Block domain pointing to my website

Question

I am the owner of A media streaming website and I am facing an issue with other domains getting my website's content as it is and adding some links to it. I tried blocking it via htaccess through this line

RewriteCond %{HTTP_HOST} !^mysite.com$
RewriteRule ^/?(.*) http://my site.com/$1 [QSA,R=301,L]

but it doesn't work. I also tried a verification of server HTTP Host via PHP but it made no change.

Apache or Nginx? Either way you can setup a server to handle multiple domains with default traffic going to one path and specific traffic to another. — CaffeineAddiction, Nov 28 '16 at 21:02
I believe both Apache and Nginx will return the page only when the host header matches (E.g. nginx has "server bizstreaming.com"). Did you look at the /etc/nginx/sites-enabled/ confs? — , Nov 28 '16 at 21:06
i didn't find /etc/nginx/ or /etc/apache2/ . should i install something? — , Nov 28 '16 at 21:19
This is more of a website config question than a security question. Editing your htaccess file puts you into ServerFault territory. — schroeder, Nov 28 '16 at 21:31
Have you considered sending a DMCA notice to them and/or google? — CodesInChaos, Nov 29 '16 at 13:13
Also, have you considered that running what looks like a piracy site using your real name might not be the best of ideas? — CodesInChaos, Nov 29 '16 at 13:27

score 2 · Answer 1 · answered Nov 28 '16 at 21:12

2

The source code of the copy is nearly identical to the site which you own. I suspect this is a Proxy version, so that any requests to the copy site are echoed to the legitimate site. The Proxy would be using simple substitution so from your server point of view, the Host header would be correct. When you server responds, substitution is again used so that the browser will see hyperlinks that remain within the copy domain, so that the Proxy server retains control of the traffic.

I've seen substitution of phone numbers before, (masquerading as a legitimate call analytics service) which is rather concerning, as they could log calls with such a trick.

If my assumptions are correct, then here is the long-term solution:

Look at the WHOIS of the copy's domain, and of the IP address on which that domain is hosted. Determine the company responsible.
Contact the company that runs the copy, and ask them to stop.
If they do not cooperate, it may also be prudent to check if anyone on your end has signed up or paid for a 'service' that might be doing this.
If all above solutions fail, contact the ISP on copyright grounds to ask for the content to be removed. (You can ask a separate question on how to format such a request.)

Unfortunately, the above solution is beyond your control and may not always work.

Technically you have a couple options:

If you can tell which IP address the Proxy Server is using to retrieve content from your equipment, then you could block that IP.

Unfortunately the IP address may rotate, so this might require frequent updates.
Detecting changing IPs could be automated with a script, but if they catch on to this they might have a workaround.
Include a JavaScript safeguard, that ensures location.host is equal to the desired host name before making content visible. Ensure content is hidden by default until this JavaScript is successful. If the JavaScript detects a mis-match then redirect the user to the legitimate site which you own.

Use code such as if(location.host != 'examp'+'le.com'), breaking up the actual hostname with '+' so their substitution will not 'auto-correct' your code. :-)

Unfortunately if they catch on to this they might try to strip your script to allow the content to go through.

answered Nov 28 '16 at 21:12

700 Software

2,163
9
47
77

Thanks a lot for your reply. It's the best reply i got to now from different forums. I will try to implement this solution. I am a newbie at javascript, if you have some suggestions on how to do it. Also should i implement the code on wordpress index.php or in template header.php? – Nov 28 '16 at 21:16
I'd say `header.php` so it takes effect on all pages. I assume that `index.php` will only affect the home page. – 700 Software Nov 28 '16 at 21:46
The JavaScript is going to be in parts. 1. a `` to say `alert('test')` to prove you can have a script at all. (I saw some scripts got stripped, so you might need to serve from a separate file, depending on what the Proxy does) 2. The if statement like above, controlling whether to alert `if(...) { alert('test'); }` 3. Replacing the alert with a redirect `location='...'`. Since JavaScript is a programming language, tackle the programming challenge in parts, and if one part gets you down, go ask on StackOverflow! :-) – 700 Software Nov 28 '16 at 21:48
i just tried it. No javascript code is allowed. Every javascript text is deleted. There is not a similar safeguard in php? – Nov 28 '16 at 22:32
No, your server (PHP) probably cannot tell the difference except by IP, unless you notice something peculiar in the other request Headers. However, you might be able to format the website so that it will not display until JavaScript becomes functional. – 700 Software Nov 29 '16 at 14:34
Thanks George. Could you give me an example on how to do it as ii don't know much about javascript and i am afraid that if i do display none to my content berfore javascript it will harm my seo. – Anas Zine Nov 30 '16 at 12:03
*"give me an example on how to do it"* Well you can use `display:none` .... *"i am afraid that if i do display none to my content berfore javascript it will harm my seo"* Oh, I didn't think of that. I'd say you should ask on Webmaster's SE for a non-JS way to hide the content without hurting SEO. (really this whole question should have been on Webmasters or Security, not ServerFault, because you are asking about copyright issues and blocking access, not about server configuration) – 700 Software Nov 30 '16 at 13:25
Don't forget the IP block solution I originally mentioned. This might be better. – 700 Software Nov 30 '16 at 13:26

Block domain pointing to my website

1 Answers1