Welcome to the GoFuckYourself.com - Adult Webmaster Forum forums.

You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so please, join our community today!

If you have any problems with the registration process or your account login, please contact us.

Post New Thread Reply

Register GFY Rules Calendar Mark Forums Read
Go Back   GoFuckYourself.com - Adult Webmaster Forum > >
Discuss what's fucking going on, and which programs are best and worst. One-time "program" announcements from "established" webmasters are allowed.

 
Thread Tools
Old 09-12-2017, 08:50 AM   #1
k0nr4d
Confirmed User
 
k0nr4d's Avatar
 
Industry Role:
Join Date: Aug 2006
Location: Poland
Posts: 6,686
Website cloning via proxy

The topic of website cloning has been coming up lately. I've figured out how people are doing it. This is in regards to the complete clone domains, not sites that have your site mirrored in a directory somewhere. There might be more ways to do this, this is what i've encountered though.

There are two variants, first via cloudflare:
1) Your website is added by someone to cloudflare, presumably as a cname - or possibly cnaming a domain that's not on cloudflare that has your domain as a cname.
2) They add the "Add Content" or Add HTML" App within cloudflare, which allows them to append content to your html on all pages.
3) There is another app somewhere in cloudflare that lets you replace words. So in this case, they were replacing clientsdomain.com with clonedomain.com. This really did my head in - $_SERVER['HTTP_HOST'] was returning clonedomain.com. In reality, the script was returning clientsdomain.com and replacing the word "clientsdomain.com" with "clonedomain.com". Literally, you could "clientsdomain.com into a text file, request it via the other domain and it outputted as "clonedomain.com"
4) The replacing of the domain I cannot figure out yet. I don't know how this is done, I can't find any cloudflare app that lets me do this but I suspect it's maybe done using JS somehow in that Add HTML App.

the second method is via nginx/varnish and THEN cloudflare in which case they do the find/replace and content adding via their server and then pass it along to cloudflare. In this case it may be possible to honeypot the proxy server by placing a new file, hitting it via the proxy domain and seeing what ip comes up in your server logs.

The only way I can think of bypassing this, is by doing javascript like this:

Code:
<script>
if(window.location.href.indexOf("yourd"+"omain.com") < 0) {
       window.location("http://yourd"+"omain.com"); 
}
</script>
or by completely shit-listing the cloudflare IPs on your server (in which case you won't be able to use cloudflare yourself):
103.21.244.0/22
103.22.200.0/22
103.31.4.0/22
104.16.0.0/12
108.162.192.0/18
131.0.72.0/22
141.101.64.0/18
162.158.0.0/15
172.64.0.0/13
173.245.48.0/20
188.114.96.0/20
190.93.240.0/20
197.234.240.0/22
198.41.128.0/17

Hope this helps someone
__________________
Mechbunny Tube Script (Now with VR Support!) | Mechbunny TGP Script | Tube PPC Partner Program Script | Custom Adult PHP Development
Beware of imposters on skype!
k0nr4d is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 09-12-2017, 09:33 AM   #2
Adraco
Confirmed User
 
Adraco's Avatar
 
Industry Role:
Join Date: May 2009
Location: Onboard an airplane around the globe
Posts: 3,275
Very nice explanation and most impressed by your level of knowledge to be able to figure this way out! Thanks for posting this Konrad!
__________________
----------------------------------------------------------------------------------
The truth is not affected by the beliefs, or doubts, of the majority.
Earn Easy Advertising Dollars @ ExoClick - Sign Up and Get Started In Under 10 Min

Adraco is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 09-12-2017, 10:12 AM   #3
sarettah
I'll make you famous...
 
Industry Role:
Join Date: Oct 2002
Location: Kansas City, Misery
Posts: 6,888
Good post K0nr4d, excellent break down of what it is.

Thanks

.
__________________
Free Cams at Camfoxes.com
sarettah is online now   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 09-12-2017, 10:18 AM   #4
bns666
Confirmed Fetishist
 
bns666's Avatar
 
Industry Role:
Join Date: Mar 2005
Location: Puta Madre Qu'est-ce que c'est?
Posts: 9,344
cool, thanx
bns666 is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 09-12-2017, 10:23 AM   #5
Barry-xlovecam
It's 42
 
Barry-xlovecam's Avatar
 
Industry Role:
Join Date: Jun 2010
Location: Global
Posts: 17,058
Thats what I was thinking their method was 'like'
Blocking Cloudflare IPs on servers EXCEPT where specifically needed is a good idea.

