Learn about Centmin Mod LEMP Stack today
Register Now

someone mirrored my website!

Discussion in 'Nginx, PHP-FPM & MariaDB MySQL' started by amin, Apr 28, 2016.

  1. amin

    amin Member

    38
    6
    8
    Oct 11, 2014
    Ratings:
    +7
    Local Time:
    8:35 PM
    Katest
    Latest
    Hi,
    I am not sure if this is proper forum or not, but I am using the latest Centminmod and just found two website which are mirroring my website but replacing my domain name with theirs!

    Is there anyway to avoid my website being loaded under another domain?
     
  2. amin

    amin Member

    38
    6
    8
    Oct 11, 2014
    Ratings:
    +7
    Local Time:
    8:35 PM
    Katest
    Latest
    I just found he set A record to my domain but I dont know how he is eve replacing my domain name in contents!
    Also in apache I think we can stop this in htaccess, but what about Nginx?
     
  3. pamamolf

    pamamolf Well-Known Member

    2,820
    253
    83
    May 31, 2014
    Ratings:
    +447
    Local Time:
    7:05 PM
    Nginx-1.13.x
    MariaDB 10.1.x
    First way on nginx config file use:

    Code:
    if ($http_referer ~* spamdomain1\.com) {
        return 444;
    }
    Or more at once:

    Code:
    if ($http_referer ~ "spamdomain1\.com|spamdomain2\.com|spamdomain3\.com")  {
      return 444;
    }
    Second way use something like this:

    Code:
    map $http_referer $bad_referer {
        default                  0;
        "~spamdomain1.com"       1;
        "~spamdomain2.com"       1;
        "~spamdomain3.com"       1;
    }
    And then on domain config file use:

    Code:
    if ($bad_referer) {
        return 444;
    }
    Third way allow only using:

    Module ngx_http_referer_module

    Code:
    location / {
      valid_referers none blocked *.badreferer1.com badreferer2.com *.badreferer3.com badreferer4.net;
    
      if ($invalid_referer) {
        return   403;
      }
    }
     
    • Like Like x 2
    • Informative Informative x 1
  4. amin

    amin Member

    38
    6
    8
    Oct 11, 2014
    Ratings:
    +7
    Local Time:
    8:35 PM
    Katest
    Latest
    I added it to line 31 of the domain file at /usr/local/nginx/conf/conf.d. It is not working.
     
  5. eva2000

    eva2000 Administrator Staff Member

    30,945
    6,914
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,411
    Local Time:
    3:05 AM
    Nginx 1.13.x
    MariaDB 5.5
    Just found this blog article Cloned Website Stealing Google Rankings

     
  6. amin

    amin Member

    38
    6
    8
    Oct 11, 2014
    Ratings:
    +7
    Local Time:
    8:35 PM
    Katest
    Latest
    Thank you guys, after 24 hours this method worked:
    Code:
    if ($http_referer ~ "spamdomain1\.com|spamdomain2\.com|spamdomain3\.com")  {
      return 444;
    }
    But do you have any idea to redirect them to the main domain instead of 444 ?
     
  7. pamamolf

    pamamolf Well-Known Member

    2,820
    253
    83
    May 31, 2014
    Ratings:
    +447
    Local Time:
    7:05 PM
    Nginx-1.13.x
    MariaDB 10.1.x
    Maybe something like this?

    Code:
    if ($http_referer ~ "spamdomain1\.com|spamdomain2\.com|spamdomain3\.com")  {
    return 301 $scheme://example.com$request_uri;
    }
    Just replace the example.com :)
     
    • Like Like x 2
  8. amin

    amin Member

    38
    6
    8
    Oct 11, 2014
    Ratings:
    +7
    Local Time:
    8:35 PM
    Katest
    Latest
    Can you tell which files should be edited exactly? The domain file at /usr/local/nginx/conf/conf.d ?
     
