Welcome to WebmasterWorld Guest from 54.242.193.41

Forum Moderators: phranque

Message Too Old, No Replies

another domain pointed to my website content

     
4:32 pm on Oct 28, 2017 (gmt 0)

Junior Member

Top Contributors Of The Month

joined:Oct 28, 2017
posts: 50
votes: 0


Hello
Another domain http://example.com site simply display the content of your site at their own URL i don't know how it is done but now my google rank slowly drops please help me how to fix this

thank you

[edited by: phranque at 8:22 pm (utc) on Oct 28, 2017]
[edit reason] exemplified domain [/edit]

11:11 pm on Nov 5, 2017 (gmt 0)

Junior Member

Top Contributors Of The Month

joined:Oct 28, 2017
posts: 50
votes: 0


so should i go back to my hosting DNS and remove everything from cloudflare? after i will apply your code into my header.php

thank you for your reply sir :) let me give it a try
11:19 pm on Nov 5, 2017 (gmt 0)

Senior Member

WebmasterWorld Senior Member 5+ Year Member Top Contributors Of The Month

joined:Sept 14, 2011
posts:1045
votes: 132


No need to remove anything on cloudflare, please stay with them.

The code works with cloudflare please implement it to prevent direct access to your ip.
11:21 pm on Nov 5, 2017 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:12913
votes: 893


OK I'm sorry but none of you guys are addressing the problem... The problem is you can reach the site by typing in his IP address as well as the domain name and whilst that remains the case he is always susceptible to hijacking.
That's is what I was saying about the IP routing at Cloudfare.

Extremely negligent of Cloudfare to allow direct IP access. I've never seen that at any host.


[fix typo]

[edited by: keyplyr at 11:30 pm (utc) on Nov 5, 2017]

11:27 pm on Nov 5, 2017 (gmt 0)

Senior Member

WebmasterWorld Senior Member 5+ Year Member Top Contributors Of The Month

joined:Sept 14, 2011
posts:1045
votes: 132


Here's whats happening
Lets say your ip is 1.1.1.1

You are displaying content when I type http;//1.1.1.1 into a browser
So this script will only display content when server host under which the current script is executing is www.yourdomain.com or yourdomain.com, if the ip is requested it will serve "Direct ip access not allowed!".
This prevents other domains connecting through cloudflare to your ip and then serving content. Or through a proxy server to your ip address.
11:31 pm on Nov 5, 2017 (gmt 0)

Junior Member

Top Contributors Of The Month

joined:Oct 28, 2017
posts: 50
votes: 0


ok i will stay with them... i already applied my code here


<meta name="msapplication-TileImage" content="<?php echo $siteurl; ?>/images/mstile-144x144.png">
<!-- Global site tag (gtag.js) - Google Analytics -->
<script async src="https://www.xxxxxxxxxxxx.com/gtag/js?id=UA-xxxxxxxx-1"></script>
<script>
window.dataLayer = window.dataLayer || [];
function gtag(){dataLayer.push(arguments);}
gtag('js', new Date());

gtag('config', 'UA-xxxxxxxxx-1');
</script>
<?php

$servername = $_SERVER['SERVER_NAME'];

if($servername == 'mydomain.co'){

} elseif ( $servername == 'www.mydomain.co'){

}else{
die("Direct ip access not allowed!");
}
?>
</head>
<body>
<div class="container">
<div class="row clearfix" style="margin-left: 8px; margin-right: 8px;">


cloudflare never reply to my email i already send them two emails not even a confirmation that they have received my complain. simply ignoring. when this 1st happened i send them a email but they said they are not responsible for such issue since they are not a hosting company etc...
11:31 pm on Nov 5, 2017 (gmt 0)

Senior Member

WebmasterWorld Senior Member 5+ Year Member Top Contributors Of The Month

joined:Sept 14, 2011
posts:1045
votes: 132


Extremely negligent of Cloudfare to allow direct IP access. I've never seen that at any host.


Hold your horses there keyplr I think cloudflare are just the CDN in this case, it's the host at fault here. It's actually happens quite a bit on cloud hosting.
11:33 pm on Nov 5, 2017 (gmt 0)

Senior Member

WebmasterWorld Senior Member 5+ Year Member Top Contributors Of The Month

joined:Sept 14, 2011
posts:1045
votes: 132


Good now verify this is working by typing your ip address directly into your browser please
11:39 pm on Nov 5, 2017 (gmt 0)

Junior Member

Top Contributors Of The Month

joined:Oct 28, 2017
posts: 50
votes: 0


i did that already and gave me access denied error :)
11:42 pm on Nov 5, 2017 (gmt 0)

Senior Member

WebmasterWorld Senior Member 5+ Year Member Top Contributors Of The Month

joined:Sept 14, 2011
posts:1045
votes: 132


Great now sleep easy, this problem is solved my friend :)
12:09 am on Nov 6, 2017 (gmt 0)

Junior Member

Top Contributors Of The Month

joined:Oct 28, 2017
posts: 50
votes: 0


so this will stop display my website content on the fake website is that correct?
12:12 am on Nov 6, 2017 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:12913
votes: 893


Until you determine exactly what method was using your content, it is just another safeguard. All sites should utilize various defenses against hijacking and other threats.
12:19 am on Nov 6, 2017 (gmt 0)

