Author Topic: Preventing Web Hijacking  (Read 1015 times)

mahbub-web

  • Guest
Preventing Web Hijacking
« on: April 21, 2013, 12:37:34 AM »
Preventing Web Hijacking

Hijacking Web Sites

One of my pages recently turned up in a Google listing, but at a new location. When I investigated the page, I found that my entire site was duplicated, and was very up-to-date. Poking around further, I found that many, many sites are being "hijacked" or mirrored under a different domain.

The site that hijacked mine and other web sites is http://pack.SOKSOK.JP. Apparently, they are running a proxy server and some software which maps addresses under their domain to domains of other sites. The software filters out some Javascript and HTML formatting information from the web pages and adds in links to other Japanese sites offering various services. They also add a <BASE href="http://pack.SOKSOK.JP/..."> statement to the document to insure that all links are redirected through the SOKSOK.JP domain.

Besides stealing away your readership from your site, which you worked hard to develop, it also corrupts the pages (by filtering some of it out), so it looks terrible and often doesn't even work correctly. Some of the pages were not completely copied and appear truncated, probably due to bugs in the filtering software. To add insult to injury the links that are added, associate dating services, porn sites, or who knows what, with your material. Your pages will still have your name on it, they don't attempt to replace your mail address or copyright statements and the like. If your reputation is important to you, this site can damage it with the implication of shoddy workmanship, changes to the meaning of your web pages, and by embedding links and associating your pages to inappropriate sites. It can also hurt your business and frustrate your audience, if you have subscription or payment pages, as more advanced functions don't work via this site. Customers will attempt to make purchases and leave, believing your web site and services are incompetent or poor quality.

Preventing Web Theft, Aggressive Access, or Harassment

There are several different ways to prevent web site hijacking, and more generally preventing an IP address or block of addresses from accessing your site if you don't want them to. I found the IP address of the proxy server that was hitting my web site by looking at my web server log. The IP address is w59st.5th.jp, which is 210.224.177.59. So blocking access by this IP address will stop the web site theft. To stop accesses by this IP address, I used the following commands to the Apache server in an .htaccess file, which I placed in my root directory on my www.I18nGuy.com site:

Code: [Select]
order allow,deny
deny from 210.224.177.59
allow from all

On my www.XenCraft.com site, I used:

Code: [Select]
order allow,deny
deny from w59st.5th.jp
allow from all

These commands tell the server to deny everything that isn't allowed (i.e. denial is the default), denies the IP address of the SOKSOK.JP proxy server, and then allows everything else. If they start moving IP addresses around, you can block more of the domain, for example with:

Code: [Select]
deny from 210.224.177.59
You can learn more about Apache Directives and JavaScript Kit's Denying access with .htaccess.

Another approach is to add the following to the Unix file for denying access to certain protocols, /etc/hosts.deny:

Code: [Select]
ALL: 210.224.177.59
You can also add the IP address to the Apache configuration file httpd.conf. If you don't have Apache or access to the .htaccess or other files, the Ink-Stained Banana Blog has this PHP solution to deny access to SOKSOK.JP.

ref: http://www.xencraft.com/resources/web-theft.html