  9. pamamolf

    pamamolf Well-Known Member

    2,820
    253
    83
    May 31, 2014
    Ratings:
    +447
    Local Time:
    7:05 PM
    Nginx-1.13.x
    MariaDB 10.1.x
    Yes just edit your domain file at /usr/local/nginx/conf/conf.d/ :)
     
    • Like Like x 1
  10. Tinkerd10

    Tinkerd10 New Member

    7
    1
    3
    Sep 28, 2016
    Ratings:
    +5
    Local Time:
    6:05 PM
    1.11
    5.5
    Hi

    I know its an old thread, but i'm facing the same problem for almost two years now
    There is at-least 15 mirror site that i know of through addthis.com

    They managed to bypass my website in google rank, and ofcourse hiding behind cloudflare

    I tried the above methods, The first one worked fine at first atleast
    But then it stopped

    So i tried the last method, It did work but with Error 500: Too many redirect
    My Vhost Conf file:

    Code:
    # Centmin Mod Getting Started Guide
    # must read http://centminmod.com/getstarted.html
    
    # redirect from non-www to www
    # uncomment, save file and restart Nginx to enable
    # if unsure use return 302 before using return 301
    #server {
    #            listen   80;
    #            server_name domain.com;
    #            return 301 $scheme://www.domain.com$request_uri;
    #       }
    
    server {
     
      server_name domain.com www.domain.com;
    
    # ngx_pagespeed & ngx_pagespeed handler
    #include /usr/local/nginx/conf/pagespeed.conf;
    #include /usr/local/nginx/conf/pagespeedhandler.conf;
    #include /usr/local/nginx/conf/pagespeedstatslog.conf;
    
      #add_header X-Frame-Options SAMEORIGIN;
      #add_header X-Xss-Protection "1; mode=block" always;
      #add_header X-Content-Type-Options "nosniff" always;
    
      # limit_conn limit_per_ip 16;
      # ssi  on;
    
      access_log /home/nginx/domains/domain.com/log/access.log combined buffer=256k flush=5m;
      error_log /home/nginx/domains/domain.com/log/error.log;
    
      include /usr/local/nginx/conf/autoprotect/domain.com/autoprotect-domain.com.conf;
    
      root /home/nginx/domains/domain.com/public;
      # uncomment cloudflare.conf include if using cloudflare for
      # server and/or vhost site
      include /usr/local/nginx/conf/cloudflare.conf;
      include /usr/local/nginx/conf/503include-main.conf;
    
      # prevent access to ./directories and files
      #location ~ (?:^|/)\. {
      # deny all;
      #}
    
      location / {
      include /usr/local/nginx/conf/503include-only.conf;
    
    if ($http_referer ~ "spamdomain1\.com|spamdomain2\.com|spamdomain3\.com")  {
      return 444;
    }
    
    # block common exploits, sql injections etc
    #include /usr/local/nginx/conf/block.conf;
    
      # Enables directory listings when index file not found
      #autoindex  on;
    
      # Shows file listing times as local time
      #autoindex_localtime on;
    
      # Wordpress Permalinks example
      try_files $uri $uri/ /index.php?q=$uri&$args;
    
      }
    
      location /f {
    
            # block common exploits, sql injections etc
    
            # Enables directory listings when index file not found
            autoindex  on;
    
            # Shows file listing times as local time
            autoindex_localtime on;
    
            try_files    $uri $uri/ /f/index.php;
    
                }
    
                location ~^(/f/page/).*(\.php)$ {
                try_files  $uri $uri/ /forums/index.php;
                }
     
    
        set $skip_cache 0;
    
        # POST requests and urls with a query string should always go to PHP
        if ($request_method = POST) {
        set $skip_cache 1;
        }
    
        if ($query_string != "") {
        set $skip_cache 1;
        }
    
        # Don't cache uris containing the following segments
        if ($request_uri ~* "/add-link/|/admin/|/member/|sitemap(_index)?.xml") {
        set $skip_cache 1;
        }
    
        # Don't use the cache for logged in users or recent commenters
    
        if ($http_cookie ~* "remember_code|identity|wp-settings") {
        set $skip_cache 1;
        }
    
      include /usr/local/nginx/conf/pre-staticfiles-local-domain.com.conf;
      include /usr/local/nginx/conf/pre-staticfiles-global.conf;
      include /usr/local/nginx/conf/staticfiles.conf;
      include /usr/local/nginx/conf/php.conf;
     
      include /usr/local/nginx/conf/drop.conf;
      #include /usr/local/nginx/conf/errorpage.conf;
      include /usr/local/nginx/conf/vts_server.conf;
    }
    