SAMEORIGIN would not help in this scenario.

Cloudflare needs to police their clients better -- copyright infringement and fraud most likely are Cloudflare TOS violations.

Thanks for looking into this Konrad.

BTW a 302 -301 domain redirection will work -- maybe even a page redirection -- this is working for lifeselector -- planed or not.
__________________
Vive la résistance -- Carpe diem

"If you only knew the power of the dark side." ...Darth Vader
Sk.why.pe: barry_555_5 -- ICQ: three1896three617
Barry-xlovecam is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 09-12-2017, 10:27 AM   #6
k0nr4d
Confirmed User
 
k0nr4d's Avatar
 
Industry Role:
Join Date: Aug 2006
Location: Poland
Posts: 6,686
Quote:
Originally Posted by Barry-xlovecam View Post
Thats what I was thinking their method was 'like'
Blocking Cloudflare IPs on servers EXCEPT where specifically needed is a good idea.

SAMEORIGIN would not help in this scenario.

Cloudflare needs to police their clients better -- copyright infringement and fraud most likely are Cloudflare TOS violations.

Thanks for looking into this Konrad.

BTW a 302 -301 domain redirection will work -- maybe even a page redirection -- this is working for lifeselector -- planed or not.
Redirect won't work because from the proxies end the domain is correct. They are requesting domain1.com and reserving it as domain2.com. Only a redirect via JS like I wrote works, and you have to split the string into two so it doesn't get text-replaced.
__________________
Mechbunny Tube Script (Now with VR Support!) | Mechbunny TGP Script | Tube PPC Partner Program Script | Custom Adult PHP Development
Beware of imposters on skype!
k0nr4d is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 09-12-2017, 10:35 AM   #7
sarettah
I'll make you famous...
 
Industry Role:
Join Date: Oct 2002
Location: Kansas City, Misery
Posts: 6,888
Quote:
Originally Posted by k0nr4d View Post
Redirect won't work because from the proxies end the domain is correct. They are requesting domain1.com and reserving it as domain2.com. Only a redirect via JS like I wrote works, and you have to split the string into two so it doesn't get text-replaced.
You could probably make the domain base64 encoded instead of just splitting it, or base64 it and split it into multiple parts maybe. The more obfuscation the better.

.
__________________
Free Cams at Camfoxes.com
sarettah is online now   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 09-12-2017, 10:36 AM   #8
sarettah
I'll make you famous...
 
Industry Role:
Join Date: Oct 2002
Location: Kansas City, Misery
Posts: 6,888
Quote:
Originally Posted by Barry-xlovecam View Post
Cloudflare needs to police their clients better -- copyright infringement and fraud most likely are Cloudflare TOS violations.
Yeah, I would think that cloudflare would probably block something like this if they knew about it.

.
__________________
Free Cams at Camfoxes.com
sarettah is online now   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 09-12-2017, 10:38 AM   #9
Barry-xlovecam
It's 42
 
Barry-xlovecam's Avatar
 
Industry Role:
Join Date: Jun 2010
Location: Global
Posts: 17,058
Do that lifeselector link on that page and look at the headers. Fluke maybe but it goes to a password protected page

The clone renders a blank page for affiliates.lifeselector and the password page is on another subdomain name 'assist'. The wrong CNAME maybe?

The problem is scumbags using Cloudlare for bad purposes. If Cloudflare does not clean up their act the USDOJ will eventually. I am not asserting any complicity on Cloudflare's part but if they abandoned their free service and made it a 30 trial with a low cost for small users -- then the scumbags would not use it because payment data is traceable and can be subpoenaed.
__________________
Vive la résistance -- Carpe diem

"If you only knew the power of the dark side." ...Darth Vader
Sk.why.pe: barry_555_5 -- ICQ: three1896three617
Barry-xlovecam is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 09-12-2017, 10:39 AM   #10
k0nr4d
Confirmed User
 
k0nr4d's Avatar
 
Industry Role:
Join Date: Aug 2006
Location: Poland
Posts: 6,686
Quote:
Originally Posted by sarettah View Post
You could probably make the domain base64 encoded instead of just splitting it, or base64 it and split it into multiple parts maybe. The more obfuscation the better.

