: My personal website was cloned in its entirety, is this a security concern? I was googling my (real) name yesterday (which is the name of my site) on a lark and discovered a website that

@Ogunnowo487

Note that if you have a dedicated server with it's own IP address then it's possible that the other domain is simply pointing to your IP address, in which case, see the additional note at the end of this answer.




I can see numerous requests by the clone site for images in the apache2/access.log file.


It sounds like this other site is acting as a reverse proxy and serving your content directly. They haven't necessarily "copied" anything, in terms of literally finding/saving your images/content to another server.


including links to images on the webserver that are not linked to at all anywhere on the site.


This is indicative of the site proxying the request. You make a request to this fake website and they literally just forward the request to your site, receive the response and send this back to the client/user.


it will update live everytime that I update my site...


Yes, again indicates a proxy. (As you suggest in comments, "simply forwarding the page through another server").


is this a security concern?


Well, it's unlikely that your site has been compromised. The main purpose of such an "attack" would seem to be to damage your SEO / search ranking. Or to build up "credibility" for the domain responsible, to ultimately sell it.


I'm thinking I should block the cloners IP address?


Yes. Unfortunately, this is probably the only thing you can do. It is rather difficult to safeguard against such "attacks". The request coming from the proxy might look like a "normal user". As such, most sites, are probably vulnerable to such "attacks".

Unfortunately, the hacker might have multiple IP addresses available at their disposal, so simply blocking a single IP address might not be enough.

You could also examine the HTTP request headers that are coming from these "proxied" requests. A "good" proxy will set X-Forwarded-For and Proto- request headers, etc. If so, you can perhaps block the request based on these headers. However, these are unlikely to be set if the hacker knows what they are doing and doing this maliciously

You could try issuing a server-side redirect back to your domain, in the hope this will redirect the client. However, the proxy server would probably intercept this so it might not do anything. You also have to be careful of redirect loops, since from your server you can't see the (fake) domain through which the site is being accessed at the client end. You could perhaps redirect to ?redirect=1 (or something) to ensure you don't "loop".

You could also try redirecting from client-side JavaScript. JavaScript can obviously see the (fake) domain through which the site is being accessed, so can potentially "redirect" back to your domain. However, many proxy servers will manipulate the client-side HTML/JavaScript/CSS so can easily manipulate the domain you redirect to - unless perhaps you somehow obfuscate this in your client-side code? Or perhaps redirect through an intermediary domain??

Just to add, blocking hotlinking by checking the HTTP Referer header is unlikely to help here (apart from carrying a certain amount of risk anyway). The proxy server will fake the HTTP Referer, either remove it completely (like a direct request), or make it look like an internal request.



Aside: Dedicated server with own IP Address

Just to add, if you have a dedicated server/VPS with it's own IP address then it's possible that this other domain is simply pointing to your IP address, thus effectively creating a "cloned" site.

This is easily "blocked" in the server config by creating a virtual host for this domain and simply denying the request. Or, ensure you have a default virtual host (usually the first one defined) that catches all non-canonical host requests and denies access (preferable).

See this question on StackOverflow for more information:

stackoverflow.com/questions/25236810/how-do-i-block-someone-elses-domain-pointing-to-my-apache-hosted-website

This can also be blocked/redirected with mod_rewrite (in the server config or .htaccess), in fact, depending on how you've implemented your canonical www redirect you might already be redirecting such requests. However, since this is your own server (with it's own IP address) then the virtual host solution is preferable. For example, a canonical redirect such as the following, will redirect all requests that are not for the canonical domain to the canonical domain (ie. example.com):
RewriteCond %{HTTP_HOST} !=example.com
RewriteRule (.*) example.com/ [R=301,L]

Vote Up Vote Down

@Gretchen104

notananswer but want to retain formatting

You could also stop hotlinking to images with an addition to your .htaccess file

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(www.)?example.com [NC]
RewriteRule .(jpg|jpeg|png|gif)$ - [NC,F,L]


If you want to discourage them even more, replace the last line with RewriteRule .(jpg|jpeg|png|gif)$ hotlink.example.com/donotstealimages.png [NC,R,L] this will also load an image from a subdomain in place of the one they are grabbing.

You need the subdomain or or an image from another site or the image you are trying to substitute will be blocked as well. Depending on your image, it can achieve a swift end to image hotlinking :o)

Vote Up Vote Down

@Samaraweera270

There are some ways they could have got those images, and the most common is that Apache served the index of a subdirectory. If that's not the case it could be a security leak, but the information you provided are not enough to confirm/exclude it.

I'm assuming that you always updated the O.S. and even though your running a 14.4.x all the fixes to known vulnerability are installed.

Vote Up Vote Down