Welcome to WebmasterWorld Guest from 54.205.251.179

Forum Moderators: phranque

Message Too Old, No Replies

CNAME redirect to Joomla site

Someone has hijacked our site with a simple redirect

   
5:26 am on Feb 18, 2013 (gmt 0)

5+ Year Member



* Last week we noticed duplicate content warnings and links from a domain wwww.some-tld.com in our Webmaster tools account (yes 4 wwww's)

* It appeared to be an exact replica of our Joomla site - a completely different TLD.

* Somehow the entire Joomla based site is running under their domain.

* If we put Joomla into maintenance mode, it also put's their domain redirected site into maintenance mode. We can also login into our Admin from their domain redirect.

* The offending domain is whois protected at Moniker. Could I ask them to shut the redirect down? Am I within my rights to do this?

* I've reported this site as a "scraper" to Google using their form. I've also contacted our host to see if there's anything they can do.

Any other advice? How can they possibly get this site to run perfectly under their domain?
5:45 am on Feb 18, 2013 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



By chance are the two domains on the same IP address?

There have been a few threads her on WW as to how to track down the mirroring if they aren't on the same IP.
11:56 am on Feb 18, 2013 (gmt 0)

WebmasterWorld Administrator phranque is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



have you looked through your server access logs for clues?

the two most likely possible explanations:
- they pointed their domain to your IP address and your server is configured to accept requests for any hostname.
- they have set up their own server to make proxy requests to your server.
10:03 pm on Feb 19, 2013 (gmt 0)

5+ Year Member



thanks will check both of those things with the hosting company
11:39 pm on Feb 19, 2013 (gmt 0)

WebmasterWorld Senior Member demaestro is a WebmasterWorld Top Contributor of All Time 10+ Year Member



If we put Joomla into maintenance mode, it also put's their domain redirected site into maintenance mode.


I assume by this you mean that you used the setting in global config to put the "site offline" or into "debug mode"?

If that is correct then there is something else going on here as both of those settings live in a config file. If you are changing the config file which writes to a flat .php file and not a database then they are most likely linking back to your site.

Either that or the host server is so fully taken over in an attack that they were able to mirror flat files and change them at the same moment you do. Which is unlikely.

I think whatever is happening they are pointing it back to your site.... the real question is how is the .htaccess file routing traffic from that domain to the public directory of your site?
6:09 am on Feb 22, 2013 (gmt 0)

5+ Year Member



after a lot of trial and error this now fixed via htaccess level by adding this to the htaccess directive:
RewriteEngine On
RewriteCond %{SERVER_NAME} !^(www\.)?our-domain.com\.com$
RewriteRule ^ - [F]
10:39 am on Feb 25, 2013 (gmt 0)

WebmasterWorld Administrator phranque is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



do you have an extra '.com' in that condition?

also make sure you are handling any other/wildcard subdomains properly.

in some cases it might be better to use something more like this:

RewriteCond %{SERVER_NAME} !example\.com$
5:31 am on Feb 27, 2013 (gmt 0)

5+ Year Member



thanks I'll check!