admin管理员组

文章数量:1023868

Seems someone has set their domain to use my server. It's not a mirror, the database and everything works and updates with mine. He's basically stealing my content, and he's showing up on google instead of me.

Is there a way to make it so my server will only respond to requests from my domain?

I'm using Wordpress with Apache2. Block IP with .htaccess not works

Seems someone has set their domain to use my server. It's not a mirror, the database and everything works and updates with mine. He's basically stealing my content, and he's showing up on google instead of me.

Is there a way to make it so my server will only respond to requests from my domain?

I'm using Wordpress with Apache2. Block IP with .htaccess not works

  • security
Share Improve this question asked Apr 21, 2019 at 10:42 F.AF.A 255 bronze badges 1
  • 3 An interesting question, but nothing to do with WordPress. You'd be more likely to get a response on webmasters.stackexchange. – Jacob Peattie Commented Apr 21, 2019 at 11:19
Add a comment  | 

3 Answers 3

Reset to default 0

You need to set your server restriction to localhost only. Any Adminpanel/Cpanel should have a button like "allow connection from external server". If you only allow connections from your localhost/webspace he won't be able to connect to your database. However, you should immediately change your database password. Change it in e.g. PHP myadmin as well as in the wp-config.php (root folder). Please consider installing a firewall like Wordfence.

I'd change all passwords on your hosting place: hosting access, databases, ftp, and anywhere else.

Then I would look in the 'domains' of your hosting account and delete any that don't belong to you. I'd also contact the hosting support gang to help out.

And I would check all of your file content: htaccess, other files within your 'public_html' (or 'home') folder for anything that doesn't belong.

(And, you might find better answers in another Stack as described. When you create your question there, add as much info as you can: what you have looked at, hosting details, etc).

But, securing your site with strong passwords everywhere is important.

Hope this will be helpful for others. This is how I stop stealer with javascript 

var x = location.hostname;
if ( x != 'www.example'){
window.location.replace("https://www.example");
}

Then use this javascriptobfuscator to encrypt the script and put on top of header file.

Because of encryption domain name not replaceable (In my case stealer use nginx to change domain name)

If anyone need server side solution

if ($_SERVER['SERVER_NAME'] != "www.example"){
    if ($_SERVER['SERVER_NAME'] != "example"){
        echo "<script>window.location.replace(\"https://www.example/\")</script>";
        die();
    }
}

Seems someone has set their domain to use my server. It's not a mirror, the database and everything works and updates with mine. He's basically stealing my content, and he's showing up on google instead of me.

Is there a way to make it so my server will only respond to requests from my domain?

I'm using Wordpress with Apache2. Block IP with .htaccess not works

Seems someone has set their domain to use my server. It's not a mirror, the database and everything works and updates with mine. He's basically stealing my content, and he's showing up on google instead of me.

Is there a way to make it so my server will only respond to requests from my domain?

I'm using Wordpress with Apache2. Block IP with .htaccess not works

  • security
Share Improve this question asked Apr 21, 2019 at 10:42 F.AF.A 255 bronze badges 1
  • 3 An interesting question, but nothing to do with WordPress. You'd be more likely to get a response on webmasters.stackexchange. – Jacob Peattie Commented Apr 21, 2019 at 11:19
Add a comment  | 

3 Answers 3

Reset to default 0

You need to set your server restriction to localhost only. Any Adminpanel/Cpanel should have a button like "allow connection from external server". If you only allow connections from your localhost/webspace he won't be able to connect to your database. However, you should immediately change your database password. Change it in e.g. PHP myadmin as well as in the wp-config.php (root folder). Please consider installing a firewall like Wordfence.

I'd change all passwords on your hosting place: hosting access, databases, ftp, and anywhere else.

Then I would look in the 'domains' of your hosting account and delete any that don't belong to you. I'd also contact the hosting support gang to help out.

And I would check all of your file content: htaccess, other files within your 'public_html' (or 'home') folder for anything that doesn't belong.

(And, you might find better answers in another Stack as described. When you create your question there, add as much info as you can: what you have looked at, hosting details, etc).

But, securing your site with strong passwords everywhere is important.

Hope this will be helpful for others. This is how I stop stealer with javascript 

var x = location.hostname;
if ( x != 'www.example'){
window.location.replace("https://www.example");
}

Then use this javascriptobfuscator to encrypt the script and put on top of header file.

Because of encryption domain name not replaceable (In my case stealer use nginx to change domain name)

If anyone need server side solution

if ($_SERVER['SERVER_NAME'] != "www.example"){
    if ($_SERVER['SERVER_NAME'] != "example"){
        echo "<script>window.location.replace(\"https://www.example/\")</script>";
        die();
    }
}

本文标签: securityBlock any other domains from using my server

版权声明:本文标题:security - Block any other domains from using my server 内容由热心网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://it.en369.cn/questions/1745563455a2156304.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。