How to prevent unauthorized domain forwarding?

Hi All,

I am not sure if this is the right place to ask this question, but we are facing a peculiar issue.

An unknown domain unauthdomain.cf is forwarding (with masking) to our domain ourdomain.com.
The data, files, content are being served from our server even at folder levels. Any changes made to our pages is reflecting on their pages as well.
However, the URLs are showing as unauthdomain.cf/folder1 instead of ourdomain.com/folder1.

We detected this issue when we got an alert in our Google Webmaster tools. We reported this to Cloudfront / Hosting provider and the same was removed after a few hours. However, now we have found 3 other unauthorized domains with the same forwarding/linking.

How do we stop these domains from spoofing our site? Can this be handled at domain DNS configuration level? If not, what changes should we do to server (We use Nginx) level to prevent such issues?

 

Are they stealing your content using an iframe and fetching your content on the fly? You can check out the link below for an idea about how to use Javascript to redirect iframe thieves to your website.

https://www.omoscowonder.com/how-to-block-iframe-websites-from-stealing-your-contents/

I'm not sure if that particular content works, but you can get the general idea. Also see this:

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options

If they were fetching your pages from a server, then you could block their IP address. But that does not sound like what is being done based on your post.

 

If they are using iframe blocking ip will not help.

You can send abuse report to their host and tell them that it is done without your permission.

 

@billzo - This is certainly not via iframes. We've checked this.
@robert4u - We reported the 1st domain. After 2 days, we saw two more domains spoofing our pages.

For further clarity, please check the real domains below:
Unauthorized domain: koyblanafuc.cf
Our domain: quackquack.in

We tried making changes to our nginx server but we succeeded in stopping the unauthorized domain from spoofing our site only on http. We were unable to stop this on https.

 

It appears that the content is being fetched on the fly from your server by their server which modifies a few things then outputs it to the browser. How did you block it on http? If we can see that then maybe we can get another idea.

What do your logs show? Try a test fetch from the rogue website stealing your content, view the entries in the log file. Look for a referer string or an IP address and you can attempt to block that site based on that. However, if the IP address or referer string change, you will have to do it again.

I don't think there is a way to block based on cross origin requests. I will read up on ways to block scrapers, which is essentially what this is.

Otherwise, find the web host they are on and send them a copyright infringement complaint and maybe get them shut down.

 

@billzo - Thanks for the detailed response. We've for now, identified their main IP address and blocked the same. We found two more domains, again from the same IP and those are blocked as well. We will have to see in future if this crops up again on other IP addresses. However, it would be really nice to have a permanent solution to block such scrapers / forwarding sites.

 

Send a copyright complaint to the web host or data center. That should get some action, especially if it is located in Europe or America.

 

@billzo - We are parallelly doing this apart from blocking the IPs.