Hello, I'm new to apache and am having trouble restricting access to my website. I am currently in the building process of my site. Yesterday, I checked my Webalizer and I saw that one referrer that I had was from a domain that has a phishing reputation. I went to the address, baddomain.com, and saw that they were redirecting from their homepage to my website! I want to block access to my site from baddomain.com but I have had no luck so far. I pinged the site and got replies from my static ip. I tracert the route and it had the same route as my site. I check my logs but they all showed the name of the domain and not the ip address. I tried editing .htaccess for about 2 days. I tried every combo of this: Order Allow,Deny Allow from all Deny from baddomain.com I change the order. I moved "deny from..." to the top and "allow from..." to the bottom. I removed "allow from..." all together. I added "www." to baddomain.com. I added http:// to bad domain.com...etc. Most changes did nothing and full access was allowed from baddomain.com. The changes that had an effect were: Order Allow,Deny Deny from baddomain.com Which gave a "forbidden" page but it gave it globally and not just for baddomain.com. Also, whenever I added characters that apache didn't seem to like, such as, http://, I would get and Internal Server Error. Whether I got an Internal Server Error or a Forbidden error, the location bar on my browser didn't redirect to my website from baddomain.com. I tried pinging the site again and still got my ip address. I contacted my host explaining the problem to them and they told me to add this to my .htaccess # block visitors referred from indicated domains RewriteEngine on RewriteCond %{HTTP_REFERER} baddomain\.com [NC] RewriteRule .* - [F] I tried that and it did nothing. I am at a loss and my capacity for apache has reached it's limit. Any help blocking this site will be greatly appreciated. I appoligize for being long-winded but I wanted to make sure I was as clear as possible. Thank You!
Are you sure they are redirecting traffic and not loading in some sort of frame? PM me the domain that is redirecting so I can follow the route.
Thanks for the help Martin. I ended up contacting my host and they finally fixed it for me. baddomain.com. 285 IN A 60.00.00.00 That is how baddomain.com had his .htaccess configured. I guess the "A" in the line masks his ip and only shows mine(60.00.00.00) when I ping it. The code that ended up working to block the site was this: RewriteEngine on RewriteCond %{HTTP_HOST} ^baddomain.com$ [OR] RewriteCond %{HTTP_HOST} ^www.baddomain.com$ RewriteRule (.*) - [F]
Ahhh we got pretty close with the htaccess code then I suspected they were doing something with the nameserver, thats what the A line is, basically like you say, faking his IP to use yours. Anyway, glad you got it sorted.