in the command line. If both return the same IP you can be really sure. nslookup mydomain.com nslookup copydomain.com 1 Link to comment Share on other sites More sharing options...
kongondo Posted November 6, 2015 Share Posted November 6, 2015 @Neo, Mod note: I changed the title of your topic. Reading it quickly one would think there was an 'illegal copy of ProcessWire'. 1 Link to comment Share on other sites More sharing options...
Neo Posted November 6, 2015 Author Share Posted November 6, 2015 @LostKobrakai nslookup returns the exact IP for both domains, i.e. this domain seems to just point to the website. @OrganizedFellow No iframe involved. It is the exact same content. @Peter Knight The original website is from a graphic designer. The hijacking domain seems to be unrelated. Some sort of theater or show from Canada. Neither the domain owner nor GoDaddy's abuse service are reacting. Is there anything I can do about this? Link to comment Share on other sites More sharing options...
diogo Posted November 6, 2015 Share Posted November 6, 2015 Here's the same exact problem and solution for it http://stackoverflow.com/questions/13872892/htaccess-deny-requests-from-unauthorized-domains 5 Link to comment Share on other sites More sharing options...
kongondo Posted November 6, 2015 Share Posted November 6, 2015 How did they get Neo's client's VPS IP address in order to point to it? That is not info you get on whois, or am I missing something? Link to comment Share on other sites More sharing options...
DaveP Posted November 6, 2015 Share Posted November 6, 2015 @kongondo Lots of tools on the web - http://get-site-ip.com/ for example. 1 Link to comment Share on other sites More sharing options...
LostKobrakai Posted November 6, 2015 Share Posted November 6, 2015 How did they get Neo's client's VPS IP address in order to point to it? That is not info you get on whois, or am I missing something? Exactly the way I posted above. How else would your browser get your requests to the right server if there wasn't a way to get the ip address behind a domain. 1 Link to comment Share on other sites More sharing options...
ryan Posted November 6, 2015 Share Posted November 6, 2015 If you upload a random txt or html file to your web server, can you access it at the other domain? My guess is yes. If so, it sounds like an honest mistake. Perhaps you are on a dedicated IP and the owner of the other domain made a typo when setting up their DNS record. Or perhaps the web host made an error when setting up their VirtualHost directives in Apache. You should be able to correct the problem by adding this to your .htaccess file somewhere after the "RewriteEngine On" line: RewriteCond %{HTTP_HOST} !^www\.yourdomain\.com [NC] RewriteRule ^ http://www.yourdomain.com/ [L,R=301] 8 Link to comment Share on other sites More sharing options...
kongondo Posted November 6, 2015 Share Posted November 6, 2015 @kongondo Lots of tools on the web - http://get-site-ip.com/ for example. Exactly the way I posted above. How else would your browser get your requests to the right server if there wasn't a way to get the ip address behind a domain. Well, I am totally ignorant about servers . Learn something new everyday.. Link to comment Share on other sites More sharing options...
Neo Posted November 6, 2015 Author Share Posted November 6, 2015 Thanks Ryan. I used your snippet to redirect all incoming traffic from potentially misleading domains, which works. Might be possible that this is an error, however, I contacted the domain-owner who is not responding, which is strange. I was thinking that the whole domain might have been kidnapped and the owner does not know about it. In any case, it is the responsibility of the domain registrar to investigate this further. Thanks to everyone for the comments. Again, ProcessWire stands out when it comes to community support. 2 Link to comment Share on other sites More sharing options...
Pete Posted November 6, 2015 Share Posted November 6, 2015 Just thought I'd add that if you thought it was malicious then diogo's way above might be better: https://processwire.com/talk/topic/11380-exact-illegal-copy-of-my-site-on-another-domain/?p=106247 as it will show a forbidden warning, rather than cause potentially dodgy urls to redirect to your site as per Ryan's solution. Either is valid - just different results for anyone loading the URL in question. If it was a dodgy XXX url for example (I know it isn't in this case) then showing a forbidden warning might be preferable to something that sounds a bit x-rated silently redirecting to your domain name 1 Link to comment Share on other sites More sharing options...
Neo Posted November 10, 2015 Author Share Posted November 10, 2015 @Pete I appreciate your comment and will also consider diogo's solution, which makes sense if the pointing domain contains XXX content. The domain owner has still not reacted, which makes me think this has been done on purpose. GoDaddy also refuses any responsibility. Overall, not an ideal situation. Link to comment Share on other sites More sharing options...
kixe Posted November 11, 2015 Share Posted November 11, 2015 To force a reaction of the responsibles RewriteCond %{HTTP_HOST} !^(.*)\.yourdomain\.com$ [NC] RewriteRule (.*) <h1>Error 502 Bad Gateway</h1><p>Please contact <a href="mailto:owner@example.org">domain owner</a> and/or <a href="mailto:provider@example.org">Service Provider</a></p> [R=301,L] Link to comment Share on other sites More sharing options...
MuchDev Posted November 11, 2015 Share Posted November 11, 2015 I have an interesting related problem. There is a website that is using a meta refresh to redirect to our domain, is there any way to filter that out using htaccess? Link to comment Share on other sites More sharing options...
Pete Posted November 11, 2015 Share Posted November 11, 2015 I have an interesting related problem. There is a website that is using a meta refresh to redirect to our domain, is there any way to filter that out using htaccess? Here you go: http://stackoverflow.com/questions/13106299/redirect-using-htaccess-based-on-referrer Actually, that link I posted is part of the puzzle, what you might actually want (untested) is this since you know the referring domain: RewriteEngine On RewriteCond %{HTTP_REFERER} ^http://the-naughty-domain.com [NC] RewriteRule ^ http://the-website-of-your-choosing.com/ [L,R] Basically targetting only the naughty domain and sending them somewhere else. This can also be changed to do any of the other actions discussed in this topic. 2 Link to comment Share on other sites More sharing options...
elabx Posted September 13, 2016 Share Posted September 13, 2016 I am having this exact same problem right now. Shouldn't this type of issues be solved by default on PW's .htaccess? Also, I have a doubt, I thought this kind of protection involved the configuration variable $config->httpHosts, or maybe I am missing what this variable is for exactly? Best regards. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now