homepage Welcome to WebmasterWorld Guest from 23.23.57.182
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Pubcon Platinum Sponsor 2014
Home / Forums Index / WebmasterWorld / Webmaster General
Forum Library, Charter, Moderators: phranque

Webmaster General Forum

    
CNAME redirect to Joomla site
Someone has hijacked our site with a simple redirect
migumbo

5+ Year Member



 
Msg#: 4546376 posted 5:26 am on Feb 18, 2013 (gmt 0)

* Last week we noticed duplicate content warnings and links from a domain wwww.some-tld.com in our Webmaster tools account (yes 4 wwww's)

* It appeared to be an exact replica of our Joomla site - a completely different TLD.

* Somehow the entire Joomla based site is running under their domain.

* If we put Joomla into maintenance mode, it also put's their domain redirected site into maintenance mode. We can also login into our Admin from their domain redirect.

* The offending domain is whois protected at Moniker. Could I ask them to shut the redirect down? Am I within my rights to do this?

* I've reported this site as a "scraper" to Google using their form. I've also contacted our host to see if there's anything they can do.

Any other advice? How can they possibly get this site to run perfectly under their domain?

 

Hoople

10+ Year Member



 
Msg#: 4546376 posted 5:45 am on Feb 18, 2013 (gmt 0)

By chance are the two domains on the same IP address?

There have been a few threads her on WW as to how to track down the mirroring if they aren't on the same IP.

phranque

WebmasterWorld Administrator phranque us a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



 
Msg#: 4546376 posted 11:56 am on Feb 18, 2013 (gmt 0)

have you looked through your server access logs for clues?

the two most likely possible explanations:
- they pointed their domain to your IP address and your server is configured to accept requests for any hostname.
- they have set up their own server to make proxy requests to your server.

migumbo

5+ Year Member



 
Msg#: 4546376 posted 10:03 pm on Feb 19, 2013 (gmt 0)

thanks will check both of those things with the hosting company

Demaestro

WebmasterWorld Senior Member demaestro us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 4546376 posted 11:39 pm on Feb 19, 2013 (gmt 0)

If we put Joomla into maintenance mode, it also put's their domain redirected site into maintenance mode.


I assume by this you mean that you used the setting in global config to put the "site offline" or into "debug mode"?

If that is correct then there is something else going on here as both of those settings live in a config file. If you are changing the config file which writes to a flat .php file and not a database then they are most likely linking back to your site.

Either that or the host server is so fully taken over in an attack that they were able to mirror flat files and change them at the same moment you do. Which is unlikely.

I think whatever is happening they are pointing it back to your site.... the real question is how is the .htaccess file routing traffic from that domain to the public directory of your site?

migumbo

5+ Year Member



 
Msg#: 4546376 posted 6:09 am on Feb 22, 2013 (gmt 0)

after a lot of trial and error this now fixed via htaccess level by adding this to the htaccess directive:
RewriteEngine On
RewriteCond %{SERVER_NAME} !^(www\.)?our-domain.com\.com$
RewriteRule ^ - [F]

phranque

WebmasterWorld Administrator phranque us a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



 
Msg#: 4546376 posted 10:39 am on Feb 25, 2013 (gmt 0)

do you have an extra '.com' in that condition?

also make sure you are handling any other/wildcard subdomains properly.

in some cases it might be better to use something more like this:

RewriteCond %{SERVER_NAME} !example\.com$

migumbo

5+ Year Member



 
Msg#: 4546376 posted 5:31 am on Feb 27, 2013 (gmt 0)

thanks I'll check!

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / WebmasterWorld / Webmaster General
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved