-
Some1 "mirror" my website with an address
Let me explain. I have created a dynamic website, http://mywebsite.com/ and I found out that there is a website( http://somewebsite.com) that is exactly the same as mine. At first, I thought that my server was hacked and some1 stole my source code and dumped at http://somewebsite.com. But when I change the content on http://mywebsite.com/, the changes appear at http://somewebsite.com.
I have no idea what is happening to my website? Can some1 help?
-
That could easily be done by setting the IP address held by a DNS server for somewebsite.com to the IP address of the server running mywebsite.com.
-
In that case, what can I do? I don't own http://somewebsite.com.
I thought that I own the IP of mywebsite.com and no 1 can use it.
-
anyone can redirect traffic to any IP. I could point jeffrey.homelinux.org to justlinux.com if I wanted.
Need help in realtime? Visit us at #linuxnewbie on irc.libera.chat
Few of us will do as much for our fellow man as he has done.
--Andrew Morton on RMS
-
If, as a user, I enter my username and password through jeffrey.homelinux.org instead of justlinux.com, will the 1 controlling jeffrey.homelinux.org be able to get the username and the password?
-
Yes, that could be what they're after...capturing the username and passwords of people who think they are logging into your server.
Need help in realtime? Visit us at #linuxnewbie on irc.libera.chat
Few of us will do as much for our fellow man as he has done.
--Andrew Morton on RMS
-
Originally Posted by 709394
If, as a user, I enter my username and password through jeffrey.homelinux.org instead of justlinux.com, will the 1 controlling jeffrey.homelinux.org be able to get the username and the password?
Absolutely not, IF all that they control is the DNS. Because HTTP (or web-form based) authentication does not happen across DNS, it happens over HTTP, and if they're serving up a DNS record that points to the same IP as justlinux.com, the actual HTTP traffic will still only be going to justlinux.com.
Now, if they've set up a site that (for some reason) just proxies over to the "real" site (by taking your request, re-submitting it to the real site, then returning whatever comes back), then yes, they might be able to get the username and password. That's why login screens should always be HTTPS protected. (And yes, I know, JL's is not. Not much I can do about that one though.)
-
2 questions.
How long was this? Did you just setup the website? If so DNS may have not had enough time to catch up.
How do you know that? How does one find out that another domain is linking to them? Are you sure you don't have two domains. For instance i have soule.homelinux.com and mysite both listed from dyndns. They point to the same address, which I did on purpose.
Guess that was more than 2.
Soule
Anarchism is founded on the observation that since few men are wise enough to rule themselves, even fewer are wise enough to rule others. - Edward Abbey
IRC #linuxn00b
Support your Distro.
Slackware Store
Archlinux Schwag
-
I was thinking this is a situation like if I were to register jjustlinux.com and make pages that look exactly like the justlinux.com main page and login page. That way, I could trick users who make typos into giving up their name/pass. But I guess this is a different situation.
Need help in realtime? Visit us at #linuxnewbie on irc.libera.chat
Few of us will do as much for our fellow man as he has done.
--Andrew Morton on RMS
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|