2

I have a website called http://example.com. there is another website called http://example1.com it has the same content as for my website.

If I upload file on my website like http://example.com/test.php , I can access the same URL on his website

I want to know how this happens and how to prevent it?

schroeder
  • 123,438
  • 55
  • 284
  • 319
iLinux85
  • 121
  • 1
  • 3
    have you done DNS lookup on the both domains ? – elsadek Oct 28 '18 at 11:33
  • 3
    Could be a reverse proxy. You're basically asking "how to prevent someone from accessing my website" since in effect that is all they are doing. There is no technical way to prevent this on a public website, besides trying to block the addresses of such servers. – multithr3at3d Oct 28 '18 at 11:50
  • 1
    You've probably configured both websites to use the same content directory. This type of question is best answered on [ServerFault](https://serverfault.com/). – user2320464 Oct 28 '18 at 16:14
  • @user2320464 My reading of the question is that the example1.com site doesn't belong to the asker. – Joseph Sible-Reinstate Monica Oct 28 '18 at 18:31
  • @JosephSible, if that's the case, a good start is requiring HTTPS. – user2320464 Oct 28 '18 at 19:34
  • 2
    @user2320464 HTTPS by itself offers zero protection from this. – Joseph Sible-Reinstate Monica Oct 28 '18 at 19:34
  • @JosephSible, I wouldn't use the term zero since it does authenticate the destination. Like I said, requiring HTTPS is a good place to start. Adding HPKP and HSTS should also be considered. – user2320464 Oct 28 '18 at 20:10
  • @user2320464 You misunderstand the threat. HTTPS doesn't stop anyone from mirroring your site, even with HPKP and HSTS. – Joseph Sible-Reinstate Monica Oct 28 '18 at 20:11
  • 1
    @user2320464 I don't think you understand the potential problem, if this is a copycat site. TLS would have zero effect. All the copycat site needs to do is to crawl the valid site regularly, and update based on changes. The problem here is not a domain issue, but a content issue. – schroeder Oct 28 '18 at 20:12
  • With relays/proxies/etc it is difficult to correctly identify the source of a copy and so implementing block rules will also block legitimate traffic. The goal then becomes ensuring users view your website not the copy, thus HTTPS. One could suggest requiring auth or locking down acls though OP lacks details to delve into that. – user2320464 Oct 28 '18 at 20:26
  • @elsadek both websites on cloudflare but this copy site have his own people running it and steal content from my website. i was trying to find a way to block the content from being grabbed instant in real time like i upload anything i see it exist in the other site , i don't know what possible i can do to block through server side by iptables or htaccess ? i don't know exactly how to prevent his from happen if it possible – iLinux85 Oct 29 '18 at 12:58

0 Answers0