Senior Member

WebmasterWorld Senior Member 5+ Year Member Top Contributors Of The Month

joined:Sept 14, 2011
posts:1045
votes: 132


Yes! - They were connecting directly from cloudflare to your ip, that can't happen anymore, the additional code you were seeing was one of cloudflare's apps. Additionally it can't happen with any other proxy service. Google have a pretty good map of other techniques, this was a new one for me, so please get some rest, it must of been a stressful time and know you have now solved the problem :)
1:11 am on Nov 7, 2017 (gmt 0)

Junior Member

Top Contributors Of The Month

joined:Oct 28, 2017
posts: 50
votes: 0


updates

@anthonyinit

I just read your private message. Since you gave me a link to your site and the 2 offending sites, i was able to do some investigating. I am pleased that the indexed/scraped information on your site was only info about MP3s. After clicking download on a couple MP3s i was taken to a page with a link to ITunes. That made me happy to find out you were not scraping MP3s. I do have to say your site was actually pretty cool.

Anyways:

1. On of the 2 offending domains j-----.info is not working well, all i get is errors.
This domain is at @QuadraNet They are a very reputable ISP here on WHT and probably would respond to a DMCA complaint quickly. Go to Quadranet and contact them about a DMCA complaint.

2. I looked at the page source of your site and the offenders ''film'' site. The home pages of both yours and theirs are almost identical, except for an extra script i found on the offenders site.

At the very bottom of the home pages source code of the offenders ''film''site, there is a script connecting something to livesite dot ru and YANDEX. So it looks like Yandex is indexing your site by the use of a code. The script is not complete, meaning it has another part of the code somewhere else.

Are you confident about that code you bought for your site? Did a verifiable person or company write it?

3. Also there is a smoking gun in the offenders source code they forgot to change. It clearly shows that their page is a copy of yours. I will not post that here in case the offender is reading this and i do not want them to remove or alter it.

In my research i found that an Anthony D., is this you, filed a DMCA against the ''film'' site with Google on Nov 3 2017. So i will give the Google crew a little time to see the site and the damning info in the offenders source code.

All in all, what i can gather is that the offender is pasting and copying your source code and creating a mirror of your site. Unfortunately all that can be done is to report the sites to their host and the search engines. Neither is a guarantee.


i guess this is why not of our codes are working to block to them
5:06 am on Nov 8, 2017 (gmt 0)

Junior Member

Top Contributors Of The Month

joined:Oct 28, 2017
posts: 50
votes: 0


finally cloudflare replied

Adam M (Cloudflare)
Nov 7, 2:06 PM PST

Hi there,

This does not appear to be a DNS error. If you feel that your site is being plagiarized, please file an abuse report at example.com/abuse/form

Kind regards,

Adam | Support Engineer
Join the Cloudflare Community


why do i have to creat another abuse why cant they use this abuse ticket grrr...
8:24 am on Nov 15, 2017 (gmt 0)

Junior Member

Top Contributors Of The Month

joined:Oct 28, 2017
posts: 50
votes: 0


i browse for these url from the fake websites for testing and i checked for my website logs and found out that the request came from these places.
eg.
http://fakesite.net/SCAMMERRRRRR.html
http://fakesite2.info/SCAMMERRRRRR.html


hosting.eurohoster.org - - [14/Nov/2017:12:24:30 +0100] "GET /SCAMMERRRRRR.html HTTP/1.1" 404 494 "" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36"
146.185.202.114 - - [14/Nov/2017:12:24:34 +0100] "GET /SCAMMERRRRRR.html HTTP/1.1" 404 494 "" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36"
146.185.200.54 - - [14/Nov/2017:12:24:37 +0100] "GET /SCAMMERRRRRR.html HTTP/1.1" 404 494 "" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36"
pinspb.ru - - [14/Nov/2017:12:24:58 +0100] "GET /SCAMMERRRRRR.html HTTP/1.1" 404 494 "" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36"
pinspb.ru - - [14/Nov/2017:12:25:01 +0100] "GET /SCAMMERRRRRR.html HTTP/1.1" 404 494 "" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36"
5.189.200.175 - - [14/Nov/2017:12:25:04 +0100] "GET /SCAMMERRRRRR.html HTTP/1.1" 404 494 "" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36"
hosting.eurohoster.org - - [14/Nov/2017:12:25:08 +0100] "GET /SCAMMERRRRRR.html HTTP/1.1" 404 494 "" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36"
37.9.40.27 - - [14/Nov/2017:12:25:11 +0100] "GET /SCAMMERRRRRR.html HTTP/1.1" 404 494 "" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36"
hosting.eurohoster.org - - [14/Nov/2017:12:25:14 +0100] "GET /SCAMMERRRRRR.html HTTP/1.1" 404 494 "" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36"


most of these IPs are from Russia i think they are doing reverse proxy or something...
11:37 am on Nov 21, 2017 (gmt 0)

Junior Member

Top Contributors Of The Month

joined:Oct 28, 2017
posts: 50
votes: 0


getting some help from other forums this is a reverse proxy issue now we are working on blocking most of them... so far everything is good but still have few proxy servers to block...

thank you all for ur kind help.
1:08 pm on Nov 21, 2017 (gmt 0)

Administrator

WebmasterWorld Administrator phranque is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Aug 10, 2004
posts:11716
votes: 211


thanks for the update, anthonyinit_2017!
1:42 pm on Nov 21, 2017 (gmt 0)

Junior Member

Top Contributors Of The Month

joined:Oct 28, 2017
posts: 50
votes: 0


you are welcome :)
This 78 message thread spans 3 pages: 78