.
Yeah you could go much further with this, and run the whole js through one of those obfuscators to hide it as well, or even randomize it so it's
d+omain
do+main
dom+ain
dom+a+in
and so forth to prevent someone doing find/replace on the JS itself too.
__________________
Mechbunny Tube Script (Now with VR Support!) | Mechbunny TGP Script | Tube PPC Partner Program Script | Custom Adult PHP Development
Beware of imposters on skype!
k0nr4d is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 09-12-2017, 11:00 AM   #11
Barry-xlovecam
It's 42
 
Barry-xlovecam's Avatar
 
Industry Role:
Join Date: Jun 2010
Location: Global
Posts: 17,058
In this case the framing is not malicious notwithstanding the SEO imprecations.
so use an obfuscated canonical tag rel=canonical to identify were the REAL site/domain is

Every site stealing SERPs I checked for xlovecam was using Cloudflare to obscure their host server. Every 'claimed' free password site or free tokens or credits site/domain was trying to hide behind Cloudflare. If it was to big of a problem, and worth the expense, we could sue the domain owners and subpoena Cloudflare.

I have absolutely no problem with servers using Cloudflare for its intended purpose -- mitigating ddos attacks and security filtering.
__________________
Vive la résistance -- Carpe diem

"If you only knew the power of the dark side." ...Darth Vader
Sk.why.pe: barry_555_5 -- ICQ: three1896three617
Barry-xlovecam is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 09-12-2017, 11:04 AM   #12
mikeworks
Confirmed User
 
Join Date: Apr 2010
Posts: 222
Thanks Konrad for sharing your information.

It's probably one of the biggest problems at the moment. I disavow them, but they must obviously still benefit from google and/or harm original site.
mikeworks is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 09-12-2017, 11:07 AM   #13
k0nr4d
Confirmed User
 
k0nr4d's Avatar
 
Industry Role:
Join Date: Aug 2006
Location: Poland
Posts: 6,686
Quote:
Originally Posted by Barry-xlovecam View Post
In this case the framing is not malicious notwithstanding the SEO imprecations.
so use an obfuscated canonical tag rel=canonical to identify were the REAL site/domain is

Every site stealing SERPs I checked for xlovecam was using Cloudflare to obscure their host server. Every 'claimed' free password site or free tokens or credits site/domain was trying to hide behind Cloudflare. If it was to big of a problem, and worth the expense, we could sue the domain owners and subpoena Cloudflare.

I have absolutely no problem with servers using Cloudflare for its intended purpose -- mitigating ddos attacks and security filtering.
How exactly does an obfuscated canonicle tag look like? I've never seen or heard of that
__________________
Mechbunny Tube Script (Now with VR Support!) | Mechbunny TGP Script | Tube PPC Partner Program Script | Custom Adult PHP Development
Beware of imposters on skype!
k0nr4d is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 09-12-2017, 11:44 AM   #14
Barry-xlovecam
It's 42
 
Barry-xlovecam's Avatar
 
Industry Role:
Join Date: Jun 2010
Location: Global
Posts: 17,058
Pretty much everyone agrees now that search engines CAN read JavaScript.

Code:
<script language="javascript">
<!--
// == Begin Free HTML Source Code Obfuscation Protection from http://snapbuilder.com == //
document.write(unescape('%3C%6C%69%6E%6B%20%72%65%6C%3D%22%63%61%6E%6F%6E%69%63%61%6C%22%20%68%72%65%66%3D%22%68%74%74%70%3A%2F%2F%65%78%61%6D%70%6C%65%2E%63%6F%6D%2F%77%6F%72%64%70%72%65%73%73%2F%73%65%6F%2D%70%6C%75%67%69%6E%2F%22%3E'));
//-->
</script>
Assuming you are right that text substitution is being used -- how are you going to read and substitute this? If you are a secret-agent you could grep and decode somehow i suppose -- what does this say -- just run the code in phantomjs. That is the way i might scrape the page. if you broke the JS code with + maybe it might fool the substitution but if you really want to get down to it

echo or cat (<input>)|sed 's/\n//g' then ....