    Nginx.conf:

    Code:
    user             nginx nginx;
    worker_processes auto;
    worker_priority -10;
    
    worker_rlimit_nofile 260000;
    timer_resolution 100ms;
    
    pcre_jit on;
    include /usr/local/nginx/conf/dynamic-modules.conf;
    
    
    pid         logs/nginx.pid;
    
    events {
        worker_connections  50000;
        accept_mutex off;
        accept_mutex_delay 200ms;
        use epoll;
        #multi_accept on;
    }
    
    http {
     include /usr/local/nginx/conf/brotli_inc.conf;
    
     map_hash_bucket_size 128;
     map_hash_max_size 4096;
     server_names_hash_bucket_size 128;
     server_names_hash_max_size 2048;
     variables_hash_max_size 2048;
    
        fastcgi_cache_path /var/lib/php/session/ncache levels=1:2 keys_zone=microcache:10m max_size=1024m inactive=60m;
        fastcgi_cache_key $scheme$request_method$host$request_uri;
    
        limit_req_zone $binary_remote_addr zone=flood:10m rate=30r/s;
        limit_conn_zone $binary_remote_addr zone=addr:50m;
    
    # sets Centmin Mod headers via headers more nginx module
    # https://github.com/openresty/headers-more-nginx-module
    # don't remove the first 2 lines as centmin mod checks to see if they're
    # missing and re-adds them anyway. Just uncomment the 3rd & 4th lines
    # which is used to override the Server header to what you want = nginx
    # and remove the X-Powered-By header + restart nginx service
    # do not disable headers more nginx module itself as it's required for
    # other centmin mod features like redis nginx level caching & letsencrypt
    # integration in vhosts created by addons/acmetool.sh
    more_set_headers "Server: nginx centminmod";
    more_set_headers "X-Powered-By: centminmod";
    #more_set_headers "Server: nginx";
    #more_clear_headers "X-Powered-By";
    
    # uncomment cloudflare.conf include if using cloudflare for
    # server and/or vhost site + setup cron job for command
    # /usr/local/src/centminmod/tools/csfcf.sh auto
    # run the auto command once to populate cloudflare ips
    #include /usr/local/nginx/conf/cloudflare.conf;
    # uncomment incapsula.conf include if using incapsula for
    # server and/or vhost site + setup cron job for command
    # /usr/local/src/centminmod/tools/csfincapsula.sh auto
    # run the auto command once to popular incapsula ips
    #include /usr/local/nginx/conf/incapsula.conf;
    include /usr/local/nginx/conf/maintenance.conf;
    #include /usr/local/nginx/conf/vts_http.conf;
    include /usr/local/nginx/conf/geoip.conf;
    include /usr/local/nginx/conf/webp.conf;
    #include /usr/local/nginx/conf/pagespeedadmin.conf;
    include /usr/local/nginx/conf/fastcgi_param_https_map.conf;
    include /usr/local/nginx/conf/redisupstream.conf;
    include /usr/local/nginx/conf/wpcacheenabler_map.conf;
    
    log_format  main  '$remote_addr - $remote_user [$time_local] $request '
                    '"$status" $body_bytes_sent "$http_referer" '
                    '"$http_user_agent" "$http_x_forwarded_for" "$gzip_ratio"'
                    ' "$connection" "$connection_requests" "$request_time"';
    
    log_format  ddos-proxy '$remote_addr for $http_x_real_ip - $remote_user [$time_local] $request '
                    '"$status" $body_bytes_sent "$http_referer" '
                    '"$http_user_agent" "$http_x_forwarded_for" "$gzip_ratio"'
                    ' "$connection" "$connection_requests" "$request_time"';
    
    log_format  main_ext '$remote_addr - $remote_user [$time_local] "$request" '
                             '$status $body_bytes_sent "$http_referer" '
                             '"$http_user_agent" "$http_x_forwarded_for" '
                             'rt=$request_time ua="$upstream_addr" '
                             'us="$upstream_status" ut="$upstream_response_time" '
                             'ul="$upstream_response_length" '
                             'cs=$upstream_cache_status' ;
    
    access_log  off;
    error_log   logs/error.log warn;
    
