0

I'm playing around with a new startup concept. I've built a node application and popped up a limited access version of it on the www. I've noticed recently that someone else seems have copied it, or perhaps redirected to it with their own domain.

I'm not really sure what I can do about it, or with what purpose they are doing it.

My domain: http://mycalories.ca

Their domain: http://xmit.io

I looked them up and it seems like it's a legitimate domain associated with a company in the US: 

Domain : xmit.io
Status : Live
Expiry : 2016-02-27

NS 1 : dns1.p04.nsone.net
NS 2 : dns2.p04.nsone.net
NS 3 : dns3.p04.nsone.net
NS 4 : dns4.p04.nsone.net

Owner : Jeffrey Arnold
Owner : PhotoShelter, Inc.
Owner : 33 Union Square West FL2
Owner : New York
Owner : NY
Owner : US

Why would someone overlay their domain like this?

Brandon Bertelsen
  • 103
  • 3

2 Answers2

2

So, your domain points to the IP Address 66.228.40.84 which is obviously your web server. The admin for the other domain (xmit.io) has pointed their domain to the same IP Address. This is probably not anything malicious; it could be that they used to have a server with your web host so they used to have the IP Address you now use, or someone has just fat-fingered the address and not noticed.

You can try contacting the company and highlighting the issue to them.

Ultimately it shouldn't be a huge problem for you. You can do one of 2 things:

  1. Setup virtual hosts on your web server. Serve your site from your domain, and return a 404 (or similar) to requests for their domain. This will keep "their" traffic separate to yours.
  2. Rewrite requests for the non-canonical host of your domain to the canonical host. In other words, if you want your site to be www.mycalories.ca (as opposed to mycalories.ca) then rewrite requests for anything that doesn't match that to redirect to www.mycalories.ca. This will bring visitors to xmit.io into your site instead of giving them an error.

Personally I would go with the former; people looking for the 'xmit.io' website aren't nessecarily particularly interested in your website, so keep your genuine traffic "real" instead of mixing the 2 sources.

fukawi2
  • 5,396
  • 3
  • 32
  • 51
1

xmit.io is the former user of your IP address.

Here is the simple proof:

By looking at the DNS SOA record it is often possible to tell when the most recent change was made to a domain's DNS records. The SOA record for xmit.io is currently

xmit.io has SOA record dns1.p04.nsone.net. hostmaster.nsone.net. 1402347696 43200 7200 1209600 3600

Notice the third field, the serial number 1402347696. It is easy to recognize this as a UNIX timestamp, and converting it we get Mon, 09 Jun 2014 21:01:36 GMT. Thus, we can be confident that the last time a change was made to this domain's DNS was approximately a year ago.

But your domain was only registered last March. And the serial of your SOA record uses the other common format of encoding a date:

mycalories.ca has SOA record ns1.linode.com. brandon.bertelsen.ca. 2015051190 14400 14400 1209600 86400

Indicating that the last change to your DNS records took place on May 11. Presumably this is around the time that you obtained the VPS from Linode.

This being the case, I wouldn't bother contacting the company. They are probably out of business and the domain's DNS is only still up because it was paid in advance, or as part of the domain registration.

My usual recommendation is to set up a virtual host on your web server to feed traffic for that site a 404 page, or redirect it to goatse, or whatever. I wouldn't redirect it to your site, though, just in case someone is still watching that domain, so that they will have no cause to complain about their own error.

Community
  • 1
Michael Hampton
  • 244,070
  • 43
  • 506
  • 972