Code:
echo '<script>if(window.location.href.indexOf("yourd"+"omain.com") < 0) {       window.location("http://yourd"+"omain.com"); }</script>'
|egrep  -o ".{0,20}\(window\.location\.href.{0,20}"
|sed 's/window/you are fucked now/g'
<script>if(you are fucked now.location.href.indexOf("yourd"+"om
fuckup the frame breaker JS

Sure as fuck won't hurt to try rel=canonical .
__________________
Vive la résistance -- Carpe diem

"If you only knew the power of the dark side." ...Darth Vader
Sk.why.pe: barry_555_5 -- ICQ: three1896three617
Barry-xlovecam is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 09-12-2017, 04:07 PM   #15
Bladewire
StraightBro
 
Bladewire's Avatar
 
Industry Role:
Join Date: Aug 2003
Location: Monarch Beach, CA
Posts: 29,183
Excellent info thanks!
Bladewire is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 09-12-2017, 04:35 PM   #16
Smut-Talk
I talk smut
 
Industry Role:
Join Date: Jul 2016
Location: Somewhere on the webz
Posts: 176
Nice info for sure...


On the defensive of your site:

You can do a lot with htaccess.
FI: I use htaccess to stop hotlinking, put a redirect to a goatsie in it...

Barry, as promised on icq:

to "help" with scriptkiddies with scanning, i came across this:

!you can ZIP bomb a vuln scanner!

ZIP compression is really good with repetitive data so if you have a really huge text file which consists of repetitive data like all zeroes, it will compress it really good.
It can compress a 4.5 peta byte (4.500.000 giga bytes) file down to 42 kilo bytes.

When a browser/scanner extracts or decompresses the content it will most likely run out of disk space or RAM.

So firstly create a 10 giga byte GZIP file, or bigger, filled with zeroes.
And secondly a PHP script that will deliver it to a client.

Code:
<?php
$agent = filter_input(INPUT_SERVER, 'HTTP_USER_AGENT');

//check for nikto, sql map or "bad" subfolders which only exist on wordpress
if (strpos($agent, 'nikto') !== false || strpos($agent, 'sqlmap') !== false || startswith($url,'wp-') || startswith($url,'wordpress') || startswith($url,'wp/'))
{
      sendBomb();
      exit();
}

function sendBomb(){
        //prepare the client to recieve GZIP data. This will not be suspicious
        //since most web servers use GZIP by default
        header("Content-Encoding: gzip");
        header("Content-Length: ".filesize('10G.gzip'));
        //Turn off output buffering
        if (ob_get_level()) ob_end_clean();
        //send the gzipped file to the client
        readfile('10G.gzip');
}

function startsWith($a, $b) { 
    return strpos($a, $b) === 0;
}
source: https://blog.haschek.at/post/f2fda
__________________
This is my awesome signature!
if you really have to, you can use: smuttalk-that apple thingy-websmut.com
Don't forget to mention GFY in the subject!
Smut-Talk is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 09-12-2017, 05:06 PM   #17
Barry-xlovecam
It's 42
 
