so should i go back to my hosting DNS and remove everything from cloudflare? after i will apply your code into my header.php

thank you for your reply sir :) let me give it a try

No need to remove anything on cloudflare, please stay with them.

The code works with cloudflare please implement it to prevent direct access to your ip.

OK I'm sorry but none of you guys are addressing the problem... The problem is you can reach the site by typing in his IP address as well as the domain name and whilst that remains the case he is always susceptible to hijacking.

That's is what I was saying about the IP routing at Cloudfare.

Extremely negligent of Cloudfare to allow direct IP access. I've never seen that at any host.


[fix typo]

[edited by: keyplyr at 11:30 pm (utc) on Nov 5, 2017]

Here's whats happening
Lets say your ip is 1.1.1.1

You are displaying content when I type http;//1.1.1.1 into a browser
So this script will only display content when server host under which the current script is executing is www.yourdomain.com or yourdomain.com, if the ip is requested it will serve "Direct ip access not allowed!".
This prevents other domains connecting through cloudflare to your ip and then serving content. Or through a proxy server to your ip address.

ok i will stay with them... i already applied my code here

<meta name="msapplication-TileImage" content="<?php echo $siteurl; ?>/images/mstile-144x144.png">
<!-- Global site tag (gtag.js) - Google Analytics -->
<script async src="https://www.xxxxxxxxxxxx.com/gtag/js?id=UA-xxxxxxxx-1"></script>
<script>
 window.dataLayer = window.dataLayer || [];
 function gtag(){dataLayer.push(arguments);}
 gtag('js', new Date());

 gtag('config', 'UA-xxxxxxxxx-1');
</script>
<?php 

$servername = $_SERVER['SERVER_NAME'];

if($servername == 'mydomain.co'){

} elseif ( $servername == 'www.mydomain.co'){

}else{
 die("Direct ip access not allowed!");
}
?>
</head>
<body>
<div class="container">
<div class="row clearfix" style="margin-left: 8px; margin-right: 8px;">

cloudflare never reply to my email i already send them two emails not even a confirmation that they have received my complain. simply ignoring. when this 1st happened i send them a email but they said they are not responsible for such issue since they are not a hosting company etc...

Extremely negligent of Cloudfare to allow direct IP access. I've never seen that at any host.

Hold your horses there keyplr I think cloudflare are just the CDN in this case, it's the host at fault here. It's actually happens quite a bit on cloud hosting.

Good now verify this is working by typing your ip address directly into your browser please

i did that already and gave me access denied error :)

Great now sleep easy, this problem is solved my friend :)

so this will stop display my website content on the fake website is that correct?

Until you determine exactly what method was using your content, it is just another safeguard. All sites should utilize various defenses against hijacking and other threats.

Yes! - They were connecting directly from cloudflare to your ip, that can't happen anymore, the additional code you were seeing was one of cloudflare's apps. Additionally it can't happen with any other proxy service. Google have a pretty good map of other techniques, this was a new one for me, so please get some rest, it must of been a stressful time and know you have now solved the problem :)

updates

@anthonyinit

I just read your private message. Since you gave me a link to your site and the 2 offending sites, i was able to do some investigating. I am pleased that the indexed/scraped information on your site was only info about MP3s. After clicking download on a couple MP3s i was taken to a page with a link to ITunes. That made me happy to find out you were not scraping MP3s. I do have to say your site was actually pretty cool.

Anyways:

1. On of the 2 offending domains j-----.info is not working well, all i get is errors.
This domain is at @QuadraNet They are a very reputable ISP here on WHT and probably would respond to a DMCA complaint quickly. Go to Quadranet and contact them about a DMCA complaint.

2. I looked at the page source of your site and the offenders ''film'' site. The home pages of both yours and theirs are almost identical, except for an extra script i found on the offenders site.

At the very bottom of the home pages source code of the offenders ''film''site, there is a script connecting something to livesite dot ru and YANDEX. So it looks like Yandex is indexing your site by the use of a code. The script is not complete, meaning it has another part of the code somewhere else.

Are you confident about that code you bought for your site? Did a verifiable person or company write it?

3. Also there is a smoking gun in the offenders source code they forgot to change. It clearly shows that their page is a copy of yours. I will not post that here in case the offender is reading this and i do not want them to remove or alter it. 

In my research i found that an Anthony D., is this you, filed a DMCA against the ''film'' site with Google on Nov 3 2017. So i will give the Google crew a little time to see the site and the damning info in the offenders source code.

All in all, what i can gather is that the offender is pasting and copying your source code and creating a mirror of your site. Unfortunately all that can be done is to report the sites to their host and the search engines. Neither is a guarantee.

i guess this is why not of our codes are working to block to them

finally cloudflare replied

Adam M (Cloudflare)
Nov 7, 2:06 PM PST

Hi there,

This does not appear to be a DNS error. If you feel that your site is being plagiarized, please file an abuse report at example.com/abuse/form

Kind regards,

Adam | Support Engineer
Join the Cloudflare Community

why do i have to creat another abuse why cant they use this abuse ticket grrr...

i browse for these url from the fake websites for testing and i checked for my website logs and found out that the request came from these places.
eg.

http://fakesite.net/SCAMMERRRRRR.html
http://fakesite2.info/SCAMMERRRRRR.html

hosting.eurohoster.org - - [14/Nov/2017:12:24:30 +0100] "GET /SCAMMERRRRRR.html HTTP/1.1" 404 494 "" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36"
146.185.202.114 - - [14/Nov/2017:12:24:34 +0100] "GET /SCAMMERRRRRR.html HTTP/1.1" 404 494 "" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36"
146.185.200.54 - - [14/Nov/2017:12:24:37 +0100] "GET /SCAMMERRRRRR.html HTTP/1.1" 404 494 "" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36"
pinspb.ru - - [14/Nov/2017:12:24:58 +0100] "GET /SCAMMERRRRRR.html HTTP/1.1" 404 494 "" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36"
pinspb.ru - - [14/Nov/2017:12:25:01 +0100] "GET /SCAMMERRRRRR.html HTTP/1.1" 404 494 "" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36"
5.189.200.175 - - [14/Nov/2017:12:25:04 +0100] "GET /SCAMMERRRRRR.html HTTP/1.1" 404 494 "" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36"
hosting.eurohoster.org - - [14/Nov/2017:12:25:08 +0100] "GET /SCAMMERRRRRR.html HTTP/1.1" 404 494 "" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36"
37.9.40.27 - - [14/Nov/2017:12:25:11 +0100] "GET /SCAMMERRRRRR.html HTTP/1.1" 404 494 "" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36"
hosting.eurohoster.org - - [14/Nov/2017:12:25:14 +0100] "GET /SCAMMERRRRRR.html HTTP/1.1" 404 494 "" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36"

most of these IPs are from Russia i think they are doing reverse proxy or something...

getting some help from other forums this is a reverse proxy issue now we are working on blocking most of them... so far everything is good but still have few proxy servers to block...

thank you all for ur kind help.

thanks for the update, anthonyinit_2017!

you are welcome :)