1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

How to prevent unauthorized domain forwarding?

Discussion in 'Web Hosting' started by ravemittal, Jun 13, 2017.

  1. #1
    Hi All,

    I am not sure if this is the right place to ask this question, but we are facing a peculiar issue.
    SEMrush
    An unknown domain unauthdomain.cf is forwarding (with masking) to our domain ourdomain.com.
    The data, files, content are being served from our server even at folder levels. Any changes made to our pages is reflecting on their pages as well.
    However, the URLs are showing as unauthdomain.cf/folder1 instead of ourdomain.com/folder1.

    We detected this issue when we got an alert in our Google Webmaster tools. We reported this to Cloudfront / Hosting provider and the same was removed after a few hours. However, now we have found 3 other unauthorized domains with the same forwarding/linking.

    How do we stop these domains from spoofing our site? Can this be handled at domain DNS configuration level? If not, what changes should we do to server (We use Nginx) level to prevent such issues?
     
    ravemittal, Jun 13, 2017 IP
    SEMrush
  2. billzo

    billzo Well-Known Member

    Messages:
    961
    Likes Received:
    278
    Best Answers:
    15
    Trophy Points:
    113
    #2
    Are they stealing your content using an iframe and fetching your content on the fly? You can check out the link below for an idea about how to use Javascript to redirect iframe thieves to your website.

    https://www.omoscowonder.com/how-to-block-iframe-websites-from-stealing-your-contents/

    I'm not sure if that particular content works, but you can get the general idea. Also see this:

    https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options

    If they were fetching your pages from a server, then you could block their IP address. But that does not sound like what is being done based on your post.
     
    billzo, Jun 14, 2017 IP
  3. robert4u

    robert4u Greenhorn

    Messages:
    46
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    8
    #3
    If they are using iframe blocking ip will not help.

    You can send abuse report to their host and tell them that it is done without your permission.
     
    robert4u, Jun 14, 2017 IP
  4. ravemittal

    ravemittal Active Member

    Messages:
    26
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    56
    #4
    @billzo - This is certainly not via iframes. We've checked this.
    @robert4u - We reported the 1st domain. After 2 days, we saw two more domains spoofing our pages.

    For further clarity, please check the real domains below:
    Unauthorized domain: koyblanafuc.cf
    Our domain: quackquack.in

    We tried making changes to our nginx server but we succeeded in stopping the unauthorized domain from spoofing our site only on http. We were unable to stop this on https.
     
    ravemittal, Jun 14, 2017 IP
  5. billzo

    billzo Well-Known Member

    Messages:
    961
    Likes Received:
    278
    Best Answers:
    15
    Trophy Points:
    113
    #5
    It appears that the content is being fetched on the fly from your server by their server which modifies a few things then outputs it to the browser. How did you block it on http? If we can see that then maybe we can get another idea.

    What do your logs show? Try a test fetch from the rogue website stealing your content, view the entries in the log file. Look for a referer string or an IP address and you can attempt to block that site based on that. However, if the IP address or referer string change, you will have to do it again.

    I don't think there is a way to block based on cross origin requests. I will read up on ways to block scrapers, which is essentially what this is.

    Otherwise, find the web host they are on and send them a copyright infringement complaint and maybe get them shut down.
     
    billzo, Jun 16, 2017 IP
  6. ravemittal

    ravemittal Active Member

    Messages:
    26
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    56
    #6
    @billzo - Thanks for the detailed response. We've for now, identified their main IP address and blocked the same. We found two more domains, again from the same IP and those are blocked as well. We will have to see in future if this crops up again on other IP addresses. However, it would be really nice to have a permanent solution to block such scrapers / forwarding sites.
     
    ravemittal, Jun 21, 2017 IP
  7. billzo

    billzo Well-Known Member

    Messages:
    961
    Likes Received:
    278
    Best Answers:
    15
    Trophy Points:
    113
    #7
    Send a copyright complaint to the web host or data center. That should get some action, especially if it is located in Europe or America.
     
    billzo, Jun 21, 2017 IP
  8. ravemittal

    ravemittal Active Member

    Messages:
    26
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    56
    #8
    @billzo - We are parallelly doing this apart from blocking the IPs.
     
    ravemittal, Jun 22, 2017 IP