15

I just discovered that someone is pointing their domain name to the server I use for a website, which results in traffic to their domain displaying the content of my website.

How can I stop this illegitimate use of content?

Ajedi32
  • 4,637
  • 2
  • 26
  • 60
Tritof
  • 261
  • 2
  • 7
  • 3
    As a precaution, you should also deny iframes by setting the appropriate header, as the person doing this will most likely strike back with the iframe method once you break his current solution. –  Mar 20 '15 at 15:54
  • The last time this happened to a friend of mine, we discovered through various research the twitter account behind the domain and set our web server to redirect traffic to their twitter page if it detected they were accessing the page from the invalid domain. – Sam Weaver Sep 07 '17 at 20:09

2 Answers2

27

The answer depends on the web-server you are using. For example, apache allows for the creation of multiple virtual hosts, of which the first described is considered the default one.

What I suggest to do, is to create this default "catch-all" virtual-host with a global deny rule on it. Then configure your own web-site with a virtual-host identified with your domain name.

Therefore, any request coming in with a domain not matching your shall be denied access (404 I suppose).

An other thing you could do is get the "whois" information on said domain, ISP usually list in the records an email address to report abuse. Collect some information from your logs and ask the provider to terminate this.

M'vy
  • 13,033
  • 3
  • 47
  • 69
  • ok, that is clear, thank you very much. I am going to work on that a moment. Concerning the person, I have made some research and I know exactly who this person, what he does in life... We are currently discussing with my partner what to do, we have not decided yet. I am actually more curious than upset. – Tritof Mar 09 '15 at 12:12
9

Typically, if you add SSL and enforce it then he's got two choices - act as a HTTP proxy that strips the encryption (potentially mirror the site instead; waste of resources on his side either way) or let the user see a big fat warning message about a certificate error.

This should be sufficient for most circumstances to prevent domains not under your control from pointing to your web servers.

Natanael
  • 821
  • 7
  • 10
  • 1
    that's exaclty the case (first) and I am actually half thankeful to the guy for letting me know that the server configuration was so bad. I corrected that, by enforcing https, and reaching his url shows a big warning now. I am still trying to do what M'vy is suggesting. Thanks, I'll vote you up when I will be able to. – Tritof Mar 20 '15 at 14:53