website masking my site / showing in google results

[stresskills]

Hi,
I have built around 115 websites over 15 years and this is a first for me.

I had a website masking my website and showing up in google results before my website.

I added this below in my .htaccess but I'm not sure how to make this protect against any domain trying to mask a website.

Any help or advice is appreciated.

Code: Select all

Options +FollowSymlinks 
RewriteEngine On
RewriteCond %{HTTP_HOST} ^notmydomain.com [NC]
RewriteRule ^(.*)$ http://google.com [L,R=301]
RewriteCond %{HTTP_HOST} ^www.notmydomain.com [NC]
RewriteRule ^(.*)$ http://google.com/ [L,R=301]

[brian]

you could also create a content security policy in the headers to prevent it

[fcoulter]

I have heard of this before, though it is not common.

Presumably you could just block the IP Address of the site doing it?

But are you looking for a way to block all attempts at masking? Using an SSL certificate for your site and forcing https might help, I think, since the other site would not be able to supply the correct certificate. It would also help you with Google since they definitely favour sites that use https.

[AdinaG]

This is happening to me too! Im about to pull my hair out!

The thing is that even though there is an SSL cert and technically you can't access the site if the https is present I did see it display correctly if it isn't included in the incoming link.

Google is reporting over 15K incoming links to my site that now is considered duplicate content and is killing my rank.

I've contacted the registrar and gotten no where for help.

The guy has made about 10 different subdomains now to my site doing the same thing.

Is there nothing that can be done to stop masking completely for any incoming links?

Please help!

[brian]

You need a content security policy in the headers and depending on how it is being masked a x-origin header

[fcoulter]

Just having an SSL certificate is no help by itself, you need to enforce the use of https throughout the site. Joomla has an configuration option on the server settings page, set 'force https' to 'entire site'.

Also you can back this up in your .htaccess file using

Code: Select all

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

If you Google it you will find variations on this code, if this particular one doesn't do it for you.

Also do as Brian suggests, set up a content security policy, eg

Code: Select all

Content-Security-Policy: default-src https://mysite.com

(obviously replace mysite.com with your actual site name). I would put it in both in the http header and in a meta tag for good measure. There is a useful explanation here: https://developers.google.com/web/funda ... urity/csp/

Also you can block the IP addresses of the domains pointing to your domain.

Also I would complain to Google about this. Probably your problem at the moment is that their algorithmn cannot distinguish which is the original content, if you can explain to a human what is going on they may help. They may not of course, but what this guy is doing is without doubt black hat SEO and they don't like that, there is a good chance that they might hit them with a penalty.

[AdinaG]

Just want to follow up on this last reply...

I was able to actually trace down this issue to my sites IP address.

The first time my site got hit by this masking was actually immediately when I switched my site over to VPS and received 2 new IP addresses.

It wasn't until I actually looked at the Page Source on my site through the masked URL that I saw that they were masking the IP Address ( http://xx.xx.xxx.xx/) and this was how they were bypassing the SSL on my domain name.

Adding this code in the .htaccess file immediately fixed this.

Code: Select all

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Now it's just a matter of time for Google to see the changes and hopefully my rank will go back up.

Thank you guys for your help!