Unauthorized mirroring

In RISKS Digest 23.78[1], "Tim Chmielewski" said:

Quote:

Basically what it is that if you type in any site with the format:
http://www.sitename.com.1bu.com you will get redirected to another site
(actually a proxy server in China) that looks exactly like your site, but
none of your pages that use scripting will work.

Does anyone know of a way in an Apache server to prevent this
unauthorized and unwanted mirroring?

[1] From comp.riks, archived at
http://catless.ncl.ac.uk/Risks/23.78.html

--

Stan Brown, Oak Road Systems, Tompkins County, New York, USA
http://OakRoadSystems.com/

Stan Brown wrote:

Quote:

In RISKS Digest 23.78[1], "Tim Chmielewski" said:

Basically what it is that if you type in any site with the format:
http://www.sitename.com.1bu.com you will get redirected to another site
(actually a proxy server in China) that looks exactly like your site, but
none of your pages that use scripting will work.


Does anyone know of a way in an Apache server to prevent this
unauthorized and unwanted mirroring?

You need to find the IP address[es] making the requests, then block
them. I'm seeing requests from:

219.129.21.137
202.96.140.21

A quick Deny From directive, and they're shut down:

<Directory />
Order allow,deny
Allow from all
Deny from 202.96.140.21
Deny from 219.129.21.137
</Directory>

--
Mark.
http://tranchant.plus.com/

"Mark Tranchant" wrote in comp.infosystems.www.authoring.site-
design:

Quote:

Stan Brown wrote:
In RISKS Digest 23.78[1], "Tim Chmielewski" said:
Basically what it is that if you type in any site with the format:
http://www.sitename.com.1bu.com you will get redirected to another site
(actually a proxy server in China) that looks exactly like your site, but
none of your pages that use scripting will work.


Does anyone know of a way in an Apache server to prevent this
unauthorized and unwanted mirroring?

You need to find the IP address[es] making the requests, then block
them. I'm seeing requests from:
219.129.21.137
202.96.140.21
A quick Deny From directive, and they're shut down:

Thanks, Mark!

If it's not OT, could you explain how you found those IP addresses?
My server is "Server: Apache/1.3.31 (Unix) mod_jk/1.2.3-dev
PHP/4.3.9 mod_ssl/2.8.20 OpenSSL/0.9.7d", and I looked through the
logs but wasn't sure how to find the IP address since 1bu.com seems
to be some sort of redirect. I confess I didn't try a whois because
that seemed too easy. :-)

BTW, I can't use <Directory> because I don't have access to
httpd.conf. But Order, Allow, and Deny seem to work fine in my root
..htaccess file. I tried DENYing my own IP address and then removing
that line, and access was denied and granted as I expected.

--

Stan Brown, Oak Road Systems, Tompkins County, New York, USA
http://OakRoadSystems.com/

Stan Brown wrote:

Quote:

"Mark Tranchant" wrote:

219.129.21.137
202.96.140.21

If it's not OT, could you explain how you found those IP addresses?

I run my own server - my sites are hosted over my DSL line. As such, I
can view my server logs in real time as the requests come in. All I did
was look up the 1bu.com "mirror" of one of my sites, and see which IP
addresses hit my server as I did it.

--
Mark.
http://tranchant.plus.com/

"Mark Tranchant" wrote in comp.infosystems.www.authoring.site-
design:

Quote:

Stan Brown wrote:
"Mark Tranchant" wrote:

219.129.21.137
202.96.140.21

If it's not OT, could you explain how you found those IP addresses?

I run my own server - my sites are hosted over my DSL line. As such, I
can view my server logs in real time as the requests come in. All I did
was look up the 1bu.com "mirror" of one of my sites, and see which IP
addresses hit my server as I did it.

Thanks Mark.

I guess hosting my own server is the next step for me, but I'm not
quite ready to go there yet.


--

Stan Brown, Oak Road Systems, Tompkins County, New York, USA
http://OakRoadSystems.com/