4

I've just read this post: How to stop unauthorized website replication/mirroring, and I think I'm in the case number3: we have a website (let's say example.com), and it seems that another website serves our pages under a different domain name. (let's say bad.com)

The content in bad.com updates instantly, which makes me think the "attacker" just points his IP to my server. But I don't understand how that's possible, since on my server, my apache configuration doesn't allow for his domain name.

I've bought a fake domain name and tried to just change the dns to point to the server's example dns, but that obviously doesn't work (I need to configure an apache virtualHost if I want to be able to use the domain name on a browser).

So how can I reproduce this? How does the "attacker" proceed? Is that a reverse proxy trick or something?

In other words, how do I setup apache (or how do I proceed in general) to make my website a.com serves the content of facebook.com (or any other website)?

ling
  • 303
  • 1
  • 2
  • 13
  • You’d need to proxy the html pages, but you could use a redirect (302) for all other resources (images, JavaScript, css). That would save bandwidth on the bad server. You could also change the html on the fly to change e.g. to . – Gerben Apr 07 '18 at 11:48
  • side note: https://content-security-policy.com/ – Fabian Apr 07 '18 at 11:53

1 Answers1

5

With Apache it's a matter of a simple:

ProxyPass         /    https://example.com/
ProxyPassReverse  /    https://example.com/
ProxyPreserveHost off  # it's the default anyway

The trick is to replace Host header, so that example.com backend gets Host: example.com as it expects. It's a default behavior of Apache. For example haproxy doesn't do that, it leaves Host: bad.com by default.

kubanczyk
  • 13,812
  • 5
  • 41
  • 55