homepage Welcome to WebmasterWorld Guest from 54.226.166.224
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Pubcon Platinum Sponsor 2014
Home / Forums Index / WebmasterWorld / Webmaster General
Forum Library, Charter, Moderators: phranque & physics

Webmaster General Forum

    
3rd Party Site Mirroring My Content - How do I prevent this?
Imaster




msg:4586013
 9:05 am on Jun 20, 2013 (gmt 0)

Hello,

My entire website is hijacked/mirrored. I don't know the correct terminology (Is it Proxy hijacking), but I can explain what has happened and experts can provide more insight into this and how to stop it.

I operate a website www.example.com

Four other websites have created an exact mirror of my website. These websites which are hosted in US, but domain names are owned by Chinese. However they have not downloaded my pages and uploaded on their server. What they have done is that they are fetching the page contents live from my server possibly via a script hosted on their server. When I browse a page on their website, I can see a query on my server's log file from their hosting IP address. The layout, sitemap, etc of their website is identical to mine.

They have:
- Changed the logo and replaced it with their own.
- However if you view source of the pages, I can see the references to my website for css, image files, etc. They could not change any absolute paths.

If I block their IP address from my server via httpd.conf or .htaccess, then their website displays blank pages only as they cannot fetch any content live from my server.

After I blocked it for the first time, their website was taken down by them when they realized that they had been blocked. But after a couple of days, they were back again on a different IP address/hosting provider. I had even complained to their hosting provider and I guess they went to some other hosting provider now.

They are also listed/indexed in Google and I have filed a DMCA complaint towards the same.

How do I deal with this? Technically, how do you prevent your website from being mirrored on another domain, I'm using Apache.

Somebody had mentioned in another forum to set up in Apache, set up virtual hosting. You can disallow access to your site from their domain or disallow from anything except my domain.

Any solutions!

 

phranque




msg:4586042
 11:16 am on Jun 20, 2013 (gmt 0)

try something like this, which will send a 403 Forbidden response:

RewriteEngine On
RewriteCond %{SERVER_NAME} !example\.com$
RewriteRule ^ - [F]


this should work in most cases, assuming you have name-based virtual hosts configured.
however a spoofed Host: HTTP Request header can bypass this so you may need a more robust solution.


if you don't have name-based virtual hosts configured, try something like this:

RewriteEngine On
RewriteCond %{HTTP_HOST} .
RewriteCond %{HTTP_HOST} !example\.com$
RewriteRule ^ - [F]

lucy24




msg:4586236
 9:38 pm on Jun 20, 2013 (gmt 0)

RewriteRule ^ - [F]

Can you explain in words of two syllables how that works? I assumed it was a typo for ^.* but tried it two ways and yup, 403 rather than 500 --provided you've poked a hole for your error documents.

Does mod_rewrite simply interpret it as "the request has a beginning, i.e. there was a request"?

phranque




msg:4586272
 12:14 am on Jun 21, 2013 (gmt 0)

i know! you want to do something like this:

RewriteRule ^.? - [F]

the caret matches a position rather than a character and doesn't need a character to match.

phranque




msg:4586273
 12:19 am on Jun 21, 2013 (gmt 0)

RewriteRule ^ - [F]

...
Does mod_rewrite simply interpret it as "the request has a beginning, i.e. there was a request"?


the direct translation is:
rewrite whatever to whatever 403

Topkat




msg:4632715
 7:34 pm on Dec 21, 2013 (gmt 0)

Hi.

I've just noticed my website has been mirrored too. If I change something on my website, the mirrored website gets updated too. But the logo is different on their website. When I right click and view source, I can see they have a direct link to my website domain for the CSS file.

I'm a newbie to all this server stuff. Can someone please tell me what "name-based virtual hosts" is and how I can configure it to block people from mirroring my website?

I have a .htaccess file already with this content

RewriteEngine On
RewriteCond %{HTTP_HOST} ^mydomain\.com
ReWriteRule ^(.*)$ http://www.mydomain.com/$1 [R=301,L]
RewriteCond %{THE_REQUEST} ^GET\ .*/index\.(php|html)\ HTTP
RewriteRule ^(.*)index\.(php|html)$ /$1 [R=301,L]


Does it matter where I place the code shown in posts above in my htaccess file?

Would this be ok?

RewriteEngine On
RewriteCond %{HTTP_HOST} .
RewriteCond %{HTTP_HOST} !mydomain\.com$
RewriteRule ^ - [F]
RewriteCond %{HTTP_HOST} ^mydomain\.com
ReWriteRule ^(.*)$ http://www.mydomain.com/$1 [R=301,L]
RewriteCond %{THE_REQUEST} ^GET\ .*/index\.(php|html)\ HTTP
RewriteRule ^(.*)index\.(php|html)$ /$1 [R=301,L]

lucy24




msg:4632726
 9:22 pm on Dec 21, 2013 (gmt 0)

Urk. Put a blank line after each RewriteRule so you can see what you're doing. This has no syntactic effect, it's just for your own sanity.

This whole thread probably belongs in the Apache subforum (phranque? you out there?) but for starters:

The quoted rules are backward. In general, your "index" redirect will be the second-to-last redirect. The very last redirect goes like this (assuming you prefer with-www):

RewriteCond %{HTTP_HOST} !^(www\.example\.com)?$
RewriteRule (.*) http://www.example.com/$1 [R=301,L]

i.e. if the hostname is anything other than the exactly correct form (or exactly nothing, if you have humans using 1.0), redirect.

If you need to add a rule based on %{SERVER_NAME}, this rule will end in [F] so it goes way back at the beginning of your RewriteRules.

Can someone point me to an explanation of the relationship between SERVER_NAME and domain name?

:: looking uneasily at host, which has a multitude of servers whose names have nothing to do with the domains hosted thereon ::

Topkat




msg:4632873
 1:55 pm on Dec 22, 2013 (gmt 0)

Hi,

Thanks for your reply, however I am still a bit confused. Should my htaccess look like this:

RewriteEngine On
RewriteCond %{HTTP_HOST} .
RewriteCond %{HTTP_HOST} !example\.com$
RewriteRule ^ - [F]
RewriteCond %{HTTP_HOST} !^(www\.example\.com)?$
RewriteRule (.*) http://www.example.com/$1 [R=301,L]
RewriteCond %{THE_REQUEST} ^GET\ .*/index\.(php|html)\ HTTP
RewriteRule ^(.*)index\.(php|html)$ /$1 [R=301,L]


This htaccess stuff has me really confused. I wrote this script in PHP to try and stop it, but the mirror site still works. Is there anyway to stop it with PHP? I understand PHP, but htaccess is all new to me. :-(

<?php

if (!preg_match("/localhost|example\.com/i", $_SERVER['SERVER_NAME']))
{
echo "<p>Error.</p>";
exit;
}

?>

explorador




msg:4633418
 2:48 pm on Dec 24, 2013 (gmt 0)

I can see a query on my server's log file from their hosting IP address

cloack your site just to play a bit

Make your server display some dirty absurd content to the ip of the bad guys, soon they will have dirty content on their and will be penalized or removed from the G.

It's pretty easy with php or with perl.

BTW cloacking means displaying specific content to specific targets, by ip, browser agent, etc. This way first you detect the target and then you serve the content ONLY THEY WILL SEE. So this won't hurt you.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / WebmasterWorld / Webmaster General
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved