website masking my site / showing in google results

Discussion regarding Joomla! 3.x security issues.

Moderators: Bernard T, mandville, fcoulter, PhilD, General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant / FPA - If you are serious about wanting help, you will use this tool to help you post.
stresskills
Joomla! Apprentice
Joomla! Apprentice
Posts: 6
Joined: Sat Feb 07, 2015 12:27 am

website masking my site / showing in google results

Postby stresskills » Wed Nov 15, 2017 6:44 pm

Hi,
I have built around 115 websites over 15 years and this is a first for me.

I had a website masking my website and showing up in google results before my website.

I added this below in my .htaccess but I'm not sure how to make this protect against any domain trying to mask a website.

Any help or advice is appreciated.

Code: Select all

Options +FollowSymlinks
RewriteEngine On
RewriteCond %{HTTP_HOST} ^notmydomain.com [NC]
RewriteRule ^(.*)$ http://google.com [L,R=301]
RewriteCond %{HTTP_HOST} ^www.notmydomain.com [NC]
RewriteRule ^(.*)$ http://google.com/ [L,R=301]

User avatar
brian
Joomla! Master
Joomla! Master
Posts: 11454
Joined: Fri Aug 12, 2005 7:19 am
Location: Leeds, UK
Contact:

Re: website masking my site / showing in google results

Postby brian » Wed Nov 15, 2017 7:15 pm

you could also create a content security policy in the headers to prevent it
"Exploited yesterday... Hacked tomorrow"
Blog http://brian.teeman.net/
Joomla Hidden Secrets http://hiddenjoomlasecrets.com/

User avatar
fcoulter
Joomla! Ace
Joomla! Ace
Posts: 1370
Joined: Thu Sep 13, 2007 11:39 am
Location: UK
Contact:

Re: website masking my site / showing in google results

Postby fcoulter » Wed Nov 15, 2017 7:58 pm

I have heard of this before, though it is not common.

Presumably you could just block the IP Address of the site doing it?

But are you looking for a way to block all attempts at masking? Using an SSL certificate for your site and forcing https might help, I think, since the other site would not be able to supply the correct certificate. It would also help you with Google since they definitely favour sites that use https.
http://www.spiralscripts.co.uk for Joomla! extensions
http://www.fionacoulter.com/blog my personal website
Security Forum moderator
VEL team member
"Wearing my tin foil hat with pride"

AdinaG
Joomla! Fledgling
Joomla! Fledgling
Posts: 1
Joined: Wed Apr 18, 2012 2:13 am

Re: website masking my site / showing in google results

Postby AdinaG » Sat Dec 09, 2017 3:58 pm

This is happening to me too! Im about to pull my hair out!

The thing is that even though there is an SSL cert and technically you can't access the site if the https is present I did see it display correctly if it isn't included in the incoming link.

Google is reporting over 15K incoming links to my site that now is considered duplicate content and is killing my rank.

I've contacted the registrar and gotten no where for help.

The guy has made about 10 different subdomains now to my site doing the same thing.

Is there nothing that can be done to stop masking completely for any incoming links?

Please help!

User avatar
brian
Joomla! Master
Joomla! Master
Posts: 11454
Joined: Fri Aug 12, 2005 7:19 am
Location: Leeds, UK
Contact:

Re: website masking my site / showing in google results

Postby brian » Sat Dec 09, 2017 5:13 pm

You need a content security policy in the headers and depending on how it is being masked a x-origin header
"Exploited yesterday... Hacked tomorrow"
Blog http://brian.teeman.net/
Joomla Hidden Secrets http://hiddenjoomlasecrets.com/

User avatar
fcoulter
Joomla! Ace
Joomla! Ace
Posts: 1370
Joined: Thu Sep 13, 2007 11:39 am
Location: UK
Contact:

Re: website masking my site / showing in google results

Postby fcoulter » Sun Dec 10, 2017 2:52 pm

Just having an SSL certificate is no help by itself, you need to enforce the use of https throughout the site. Joomla has an configuration option on the server settings page, set 'force https' to 'entire site'.

Also you can back this up in your .htaccess file using

Code: Select all

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]


If you Google it you will find variations on this code, if this particular one doesn't do it for you.

Also do as Brian suggests, set up a content security policy, eg

Code: Select all

Content-Security-Policy: default-src https://mysite.com


(obviously replace mysite.com with your actual site name). I would put it in both in the http header and in a meta tag for good measure. There is a useful explanation here: https://developers.google.com/web/fundamentals/security/csp/

Also you can block the IP addresses of the domains pointing to your domain.

Also I would complain to Google about this. Probably your problem at the moment is that their algorithmn cannot distinguish which is the original content, if you can explain to a human what is going on they may help. They may not of course, but what this guy is doing is without doubt black hat SEO and they don't like that, there is a good chance that they might hit them with a penalty.
http://www.spiralscripts.co.uk for Joomla! extensions
http://www.fionacoulter.com/blog my personal website
Security Forum moderator
VEL team member
"Wearing my tin foil hat with pride"


Return to “Security in Joomla! 3.x”

Who is online

Users browsing this forum: No registered users and 6 guests