3

I'm running a website in a vps server (nginx). I recently found several other websites that are 100% duplicate of my website.

Even when I change a post or delete files from my server, these other websites automatically update with the changes I made! It looks like someone has mirror website without authorization. For this reason, its really hurt my SEO result.

Is this a reverse proxy attack? And how can I prevent someone from mirroring my website?

Bill
  • 136
  • 12

1 Answers1

6

First you need to detect whether it's a mirror, reverse proxy or simply pointing to the same IP. Here's a little help for differential diagnosis and solutions based on the diagnosis.

  1. Mirror. Probably not in this case, as you describe the changes are updating immediately. If it's a static version of your page, you should see from the logs when it has been mirrored and possibly block that IP. You could also create a Fail2ban rule for detecting unwanted mirroring.

  2. Reverse proxy. Go to a random page like http://example.com/7z2JhV986yM2 that hasn't been cached before. With tail -f /var/log/apache2/access.log | grep 7z2JhV986yM2 you should see the IP address used for retrieving the page to the proxy; might not be the same as the IP where the copy is located. Block that IP and see how the reverse proxy now gives 403.

  3. Another domain pointing to your IP. Simply dig for both hostnames and see the answers. This is not necessarily caused by hostile activities, but they could simply be remainings; domains of the former use of the same IP address that your VPS currently has.

    Do not serve the content of you page on every Host: header but only with your canonical hostname i.e. your domain. Use virtual servers i.e. server_name for that. You could either redirect everything else to the canonical hostname, which would actually improve your SEO, or you could give error 404 or a placeholder page describing the domain is not in use.

Esa Jokinen
  • 46,944
  • 3
  • 83
  • 129