PDA

View Full Version : How to prevent unauthorized domain forwarding?



ravimittal99
06-13-2017, 05:38 AM
Hi All,

I am not sure if this is the right place to ask this question, but we are facing a peculiar issue.

An unknown domain http://unauthdomain.cf is forwarding (with masking) to our domain http://ourdomain.com.
The data, files, content are being served from our server even at folder levels. Any changes made to our pages is reflecting on their pages as well.
However, the URLs are showing as http://unauthdomain.cf/folder1 instead of http://ourdomain.com/folder1.

We detected this issue when we got an alert in our Google Webmaster tools. We reported this to Cloudfront / Hosting provider and the same was removed after a few hours. However, now we have found 3 other unauthorized domains with the same forwarding/linking.

How do we stop these domains (even in future) from spoofing our site? Can this be handled at domain DNS configuration level? If not, what changes should we do to server (We use Nginx) level to prevent such issues?

arianagrand
06-23-2017, 04:46 AM
Domain forwarding with masking is done by iframe,you can resolve this with X-FRAME-OPTIONS and Javascript,I suggest to use second option since not all browser respect x-frame-options.Google "how to prevent my site to be loaded inside iframe"..there are many writen JS codes you can use right now.