Barry-xlovecam's Avatar
 
Industry Role:
Join Date: Jun 2010
Location: Global
Posts: 17,058
Code:
[email protected]:~# whois odir.us
Domain Name:                                 ODIR.US
Domain ID:                                   D29663821-US
Sponsoring Registrar:                        UNITED-DOMAINS AG
Sponsoring Registrar IANA ID:                1408
Registrar URL (registration services):       www.united-domains.de
Domain Status:                               clientTransferProhibited
Registrant ID:                               C-SM7006B-QVRDOB
Registrant Name:                             Stefan Mayr
Registrant Address1:                         Mondscheingasse 6
Registrant City:                             Graz
Registrant Postal Code:                      8010
Registrant Country:                          Austria
Registrant Country Code:                     AT
Registrant Phone Number:                     +43.69910780807
Registrant Email:                            [email protected]
Registrant Application Purpose:              P1
Registrant Nexus Category:                   C31/AT
Administrative Contact ID:                   C-SM7006B-MIXAPZ
Administrative Contact Name:                 Stefan Mayr
Administrative Contact Address1:             Mondscheingasse 6
Administrative Contact City:                 Graz
Administrative Contact Postal Code:          8010
Administrative Contact Country:              Austria
Administrative Contact Country Code:         AT
Administrative Contact Phone Number:         +43.69910780807
Administrative Contact Email:                [email protected]
Administrative Application Purpose:          P1
Administrative Nexus Category:               C31/AT
Billing Contact ID:                          C-UHM65D7-HTWJET
Billing Contact Name:                        Host Master
Billing Contact Organization:                united-domains AG
Billing Contact Address1:                    Gautinger Str. 10
Billing Contact City:                        Starnberg
Billing Contact State/Province:              Bayern
Billing Contact Postal Code:                 82319
Billing Contact Country:                     Germany
Billing Contact Country Code:                DE
Billing Contact Phone Number:                +49.8151368670
Billing Contact Facsimile Number:            +49.81513686777
Billing Contact Email:                       [email protected]
Billing Application Purpose:                 P1
Billing Nexus Category:                      C31/AT
Technical Contact ID:                        C-UHM65D7-OYNZFB
Technical Contact Name:                      Host Master
Technical Contact Organization:              united-domains AG
Technical Contact Address1:                  Gautinger Str. 10
Technical Contact City:                      Starnberg
Technical Contact State/Province:            Bayern
Technical Contact Postal Code:               82319
Technical Contact Country:                   Germany
Technical Contact Country Code:              DE
Technical Contact Phone Number:              +49.8151368670
Technical Contact Facsimile Number:          +49.81513686777
Technical Contact Email:                     [email protected]
Technical Application Purpose:               P1
Technical Nexus Category:                    C31/AT
Name Server:                                 EMMA.NS.CLOUDFLARE.COM
Name Server:                                 IVAN.NS.CLOUDFLARE.COM
Created by Registrar:                        PDR LTD. D/B/A PUBLICDOMAINREGISTRY.COM
Last Updated by Registrar:                   UNITED-DOMAINS AG
Last Transferred Date:                       Sun Apr 16 16:06:24 GMT 2017
Domain Registration Date:                    Thu Sep 16 04:52:42 GMT 2010
Domain Expiration Date:                      Sat Sep 15 23:59:59 GMT 2018
Domain Last Updated Date:                    Mon Apr 17 06:01:29 GMT 2017
DNSSEC:                                      false
Enough of this shit

Complain to the registry to yank his ticket.

usTLD Nexus Requirements Policy for Registrants| About.US - About.US


Quote:
usTLD Nexus
Requirements Policy

Registrants in the usTLD must be either:

1.A natural person (i) who is a United States citizen, (ii) who is a permanent resident of the United States of America or any of its possessions or territories, or (iii) whose primary place of domicile is in the United States of America or any of its possessions [Nexus Category 1],

2.A United States entity or organization that is (i) incorporated within one of the fifty (50) U.S. states, the District of Columbia, or any of the United States possessions or territories, or (ii) organized or otherwise constituted under the laws of a state of the United States of America, the District of Columbia or any of its possessions or territories (including a federal, state, or local government of the United States or a political subdivision thereof, and non-commercial organizations based in the United States) [Nexus Category 2], or

3.A foreign entity or organization that has a bona fide presence in the United States of America or any of its possessions or territories [Nexus Category 3].
Normally if it was a domain innocent of any real wrongdoing I would just leave this be -- but under these circumstances -- he can go fuck himself -- next move is yours ...
__________________
Vive la résistance -- Carpe diem

"If you only knew the power of the dark side." ...Darth Vader
Sk.why.pe: barry_555_5 -- ICQ: three1896three617
Barry-xlovecam is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 09-12-2017, 05:16 PM   #18
CaptainHowdy
GFY HALL OF FAME DAMMIT!!!
 
CaptainHowdy's Avatar
 
Industry Role:
Join Date: Dec 2004
Location: Happy in the dark.
Posts: 73,659
All hail k0nr4d ...
CaptainHowdy is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 09-13-2017, 04:14 AM   #19
Craft
Confirmed User
 
Industry Role:
Join Date: Oct 2015
Posts: 145
Anyone knows how to check if your site is cloned ?
Craft is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 09-13-2017, 04:44 AM   #20
Paul&John
Confirmed User
 
Paul&John's Avatar
 
Industry Role:
Join Date: Aug 2005
Location: YUROP
Posts: 6,606
Nice info k0nr4d!
__________________
Paysites do sell, check out SkyWireCash!
Paul&John is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 09-13-2017, 06:10 AM   #21
CaptainHowdy
GFY HALL OF FAME DAMMIT!!!
 
CaptainHowdy's Avatar
 
Industry Role:
Join Date: Dec 2004
Location: Happy in the dark.
Posts: 73,659
Bump for a great thread ...
CaptainHowdy is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 09-13-2017, 09:50 AM   #22
mikeworks
Confirmed User
 
Join Date: Apr 2010
Posts: 222
Quote:
Originally Posted by Craft View Post
Anyone knows how to check if your site is cloned ?
Check webmaster tools for backlinks from a cloned domain.
mikeworks is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 09-13-2017, 10:19 AM   #23
RazorSharpe
Confirmed User
 
RazorSharpe's Avatar
 
Industry Role:
Join Date: Aug 2001
Location: Scotland
Posts: 1,822
Have a very similar issue.

