0

I'm not sure what's happening but i've just found, that someone has registered domain name *-auth.ga that displays my website. I'm not sure how can i block that kind of issue, i don't just want to ban each domain directly. I'm looking for a more general solution.

This website is not using iframe, my nginx host has a domain name specified (dns of that fake domain is not pointing to my server so it's not an issue actually i think), i'm also forcing SSL connection but this fake domain uses ssl as well (https://*-auth.ga) so this all seems really misterious. Anyway, even with the basic protection settings mentioned above, i'm still able to reach my website under fake domain and i can see the access logs on my server (so it's not any kind of a mirror nor anything like that)

How can i prevent such behaviour in nginx/app? can anyone explain me what's that, why someone is doing it and why/if it can be dangerous in any way? I'm not even sure how to google for that nor what tags to use in here. Thanks in advance!

mbajur
  • 111
  • 2
  • Are the requests for the fake domain all coming from the same IP address (e.g. not the one you use when accessing it)? – Sven Nov 07 '15 at 11:51
  • Nope, they are coming from the different address. So i think that website is just a kind of a proxy – mbajur Nov 07 '15 at 11:52
  • Yes, that's what I was getting at. Dealing with this in a general way is difficult and as a first step I would simply block the offending IP and see if this fixes the problem before investing time in more involved attempts to prevent this. – Sven Nov 07 '15 at 11:59
  • Yeah that's what i'm gonna do :) Anyway, is there any name for such thing? To let me google it up and read more about it? – mbajur Nov 07 '15 at 12:04
  • Have a look at http://serverfault.com/questions/662262/apache-accepting-requests-to-other-servers/662356#662356 - it's about apache, but nginx functions the same way. – Jenny D Nov 07 '15 at 12:28

0 Answers0