Announcement

Collapse
No announcement yet.

Something wrong...

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
  • #1

    Something wrong...

    Good day everybody,

    last night I've noticed something. My website is delta-hosting.net. That's my domain name for my store.
    I was playing with google, and found this: delta-hosting2.tk
    Now I have no problem with that. But if you go to the website, you will see a copy of my website.
    It looks like delta-hosting2.tk is being redirected to my website, or my website is copied. What is going on?
    Can someone explain to me what this means?
    I did a whois on delta-hosting2.tk, and in the attachment you can find the info

    Please help.....

    Dutchy
    Attached Files
    Tags: None
  • #2
    Yes, its a copy of your site, displayed in a frame!!! Only difference is that they are tracking visits via Google Analytics!!!

    I would block them via a .htaccess entry, maybe even direct the request to a page of your choosing to tell customers its a fake site and what your proper address is.
    Last edited by clivejo; 24-03-2014, 09:50 PM.

    Comment

    • #3
      By the way, this is called Click-Jacking.

      Adding the following line to your .htaccess file should put a stop to them displaying your page.

      Code:
      Header append X-FRAME-OPTIONS "SAMEORIGIN"

      Comment

      • #4
        Originally posted by clivejo View Post
        By the way, this is called Click-Jacking.

        Adding the following line to your .htaccess file should put a stop to them displaying your page.

        Code:
        Header append X-FRAME-OPTIONS "SAMEORIGIN"
        Hi Clivejo, thanks for info. Is there a special place in .htaccess where I have to put the line?
        It starts whit #begin resellerspanel....can I just write it below this line?

        Dutchy

        Comment

        • #5
          I would put it at the top, but I dont think it matters.

          I searched google for that Google Analytic ID, there are thousands of sites using it. This is one big operation!!!!!!!!!! As a result I have removed the code I copied from the page in my previous post.

          I dont know what this crowd are up to, but I dont like it at all Maybe someone from RSP has dealt with this before and could give you some advice?

          Comment

          • #6
            Okay Clivejo, I did what you sugested, and the page is now blank. It works...
            I gooled a bit, and found this: https://www.owasp.org/index.php/Clickjacking
            It doesn't look good....

            Thanks my man!!

            Dutchy

            Originally posted by clivejo View Post
            I would put it at the top, but I dont think it matters.

            I searched google for that Google Analytic ID, there are thousands of sites using it. This is one big operation!!!!!!!!!! As a result I have removed the code I copied from the page in my previous post.

            I dont know what this crowd are up to, but I dont like it at all Maybe someone from RSP has dealt with this before and could give you some advice?

            Comment

            • #7
              Here is close to 200 sites associated with that ID. I don't recommend visiting any of them. I tried one and it redirected to a different domain locked the browser functions (navigation, ability to close tab, browser) asking to update a player, had to use task manager in chrome to close tab.... For sure shady stuff here and reason enough to avoid .tk domain websites
              Last edited by clivejo; 25-03-2014, 01:11 PM. Reason: Removed URL with Google ID in it

              Comment

              • clivejo
                #7.1
                clivejo commented
                25-03-2014, 01:13 PM
                Editing a comment
                I removed the URL with the Google ID in it. Until we figure out what exactly is going on, I dont think its a good idea to mention it and let search engines index it. I hope you understand donerite, no disrespect to you personally.
              • doneritehosting
                #7.2
                doneritehosting commented
                25-03-2014, 09:45 PM
                Editing a comment
                Thanks clivejo and good thinking, That had never occurred to me... I was more thinking of the active resellers getting an Idea of the urls so they wouldn't run up on them in a search and click on one unknowingly.... No offense taken
            • #8
              I agree with Yan. In the screen capture you posted, there is a copyright@ email address. I would write to this email and tell them that the owners of this domain are trying to displaying your site in a frame and you have engaged counter measures to prevent it. I would also CC the registrar, the email address is on this page - http://www.dot.tk/en/report_abuse.html
              • Likes 1

              Comment

              • #9
                Good evening Clivejo,

                Yes I did sent an email complaining about it to both abuse and copyright. as to the register. No respons yet.
                I will let you know if there was taken any action. Thanks alot my man!!

                Dutchy

                Originally posted by clivejo View Post
                I agree with Yan. In the screen capture you posted, there is a copyright@ email address. I would write to this email and tell them that the owners of this domain are trying to displaying your site in a frame and you have engaged counter measures to prevent it. I would also CC the registrar, the email address is on this page - http://www.dot.tk/en/report_abuse.html

                Comment

                • #10
                  speaking of trademark violations-im not able to post the urls for some reason-blocks them out-but do a search on google for the term 'godaddy chinese support'.
                  Last edited by tomtwo; 26-03-2014, 07:03 PM.

                  Comment

                  • #11
                    Hi guys,

                    problem solved. Website is banned...

                    Thank you all for interest.

                    Dutchy

                    Comment

                    • #12
                      Any indication as to what they were up to?

                      Comment

                    • #13
                      Hi guys,

                      nope, no explanation. If you go the website, the only thing you see, is that the domain and website is suspended because of abuse or copyright reasons.
                      At least its gone now....

                      I'm glad I check out awstats every day. The website was active for a week or so.

                      Thanks Clivejo, thank you very much.

                      Dutchy

                      Comment

                      • #14
                        were they pushing you a lot of traffic via that domain?

                        Comment

                        • #15
                          Hi Clivejo,

                          no not a lot of traffic. About 100 hits. They tried to crack wp-admin password a few times.

                          Dutchy

                          Comment

                          Previous template Next
                          Working...
                          X