Jump to content
Neo

Exact illegal copy of my Site on another Domain

Recommended Posts

A couple of months ago I created a portfolio website with ProcessWire for a client of mine.

For both server and CMS I used strong passwords and the usual security measures.

My client contacted me now that an exact, dynamic copy of the website was created on 

another domain. I already filed a complaint with the respective Domain registrar (GoDaddy) 

and also notified Google via the DMCA procedure. The violating domain uses the same IP

like the VPS of my client. 

The question is now how this could have happened. I know that there are tools like HTTrack on

Kali Linux, which would to my knowledge require access to the MySQL database to create an

exact copy. As you don't easily hack a secured Linux server, this makes me think that the intrusion

must come from inside the hosting company; i.e. a system administrator accessed the VPS.

Would appreciate your advice.

Share this post


Link to post
Share on other sites

HTTrack (at least how I have used it) just downloads the served HTML pages - it doesn't need any access to your server for this - it just grabs the pages that any browser can view. How do you know that the copy isn't just serving static HTML pages? If that is the case, then there really isn't anything that can be done. Even if they have duplicated some dynamic functionality from your site, that doesn't necessarily mean anything was hacked.

The violating domain uses the same IP like the VPS of my client. 

This does seem a bit weird though. I assume you mean the same IP CIDR block, rather than the exact same IP address?

Share this post


Link to post
Share on other sites

The violating domain uses the same IP like the VPS of my client. 

Is this even possible? Two machines to have the same IP address?

Share this post


Link to post
Share on other sites

Have you checked the copied site using http://isit.pw/?
 

If you update content on your client's site, is it coming up on the copied site; or is the content "as it was" at the time it was copied?

Are you able to access the control panel with your known credentials?

Is there a chance that the new domain is "pointing" to your client's site?


Is this even possible? Two machines to have the same IP address?

It depends. If the servers are behind a load balancer or caching server, then many websites would appear to use the same IP. It would all depend on the hosting provider's configuration and DNS configuration of the domains in question.

  • Like 3

Share this post


Link to post
Share on other sites

Is there a chance that the new domain is "pointing" to your client's site?

Seems like a very possible scenario!

Share this post


Link to post
Share on other sites

I just changed some content on the original site and the changes also appear on the other domain, i.e.

the domain just seems to point to the site.

Could I redirect incoming traffic from this specific domain (both www and non-www) with .htaccess?

Or what would you do? 

I am just asking myself why you would redirect to another domain like that? 

Earn domain authority with someone's content?

The original content is the personal portfolio of a graphic designer, so there 

is really not much commercial value...

Share this post


Link to post
Share on other sites

Is the other domain for a business in the same industry? Just trying to establish if this is a genuine mistake.

You could also consider that someone did a deliberate point to harm your rankings? Duplicate content etc?

Share this post


Link to post
Share on other sites

When you view the offenders website source code, what does it show?

An iframe?

Your content?

Maybe some crafty hotlink protection in your htaccess file is needed.

Share this post


Link to post
Share on other sites

This happened to me once when I forgot to delete a development site on a free hosting. Once the production site was online the two where still connected through the .htaccess file. It looked exactly as you describe your situation now.

Share this post


Link to post
Share on other sites

I just changed some content on the original site and the changes also appear on the other domain, i.e.

the domain just seems to point to the site.

Use both of these in the command line. If both return the same IP you can be really sure. 

nslookup mydomain.com
nslookup copydomain.com
  • Like 1

Share this post


Link to post
Share on other sites

@Neo,

Mod note: I changed the title of your topic. Reading it quickly one would think there was an 'illegal copy of ProcessWire'. :-)

  • Like 1

Share this post


Link to post
Share on other sites

@LostKobrakai nslookup returns the exact IP for both domains, i.e. this domain seems to just point to the website.  

@OrganizedFellow No iframe involved. It is the exact same content.

@Peter Knight The original website is from a graphic designer. The hijacking domain seems to be unrelated. Some sort of theater or show from Canada.

Neither the domain owner nor GoDaddy's abuse service are reacting. 

Is there anything I can do about this?

Share this post


Link to post
Share on other sites

How did they get Neo's client's VPS IP address in order to point to it? That is not info you get on whois, or am I missing something?

