homepage Welcome to WebmasterWorld Guest from 54.234.42.16
register, login, search, subscribe, help, library, PubCon, announcements, recent posts, open posts,
Subscribe to WebmasterWorld

Visit PubCon.com
Home / Forums Index / WebmasterWorld / Webmaster General
Forum Library : Charter : Moderators: phranque & physics

Webmaster General Forum

    
CNAME redirect to Joomla site
Someone has hijacked our site with a simple redirect
migumbo




msg:4546378		 5:26 am on Feb 18, 2013 (gmt 0)

* Last week we noticed duplicate content warnings and links from a domain wwww.some-tld.com in our Webmaster tools account (yes 4 wwww's)

* It appeared to be an exact replica of our Joomla site - a completely different TLD.

* Somehow the entire Joomla based site is running under their domain.

* If we put Joomla into maintenance mode, it also put's their domain redirected site into maintenance mode. We can also login into our Admin from their domain redirect.

* The offending domain is whois protected at Moniker. Could I ask them to shut the redirect down? Am I within my rights to do this?

* I've reported this site as a "scraper" to Google using their form. I've also contacted our host to see if there's anything they can do.

Any other advice? How can they possibly get this site to run perfectly under their domain?

 

Hoople




msg:4546383		 5:45 am on Feb 18, 2013 (gmt 0)

By chance are the two domains on the same IP address?

There have been a few threads her on WW as to how to track down the mirroring if they aren't on the same IP.
phranque




msg:4546421		 11:56 am on Feb 18, 2013 (gmt 0)

have you looked through your server access logs for clues?

the two most likely possible explanations:
- they pointed their domain to your IP address and your server is configured to accept requests for any hostname.
- they have set up their own server to make proxy requests to your server.
migumbo




msg:4546914		 10:03 pm on Feb 19, 2013 (gmt 0)

thanks will check both of those things with the hosting company
Demaestro




msg:4546943		 11:39 pm on Feb 19, 2013 (gmt 0)

If we put Joomla into maintenance mode, it also put's their domain redirected site into maintenance mode.


I assume by this you mean that you used the setting in global config to put the "site offline" or into "debug mode"?

If that is correct then there is something else going on here as both of those settings live in a config file. If you are changing the config file which writes to a flat .php file and not a database then they are most likely linking back to your site.

Either that or the host server is so fully taken over in an attack that they were able to mirror flat files and change them at the same moment you do. Which is unlikely.

I think whatever is happening they are pointing it back to your site.... the real question is how is the .htaccess file routing traffic from that domain to the public directory of your site?
migumbo




msg:4547755		 6:09 am on Feb 22, 2013 (gmt 0)

after a lot of trial and error this now fixed via htaccess level by adding this to the htaccess directive:
RewriteEngine On
RewriteCond %{SERVER_NAME} !^(www\.)?our-domain.com\.com$
RewriteRule ^ - [F]
phranque




msg:4548583		 10:39 am on Feb 25, 2013 (gmt 0)

do you have an extra '.com' in that condition?

also make sure you are handling any other/wildcard subdomains properly.

in some cases it might be better to use something more like this:

RewriteCond %{SERVER_NAME} !example\.com$

migumbo




msg:4549332		 5:31 am on Feb 27, 2013 (gmt 0)

thanks I'll check!
Global Options:
 top home search open messages active posts  
 

Home / Forums Index / WebmasterWorld / Webmaster General
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About
WebmasterWorld ® and PubCon ® are a Registered Trademarks of Pubcon Inc.
© Pubcon Inc. 1996-2012 all rights reserved