This is the offender's site: (google cache version)
https://webcache.googleusercontent.c...&ct=clnk&gl=uk

This is mine:
https://www.projectvoyeur.com

He has cloned over 100K pages on my site and counting. I contacted cloudflare who responded with their party line about not being the host so I was dead in the water.

Previously, when contacting google (DMCA), they have taken action on sites like this. This time however, they did pretty much nothing. The fact that this person is cloning my site and then serving cloaked pages (which is why I showed the cached version above), didn't seem to bother the folk at Google at all.

So I kinda figured I was stuck with this.
__________________
Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning.
RazorSharpe is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 09-13-2017, 09:01 PM   #24
TrafficTitan
Confirmed User
 
Industry Role:
Join Date: Nov 2012
Posts: 183
Google is too dumb to understand their cloaking. DMCA sometimes work but not always.

Can you DMCA an entire domain?
Does anybody have a good standardized message to send to google that works?

Has anybody come up with a rock solid way to stop them? I've already implemented banning all cloudflare IPs. One way that does work if you DMCA cloudflare they will cough up the origin host. Then if you DMCA the origin host it frequently gets shut down. It would be great if there was a pro-active way to just prevent it though. The JS canonical seems interesting.

In addition to the clones I also see people scraping everyone's titles and throwing them up on a BS site which always redirects to a random tube or advertiser from google serps.
TrafficTitan is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 09-13-2017, 11:35 PM   #25
Lewis11
Confirmed User
 
Industry Role:
Join Date: May 2016
Posts: 332
Nice info!
Lewis11 is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 09-14-2017, 07:17 AM   #26
sarettah
I'll make you famous...
 
Industry Role:
Join Date: Oct 2002
Location: Kansas City, Misery
Posts: 6,888
Bump for business

.
__________________
Free Cams at Camfoxes.com
sarettah is online now   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 09-14-2017, 08:06 AM   #27
wocnom
Confirmed User
 
wocnom's Avatar
 
Industry Role:
Join Date: Jan 2013
Posts: 121
I think there are like 3 possible ways to fight them. Notify about what they are doing:
  1. their domain registrar
  2. hosting they are using AND cloudflare
  3. google
Combine all of them is the best way I suppose. I think it's possible to use DMCA in all three cases.
wocnom is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 09-14-2017, 08:21 AM   #28
Barry-xlovecam
It's 42
 
Barry-xlovecam's Avatar
 
Industry Role:
Join Date: Jun 2010
Location: Global
Posts: 17,058
Go to the registry and hit them with the sledgehammer.
__________________
Vive la résistance -- Carpe diem

"If you only knew the power of the dark side." ...Darth Vader
Sk.why.pe: barry_555_5 -- ICQ: three1896three617
Barry-xlovecam is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 09-14-2017, 09:01 AM   #29
TrafficTitan
Confirmed User
 
Industry Role:
Join Date: Nov 2012
Posts: 183
If you contact the domain registrar does that actually do anything? I've never tried DMCA'ing the registrar.
TrafficTitan is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 09-14-2017, 09:15 AM   #30
Barry-xlovecam
It's 42
 
Barry-xlovecam's Avatar
 
Industry Role:
Join Date: Jun 2010
Location: Global
Posts: 17,058
The REGISTRY not the Registrar -- shit flows downhill -- you have never worked in the corporate world?
You go right to the COB or the CEO's office -- shit happens fast when you pull a tiger's tail.

Pay an Attorney to write the letter to the COB and send it Certified mail or by DHL (if overseas) -- the shit will hit the fans.
__________________
Vive la résistance -- Carpe diem

"If you only knew the power of the dark side." ...Darth Vader
Sk.why.pe: barry_555_5 -- ICQ: three1896three617
Barry-xlovecam is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 09-14-2017, 10:47 PM   #31
Craft
Confirmed User
 
Industry Role:
Join Date: Oct 2015
Posts: 145
Thes works

On the top of .htaccess files add this.