        index  index.php index.html index.htm;
        include       mime.types;
        default_type  application/octet-stream;
        charset utf-8;
    
            sendfile on;
            sendfile_max_chunk 512k;
            tcp_nopush  on;
            tcp_nodelay on;
            server_tokens off;
            server_name_in_redirect off;
           
            keepalive_timeout  5;
            keepalive_requests 500;
            lingering_time 20s;
            lingering_timeout 5s;
            keepalive_disable msie6;
    
        gzip on;
        gzip_vary   on;
        gzip_disable "MSIE [1-6]\.";
            gzip_static on;
            gzip_min_length   1400;
            gzip_buffers      32 8k;
            gzip_http_version 1.0;
            gzip_comp_level 5;
            gzip_proxied    any;
            gzip_types text/css text/x-component application/x-javascript application/javascript text/javascript text/x-js text/richtext image/svg+xml text/plain text/xsd text/xsl text/xml image/bmp application/java application/msword application/vnd.ms-fontobject application/x-msdownload image/x-icon image/webp application/json application/vnd.ms-access application/vnd.ms-project application/x-font-otf application/vnd.ms-opentype application/vnd.oasis.opendocument.database application/vnd.oasis.opendocument.chart application/vnd.oasis.opendocument.formula application/vnd.oasis.opendocument.graphics application/vnd.oasis.opendocument.spreadsheet application/vnd.oasis.opendocument.text audio/ogg application/pdf application/vnd.ms-powerpoint application/x-shockwave-flash image/tiff application/x-font-ttf audio/wav application/vnd.ms-write application/font-woff application/font-woff2 application/vnd.ms-excel;
    
     client_body_buffer_size 256k;
     client_body_in_file_only off;
     client_body_timeout 60s;
     client_header_buffer_size 64k;
    ## how long a connection has to complete sending
    ## it's headers for request to be processed
     client_header_timeout  10s;
     client_max_body_size 1024m;
     connection_pool_size  512;
     directio  4m;
     directio_alignment 4096;
     ignore_invalid_headers on;      
     large_client_header_buffers 8 64k;
     output_buffers   1 512k;
     postpone_output  1460;
     proxy_temp_path  /tmp/nginx_proxy/;
     request_pool_size  32k;
     reset_timedout_connection on;
     send_timeout     60s;
     types_hash_max_size 2048;
    
    # for nginx proxy backends to prevent redirects to backend port
    # port_in_redirect off;
    
    open_file_cache max=50000 inactive=60s;
    open_file_cache_valid 120s;
    open_file_cache_min_uses 2;
    open_file_cache_errors off;
    open_log_file_cache max=10000 inactive=30s min_uses=2;
    
    ## limit number of concurrency connections per ip to 16
    ## add to your server {} section the next line
    ## limit_conn limit_per_ip 16;
    ## uncomment below line allows 500K sessions
    # limit_conn_log_level error;
    #######################################
    # use limit_zone for Nginx <v1.1.7 and lower
    # limit_zone $binary_remote_addr zone=limit_per_ip:16m;
    #######################################
    # use limit_conn_zone for Nginx >v1.1.8 and higher
    # limit_conn_zone $binary_remote_addr zone=limit_per_ip:16m;
    #######################################
    
     include /usr/local/nginx/conf/conf.d/*.conf;
    }
    
    Can you point me where i should look to fix the error or if there is a better method

    Thank you for your time
     
  11. amin

    amin Member

    38
    6
    8
    Oct 11, 2014
    Ratings:
    +7
    Local Time:
    8:35 PM
    Katest
    Latest
    Hi,
    Make sure to test it in incognito mode, it might be cached.
     
  12. Tinkerd10

    Tinkerd10 New Member

    7
    1
    3
    Sep 28, 2016
    Ratings:
    +5
    Local Time:
    6:05 PM
    1.11
    5.5
    Hi

    Yes i tried clear browser cache, tried different browsers after 24 hours still the same
    - Enabling hotlink protection also doesn't work

    The only option left is activating "Under attack mode" it will prevent users accessing their websites
    and it show my domain: Checking your browser before accessing domain.com

    Also sent a ticket to cloudflare, but i know they won't do anything.

    Regards