Computer Security, Technology, Tutorials

How To Stop Someone From Mirroring Your Website

July 13, 2017

Recently, there has been a Russian amateur hacker mirroring my website. He is a typical inadequate script kiddie and copycat who’s done a poor job at attempting to replicate and intrude on my web property and server.

Five things I’m certain of him:
  • Vladimir Putin didn’t hire him.
  • He is not part of the Russian Kremlin.
  • He was not involved in the purported U.S Election Hacking.
  • He lacks the fundamental knowledge in obfuscating IP addresses and web browser user agents.
  • He only knows one basic variation of a SQL injection attack vector.

I have stopped this Russian from mirroring my site, thus preventing him from potentially doing any harm to my site’s SEO and reputation.

It’s never cool when some unknown Russian script kiddie puts in the effort to copy and display your website on his domain without your permission.

But with this tutorial, you can stop him with ease! A 403 forbidden error served to him will embarrass and make him less of a man!

Oh yeah and before I continue this tutorial, I have a few words for him assuming he is coherent in English at all and reads this article:

Бог правду видит.

Бог плу́та ме́тит.

Бережёного Бог бережёт.

Азбука — к мудрости ступенька.

—————————–

Anyways, let’s proceed.

How Does Someone Mirror Your Site?

SUNNY’S EXPLANATION AND SOLUTIONS

Any owner of a domain may affix a managed domain in A|IN CNAME record. This would enable the owner, regardless if he is malicious or not, to point to any IP Address on the Internet. But if the webmaster is using name-based virtual hosts then the webmaster’s site will presumably be merely accessible via the hostname particularized in the ServerName and ServerAlias directives.

One admonition with name-based virtual hosts is that the first vhost attached to that IP address/port is regarded as its default vhost. Hence, even employing name-based vhosts can be inefficient since a request to an unknown hostname may still be routed to the webmaster’s site if it happens to be the first vhost in the webmaster’s configurations.

Conceivably, you can elude this by binding the VirtualHost to a specific hostname/domain. Clearly, this could cause issues of its own if you don’t own the domain.

Another way to avert this is to just set the first name-based VirtualHost apart as the default VirtualHost and provide an error message to the client.

Nevertheless, if the webmaster is utilizing IP-based virtual hosts or no vhosts and the ‘primary server’ is purely bound to the IP, then any request to that IP will ultimately reach the webmaster’s site, regardless of the hostname.

When Someone Is Resolving Their Site’s Domain To Your Site’s IP, You Can Prevent Them In Many Ways Such As:

1. Edit the .htaccess file in your root directory & add in the following code:

RewriteEngine on
RewriteCond %{HTTP_HOST} ^(www\.)?[OFFENDINGDOMAIN]\.[TLD]$ [NC]
RewriteRule (.*) – [F]

—————————–

Replace ‘OFFENDINGDOMAIN’ with the domain that is pointing the malicious threat actor’s DNS records to your IP Address.

Replace ‘TLD’ with .com or .net depending on the threat actor’s domain.

This will result in a 403 Forbidden response to any HTTP requests that are coming from the offending domain and/or any subdomains associated with it.

If you prefer something shorter, use the following code instead:

RewriteCond %{HTTP_HOST} OFFENDINGDOMAIN\.st$ [NC]
RewriteRule ^ – [F]

—————————–

There are various ways to customize your options. Notably, you could employ [G] instead of [F] which would return a 410 Gone response instead of 403 Forbidden which would effectively render the search engines to swiftly delist all webpages on the rogue domain.

You can even redirect the rogue URLs to your own domain.

2. For example:

RewriteCond %{HTTP_HOST} OFFENDINGDOMAIN\.st$ [NC]
RewriteRule ^(.*)$ http://YOURDOMAIN.com/$1 [L,R=301] 

—————————–

or

3. The following:

RewriteEngine on

RewriteCond %{HTTP_HOST} !OFFENDINGDOMAIN\\.com [NC]

RewriteRule .? http://YOURDOMAIN.com%{REQUEST_URI} [R=301,L]

—————————–

Methods 2 and 3 will eliminate the rogue domain in the browser by permanently redirecting to your site’s domain. Therefore, this type of redirect will prevent requests for the offending domain name that is deviating from your domain.

NOTE: Remember to backup your .htaccess file prior to making any modifications on a production site.

These methods are simple, and you only use .htaccess and mod_rewrite to essentially “correct” the domain name being visited.

The best part is that you can choose whatever your heart desires!

Hide Apache Web Server Signature

Remember to edit your .htaccess file and put in the following:

ServerSignature Off

If an adversary decides to mirror your site and you implement restrictions to prevent it, he will be unable to see what server or version you are using when any error like a 403 is elicited.

Report Someone For Mirroring Your Website

One more thing:

You can just grab the whois information on the rogue domain and send an email to the address listed for reporting abuse. It’s great if you can gather some information from the web server logs and ask the service provider to terminate appropriately.

To end this tutorial, I would like to utter my feelings responsibly:

In Russia, Sunny plays you!

I love Russia!

You Might Also Like

Back to top
%d bloggers like this: