homepage Welcome to WebmasterWorld Guest from
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Visit PubCon.com
Home / Forums Index / WebmasterWorld / Webmaster General
Forum Library, Charter, Moderators: phranque

Webmaster General Forum

CNAME redirect to Joomla site
Someone has hijacked our site with a simple redirect

 5:26 am on Feb 18, 2013 (gmt 0)

* Last week we noticed duplicate content warnings and links from a domain wwww.some-tld.com in our Webmaster tools account (yes 4 wwww's)

* It appeared to be an exact replica of our Joomla site - a completely different TLD.

* Somehow the entire Joomla based site is running under their domain.

* If we put Joomla into maintenance mode, it also put's their domain redirected site into maintenance mode. We can also login into our Admin from their domain redirect.

* The offending domain is whois protected at Moniker. Could I ask them to shut the redirect down? Am I within my rights to do this?

* I've reported this site as a "scraper" to Google using their form. I've also contacted our host to see if there's anything they can do.

Any other advice? How can they possibly get this site to run perfectly under their domain?



 5:45 am on Feb 18, 2013 (gmt 0)

By chance are the two domains on the same IP address?

There have been a few threads her on WW as to how to track down the mirroring if they aren't on the same IP.


 11:56 am on Feb 18, 2013 (gmt 0)

have you looked through your server access logs for clues?

the two most likely possible explanations:
- they pointed their domain to your IP address and your server is configured to accept requests for any hostname.
- they have set up their own server to make proxy requests to your server.


 10:03 pm on Feb 19, 2013 (gmt 0)

thanks will check both of those things with the hosting company


 11:39 pm on Feb 19, 2013 (gmt 0)

If we put Joomla into maintenance mode, it also put's their domain redirected site into maintenance mode.

I assume by this you mean that you used the setting in global config to put the "site offline" or into "debug mode"?

If that is correct then there is something else going on here as both of those settings live in a config file. If you are changing the config file which writes to a flat .php file and not a database then they are most likely linking back to your site.

Either that or the host server is so fully taken over in an attack that they were able to mirror flat files and change them at the same moment you do. Which is unlikely.

I think whatever is happening they are pointing it back to your site.... the real question is how is the .htaccess file routing traffic from that domain to the public directory of your site?


 6:09 am on Feb 22, 2013 (gmt 0)

after a lot of trial and error this now fixed via htaccess level by adding this to the htaccess directive:
RewriteEngine On
RewriteCond %{SERVER_NAME} !^(www\.)?our-domain.com\.com$
RewriteRule ^ - [F]


 10:39 am on Feb 25, 2013 (gmt 0)

do you have an extra '.com' in that condition?

also make sure you are handling any other/wildcard subdomains properly.

in some cases it might be better to use something more like this:

RewriteCond %{SERVER_NAME} !example\.com$


 5:31 am on Feb 27, 2013 (gmt 0)

thanks I'll check!

Global Options:
 top home search open messages active posts  

Home / Forums Index / WebmasterWorld / Webmaster General
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved