Do I have a security issue?

[nwoGeo]

I discovered today that another domain name that I don't own was loading my site, http://nwoforum.com/index.php. I contacted my hosting provider and they told me they can't stop them from doing it and that it's not illegal. They told me to add this to my htaccess file, which didn't work.

Code Select Expand

RewriteCond %{HTTP_REFERER} subkore\.com [NC]
RewriteRule .* - [F]

I changed it to,

Code Select Expand

RewriteCond %{HTTP_HOST} subkore\.com [NC]
RewriteRule ^.*$ - [R=404,L]

and now they're blocked. Is my hosting provider lying and I've been at risk this entire time. If so what should I do besides switching hosts at the moment.

[Arantor]

What do you mean "loading your site"?

The internet works by linking pages together. If you go from one site to another, boom, the referer will show up as the other site.

If they are hot linking images, that's a different story.

[nwoGeo]

Here, I'll remove the htaccess code so you can take a quick look to see what I mean. My site is nwoforum.com, the other site is subkore.com. I have a dedicated IP, so I don't know how this is possible and its been like this for 2 days. I just noticed it today.

[nwoGeo]

Any help? I'm thinking of scrapping my site and starting over quickly.

[Arantor]

Not being funny but can't you have some patience? It's 7.10am and I'm laying in bed trying to get to sleep for a few hours before I'm out again for the day.

The one time I tried to go to the other site I just got a 500 error.

[nwoGeo]

Not being funny but can't you have some patience? It's 7.10am and I'm laying in bed trying to get to sleep for a few hours before I'm out again for the day.

The one time I tried to go to the other site I just got a 500 error.

Sorry, usually I am, I just didn't want to risk it. Instead of using my host to install smf, I decided to use the webinstall script, including the once a month stats option. I rather rely on this community then my host for support. I'm really big on security. Now, I feel a bit more at ease.

Question, using the web install script, after installation, almost all my files and folders read 0755 for file and folder permissions, is this correct?

Again I'm sorry, but the other site is still showing my site, if your're still interested.

[Storman™]

Question, using the web install script, after installation, almost all my files and folders read 0755 for file and folder permissions, is this correct?

Your folders should be 755 but your files should be 644. Amend your files accordingly.

Again I'm sorry, but the other site is still showing my site, if your're still interested.

Hmmm, it is, but I'm not sure how at the moment. Amend the permissions on the files and then take another look.

Edit:

Might be worth you installing something like Crawlprotect:

http://www.crawltrack.net/crawlprotect/

That will check your folder/file permissions and also protect your site from being copied.   

[nwoGeo]

Thanks for clarifying that for me, done. 

[Illori]

Sorry, usually I am, I just didn't want to risk it. Instead of using my host to install smf, I decided to use the webinstall script, including the once a month stats option. I rather rely on this community then my host for support. I'm really big on security. Now, I feel a bit more at ease.

reinstalling your forum using the webinstall has no baring on if we support you or your host does. this sounds like an issue where the other site is using an iframe or similar to show your stuff there. not much we can do about that, but that site is still showing a 500 error so we cant really help you further and really this is beyond the support we provide as we only support the software and this is not an SMF issue.

[Storman™]

Think it's showing the 500 error as it's now been blocked, it was duplicating an hour or two ago 

[Arantor]

subkore.com loads and redirects to your site just fine here. Reinstalling would have had no bearing on this as it appears to be some kind of virtual hosting misconfiguration.

[Storman™]

500 for me   

Interesting that both had similar DNS entries and both under GoDaddy....

[nwoGeo]

subkore.com loads and redirects to your site just fine here. Reinstalling would have had no bearing on this as it appears to be some kind of virtual hosting misconfiguration.

I don't understand most if not all of the configuration stuff, I leave it to the host. I installed it all over because I didn't want to start off on the wrong foot, security wise. Being that I didn't understand and couldn't wait long enough to, I just re-installed it, with a more reliable install directly from you guys and a peace of mind for now. 

[Storman™]

As it's a new install then you've probably done the right thing.

Good luck with your new forum !   

[Kindred]

Actually, it appears to be a 403 error, which then triggers a 500 because it can't serve the 403 error document to the domain...

nwoGeo,
As Arantor says, (even ithout me being able to see the site loading your site) it would appear that the other site was misconfigured (by accident or on purpose) to point to your IP in their DNS.

http://who.is/whois/subkore.com
when I ping that site, it goes to 192.186.200.146  --- is that your IP?

[nwoGeo]

Actually, it appears to be a 403 error, which then triggers a 500 because it can't serve the 403 error document to the domain...

nwoGeo,
As Arantor says, (even ithout me being able to see the site loading your site) it would appear that the other site was misconfigured (by accident or on purpose) to point to your IP in their DNS.

What happens if some logs in using that site, are passwords vulnerable? You can only tell it's not my site by the url. I'm pretty much a noob to this.

[Kindred]

if someone tried to log in to your site using that URL...

if they used a real username and password, it would work to log them in....
but it would not "expose" anything...   it would onl work if they used a real username and password combination.

However, once anyone started trying to use the site, the site would start looking odd because CSS, javascript and images would not be correctly supplied

(I actually did something like this ON PURPOSE, when I decided to stop paying for an old hosting service, but still oned the domains for another year - I directed the domains to my site, and then used htaccess to re-write the URL to my actual site so that the forum worked)

[Arantor]

If someone tried to log into your site using that URL, it would work as normal because the entire site makes reference to your actual site. Every URL on an SMF forum is built via $scripturl which is configured in code so even if someone lands on your site via that other domain, it will still end up pointing to the correct place.

[Kindred]

Really?   Because that's not how it worked for me...   I had to add the forced redirect because it kept trying to load the original url with the smf paths...

[Arantor]

When I saw the site previously, it was loading the site normally - but every single link was using the proper link as defined with $scripturl, so it would always direct properly once you'd hit the page itself.

In reality it is absolutely no different between www.example.com/index.php vs example.com/index.php.