Share this post


Link to post
Share on other sites

How did they get Neo's client's VPS IP address in order to point to it? That is not info you get on whois, or am I missing something?

Exactly the way I posted above. How else would your browser get your requests to the right server if there wasn't a way to get the ip address behind a domain.

  • Like 1

Share this post


Link to post
Share on other sites

If you upload a random txt or html file to your web server, can you access it at the other domain? My guess is yes. If so, it sounds like an honest mistake. Perhaps you are on a dedicated IP and the owner of the other domain made a typo when setting up their DNS record. Or perhaps the web host made an error when setting up their VirtualHost directives in Apache. You should be able to correct the problem by adding this to your .htaccess file somewhere after the "RewriteEngine On" line:

RewriteCond %{HTTP_HOST} !^www\.yourdomain\.com [NC]
RewriteRule ^ http://www.yourdomain.com/ [L,R=301]
  • Like 8

Share this post


Link to post
Share on other sites

@kongondo Lots of tools on the web - http://get-site-ip.com/ for example.

Exactly the way I posted above. How else would your browser get your requests to the right server if there wasn't a way to get the ip address behind a domain.

Well, I am totally ignorant about servers :-). Learn something new everyday..

Share this post


Link to post
Share on other sites

Thanks Ryan. I used your snippet to redirect all incoming traffic from potentially misleading domains, which works.

Might be possible that this is an error, however, I contacted the domain-owner who is not responding, which is strange.

I was thinking that the whole domain might have been kidnapped and the owner does not know about it. 

In any case, it is the responsibility of the domain registrar to investigate this further.

Thanks to everyone for the comments.

Again, ProcessWire stands out when it comes to community support.

  • Like 2

Share this post


Link to post
Share on other sites

Just thought I'd add that if you thought it was malicious then diogo's way above might be better: https://processwire.com/talk/topic/11380-exact-illegal-copy-of-my-site-on-another-domain/?p=106247 as it will show a forbidden warning, rather than cause potentially dodgy urls to redirect to your site as per Ryan's solution.

Either is valid - just different results for anyone loading the URL in question. If it was a dodgy XXX url for example (I know it isn't in this case) then showing a forbidden warning might be preferable to something that sounds a bit x-rated silently redirecting to your domain name :)

  • Like 1

Share this post


Link to post
Share on other sites

@Pete I appreciate your comment and will also consider diogo's solution, which makes sense if the pointing domain contains XXX content. 

The domain owner has still not reacted, which makes me think this has been done on purpose. GoDaddy also refuses any responsibility.

Overall, not an ideal situation.

Share this post


Link to post
Share on other sites

To force a reaction of the responsibles

RewriteCond %{HTTP_HOST} !^(.*)\.yourdomain\.com$ [NC]
RewriteRule (.*) <h1>Error 502 Bad Gateway</h1><p>Please contact <a href="mailto:owner@example.org">domain owner</a> and/or <a href="mailto:provider@example.org">Service Provider</a></p> [R=301,L]

Share this post


Link to post
Share on other sites

I have an interesting related problem. There is a website that is using a meta refresh to redirect to our domain, is there any way to filter that out using htaccess?

Share this post


Link to post
Share on other sites

I have an interesting related problem. There is a website that is using a meta refresh to redirect to our domain, is there any way to filter that out using htaccess?

Here you go: http://stackoverflow.com/questions/13106299/redirect-using-htaccess-based-on-referrer

Actually, that link I posted is part of the puzzle, what you might actually want (untested) is this since you know the referring domain:

RewriteEngine On
RewriteCond %{HTTP_REFERER} ^http://the-naughty-domain.com [NC]
RewriteRule ^ http://the-website-of-your-choosing.com/ [L,R]

Basically targetting only the naughty domain and sending them somewhere else. This can also be changed to do any of the other actions discussed in this topic.

  • Like 2

Share this post


Link to post
Share on other sites

I am having this exact same problem right now. Shouldn't this type of issues be solved by default on PW's .htaccess?

Also, I have a doubt, I thought this kind of protection involved the configuration variable $config->httpHosts, or maybe I am missing what this variable is for exactly?

Best regards.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...