: How to deal with malicious domain redirections? It is possible for anybody to buy a domain name containing negative terms and point it to someone's website in order to damage their reputation.
It is possible for anybody to buy a domain name containing negative terms and point it to someone's website in order to damage their reputation. For instance someone could buy the domain child-pornography.com and point it to the address 64.34.119.12 which is the address behind stackoverflow.com and people navigating to the domain in question would end up visualizing content from StackExchange which would be detrimental to StackExchange's image. To illustrate this, I added the entry 64.34.119.12 child-pornography.com to my /etc/hosts file and tested. Here is what I obtained:
I personally found this user experience terrible as someone could think that Stack Exchange are in favor of child pornography and awaiting support from the community to create a Q&A site about it.
I tested with other websites and experienced other behaviors that I would categorize as follows:
1 - Useful 404 page (happens with stackoverflow.com):
For me the worst way of handling this as the image of the targeted website is directly associated with the offending domain. The more useful the 404 page, the bigger the impression that the targeted website would be willing to help with child pornography.
2 - Redirection (happens with microsoft.com):
For instance when accessing child-pornography.com you get redirected to microsoft.com. It isn't as bad as above as the offending domain name never appears alongside the targeted website's content, but still bad in my opinion as it gives the impression the targeted website bought the offending domain and redirected it to their website to get more traffic.
3 - Server error (happens with lemonde.fr):
You get an error from the webserver which page doesn't contain any content that can be associated with the targeted website (e.g. default Apache 404 page, completely blank page). I believe that is good as the identify of the targeted website isn't revealed.
Above are the various behaviors I experienced, but I also thought about a fourth way of dealing with this which is described below.
4 - Disclaimer page (haven't found any website implementing that technique):
Display a message such as :
"You ended here because someone bought and linked the
child-pornography.com domain to our website. We do not own this
domain and do not associate ourselves with it. This request has been
logged by our servers and we will raise this issue with the competent
authorities to have this domain taken down. If you want to access our
website, please click here."
The good thing about this method is that it can be implemented at application layer (good if you don't have control over web server which happens with some hosting solutions), allows you to protect yourself from any liability, and offer the visitor to be redirected to your own website.
Which of the above options would you implement to deal with malicious domain linking (IMO only options 3 and 4 are worth considering) ?
More posts by @Lengel546
3 Comments
Sorted by latest first Latest Oldest Best
I like the option of showing a very targeted 404 page with no branding on it. I use one that looks like this:
404 Not Found
This web server is not configured for child-pornography.com
That is separate from the 404 page that I use for my normal website which is more helpful and does have branding on it.
From a technical standpoint, I implement this using the default Apache virtual host. The first virtual host in the Apache config file is the one for all unrecognized domain names. Mine has no index.html, just a .htaccess file that specifies a custom 404 page.
It's possible for someone to do this, and the effect could only be negative if left unmitigated.
I would have thought though a straight forward FilesMatch directive (in Apache .HTACCESS) is the best way to handle this, rejecting any attempt to access the web server, maybe even with a plain empty error page as lemonde.fr may have done.
I believe a link to your websites address in 404 would be the wrong answer so is the Disclaimer page, Microsoft's redirect maybe a good solution as you say.
Yes, this is possible see Googlebomb and Googlewashing and there really isn't much you can do to stop it beyond the mitigating mechanisms you've identified above.
As to which is more effective, I would say none. In all the cases above you've already shown that each site doesn't have the content you're looking for and isn't associated with it in any way!
With the fourth method it would be hard to programatically decide which missing content is actually missing and which is a malicious attack. If you know someone is deliberately doing this with a specific domain then it would be helpful, but a 404 does the same job in any case.
Far more effective for an attacker to use other websites to do the damage as in the case of the "santorum" neologism, as you have no control over them.
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.