Saturday, January 29, 2011

Should I be concerned that somebody else's domain is pointing to mine?

So the person who owns say, foofakedomain.com, appears to be forwarding with masking his domain to my domain foorealdomain.com.

Should I be concerned about this for some reason? If so, why?

What can I do about it, if I need to?

From serverfault wherestheph

  • Yeah you should, if you are interested in saving bandwidth. Take a look at his WHOIS to see who it is, and maybe inform the DNS host. It could be a mistake on his part as well ;)

    From Kyle

  • Assuming he's using an iframe which contains your actual website, you can simply break it by entering this javascript code into your pages:

    <script language="javascript" type="text/javascript">
window.onload = function() {
if (top.location != location) {
top.location.href = document.location.href ;
}
}

</script>

    This should redirect the end-user to the actual page with no hidden frame.

    The only reason why you should be worried is if he's trying to phish for user information with this technique, as I don't see any other use for what he's doing.

    wherestheph : Assuming that it's not an iframe, is phising a possibility? How so? Aren't any requests essentially going to me site? Or is there a possible middleman somewhere?
    gekkz : If the other site is just a CNAME DNS record pointed at your website, then there shouldn't be any trouble. If you have a web server that responds to all requests pointed at your IP address, then you should make sure to change that to only answer to your domain, since anyone could point a website to your IP and the domain name in the title bar would not change when they browse. Again, even this wouldn't really be a security issue, at least I can't see one, but perhaps someone will chime in if there is any.
    From gekkz

  • Yes, that's rarely an acceptable situation. Only time is when there's consent. You can:

    1. Contact the owner and request that they stop
    2. If you have access to the server/routers you can set up filters to block the traffic.
    3. If you don't have access then you can work with your ISP to block.

    Items 2 and 3 can get to be a pain quick, though.

    wherestheph : I have server access, which filters would I set up to block the traffic?
    From squillman
Posted by Ku XI at 5:35 PM

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)