"Header always append X-Frame-Options SAMEORIGIN"
Craft is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 09-14-2017, 10:59 PM   #32
kmanrox
aka K-Man
 
kmanrox's Avatar
 
Industry Role:
Join Date: Oct 2001
Location: The Gutter
Posts: 28,638
Or via a custom scraper made in PHP that uses a pool of rotating client proxies, random, periodically.
kmanrox is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 09-15-2017, 02:39 AM   #33
Smut-Talk
I talk smut
 
Industry Role:
Join Date: Jul 2016
Location: Somewhere on the webz
Posts: 176
Craft made a point:

On the server you can set the X-Frame-Options header, which tells the web browser how to treat the page when it is framed. It is possible to set this header to DENY, which blocks all loading of the page via frames. By setting it to SAMEORIGIN you can relax the restrict and only allow framing by pages on the same domain.

On the Apache webserver this directive is set like so (on Debian/Ubuntu servers this is /etc/apache2/apache2.conf):

Code:
Header always append X-Frame-Options SAMEORIGIN
Alternatively if you are using nginx then you can implement it in the following way:

Code:
add_header X-Frame-Options SAMEORIGIN;

Unfortunately this header is only supported on more recent browsers


Now for legacy browsers you will need to drop back to using a JavaScript framebusting code. It goes without saying however that this can be circumvented by a potential attacker through techniques such as double framing and exploiting cross site scripting filters in some browsers.

Code:
if(top != self) { top.location = self.location; }
The latest recommendation from The Open Web Application Security Project (OWASP) is to include the following code in the <head> section of your web page:

Code:
<style id="antiClickjack">body{display:none !important;}</style>
<script type="text/javascript">
   if (self === top) {
       var antiClickjack = document.getElementById("antiClickjack");
       antiClickjack.parentNode.removeChild(antiClickjack);
   } else {
       top.location = self.location;
   }
</script>
This works by disabling the whole page using the CSS style at the beginning and then later on in the javascript checking to see that the page is not framed. It then removes the style from the pages HTML thereby revealing the content. If it is framed then it sets itself as the parent page.

This should work...

Still shit falls down quick, do as Barry said; Enough of this shit

Quote:
Complain to the registry to yank his ticket.
__________________
This is my awesome signature!
if you really have to, you can use: smuttalk-that apple thingy-websmut.com
Don't forget to mention GFY in the subject!

Last edited by Smut-Talk; 09-15-2017 at 02:44 AM.. Reason: cleaned up code
Smut-Talk is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 09-15-2017, 02:57 AM   #34
Smut-Talk
I talk smut
 
Industry Role:
Join Date: Jul 2016
Location: Somewhere on the webz
Posts: 176
Quote:
Originally Posted by RazorSharpe View Post
Have a very similar issue.

This is the offender's site: (google cache version)
https://webcache.googleusercontent.c...&ct=clnk&gl=uk

This is mine:
https://www.projectvoyeur.com

He has cloned over 100K pages on my site and counting. I contacted cloudflare who responded with their party line about not being the host so I was dead in the water.

Previously, when contacting google (DMCA), they have taken action on sites like this. This time however, they did pretty much nothing. The fact that this person is cloning my site and then serving cloaked pages (which is why I showed the cached version above), didn't seem to bother the folk at Google at all.

So I kinda figured I was stuck with this.
maybe this help really quick:

you can use .htaccess as the following

Code:
RewriteEngine On

RewriteCond %{QUERY_STRING} !^id=[^&]+ [NC]
# if referrer is bad.com
RewriteCond %{HTTP_REFERER} (www\.)?bad\.com [NC]
# then redirect to a different page
RewriteRule !^404.shtm [L,NC,R=302]
Just don't do a 404, do a redirect to a goatsie picture...
I think when his page visitors see that, they won't be coming back..
__________________
This is my awesome signature!
if you really have to, you can use: smuttalk-that apple thingy-websmut.com
Don't forget to mention GFY in the subject!
Smut-Talk is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Post New Thread Reply
Go Back   GoFuckYourself.com - Adult Webmaster Forum > >

Bookmarks

Tags
cloudflare, app, add, clientsdomain.com, server, clonedomain.com, website, domain, replacing, content, html, proxy, file, returning, cloning, suspect, hope, honeypot, placing, helps, hitting, method, adding, nginx/varnish, find/replace
Thread Tools




©2000-, AVN Media Network Inc



Powered by vBulletin
Copyright © 2000- Jelsoft Enterprises Limited.