1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

My site got mirrored...?

Discussion in 'Programming' started by RazeByte, Jun 22, 2017.

  1. RazeByte

    RazeByte Junior Member

    Joined:
    Mar 13, 2014
    Messages:
    131
    Likes Received:
    108
    Gender:
    Male
    Occupation:
    Student
    So my site got mirrored, meaning, if I change my scripts, it would be affected on the other domain that is mirroring my site, literally same exact content and database. I'm not sure how this is possible and was wondering if someone can explain to me how this works (real-time). Nobody got access to my control panel or VPS as I checked the access / login logs, and nobody got access to my CloudFlare DNS but my site got mirrored anyways.

    I hacked the site using some quick SQL magic and fucked them over the ass but I need to know this was possible in the first place...????
     
  2. living2xl

    living2xl Jr. VIP Jr. VIP

    Joined:
    Dec 9, 2011
    Messages:
    1,634
    Likes Received:
    360
    Occupation:
    Sippin dat juice - Shout it louder!
    Location:
    Not sleeping!
    Home Page:
  3. mrorzio

    mrorzio Jr. VIP Jr. VIP

    Joined:
    Sep 9, 2012
    Messages:
    500
    Likes Received:
    218
    Occupation:
    Marketing and Consulting. Business Owner
    Location:
    AMERICA
    Good Question...

    Cool that you hacked their site...
     
  4. tux

    tux Jr. VIP Jr. VIP

    Joined:
    Jul 11, 2016
    Messages:
    1,222
    Likes Received:
    639
    Gender:
    Male
  5. Darmor

    Darmor Newbie

    Joined:
    Jun 25, 2017
    Messages:
    25
    Likes Received:
    12
    Gender:
    Male
    If you hacked them (SQL Injection I suppose from your post), why didn't you figure out how they did it while you're in ?

    There's two options in mirroring a site on the backend:

    1. Frequent scraping and rolling their own mirroring software (this goes in line with your SQL hack statement), which does not need access to any of your control panels and CloudFlare doesn't matter (depending on your settings in CF, and their IP quality and scraping method etc)

    2. Nginx reverse proxy. This one is "the perfect mirror" method, real-time, extremely easy to do and much better than iframes or scraping content. BUT: It doesn't go in line with the SQL hack statement (and I assume finding your own content in their database)
     
    • Thanks Thanks x 1
  6. HallLiz

    HallLiz Regular Member

    Joined:
    Mar 5, 2017
    Messages:
    347
    Likes Received:
    183
    Gender:
    Female
    Good for you teaching them a lesson. I laughed so hard I spit my drink on the screen.
     
  7. roadhamster

    roadhamster Regular Member

    Joined:
    Mar 12, 2012
    Messages:
    340
    Likes Received:
    244
    Could be that they're pointing their DNS to your server-IP. That could explain the real-time behaviour. Do some research on the domain name and DNS that's mirroring your site.
     
  8. Mex

    Mex Jr. VIP Jr. VIP

    Joined:
    Aug 31, 2016
    Messages:
    187
    Likes Received:
    67
    • Thanks Thanks x 1
    Last edited: Jun 25, 2017
  9. MuayThai

    MuayThai Jr. VIP Jr. VIP

    Joined:
    Aug 25, 2015
    Messages:
    611
    Likes Received:
    184
    Sure? Then how you explain this "I hacked the site using some quick SQL magic"
    Had OP hacked his own website? :-D
     
  10. Darmor

    Darmor Newbie

    Joined:
    Jun 25, 2017
    Messages:
    25
    Likes Received:
    12
    Gender:
    Male
    Precisely why I mentioned the two methods based on if and what OP hacked into :D
     
    • Thanks Thanks x 1
  11. skorbin

    skorbin Jr. VIP Jr. VIP

    Joined:
    Nov 28, 2015
    Messages:
    106
    Likes Received:
    7
    could be a number of methods, I'm guessing he was bullshitting when he said he hacked them to save face.
     
    • Thanks Thanks x 1
  12. MuayThai

    MuayThai Jr. VIP Jr. VIP

    Joined:
    Aug 25, 2015
    Messages:
    611
    Likes Received:
    184
    OP, can you expose your site and mirrored site?
     
  13. RazeByte

    RazeByte Junior Member

    Joined:
    Mar 13, 2014
    Messages:
    131
    Likes Received:
    108
    Gender:
    Male
    Occupation:
    Student
    That's the irony... I got control but still had no clue how it was working. I was pretty pissed I couldn't figure it out ;( Their DNS servers and everything looked fine, and they had one sketchy script that appended information on all my scripts while they were mirroring, that's all I found.

    Btw, I did "hack" in to the site, but you have to remember that it was extremely easy. They were literally mirroring my site, so if I executed shit on my PHP scripts, it would translate to their servers too. I could execute shells or echo out server information on my scripts and it would translate to their information. IT WAS SO FUCKING WEIRD, I HAD NO CLUE what was happening!

    i.e.

    MyWebsite.com/somescript.php --> MirroredSite.com/somescript.php

    would both execute with two different responses for server info.

    What ended up breaking the mirror was by using SSL on my site but I doubt I actually fixed-fixed the problem. I even wiped my whole VPS out and reinstalled everything incase there was malware... still didn't affect the mirror until I added SSL :eek:
     
    Last edited: Jun 26, 2017
  14. Darmor

    Darmor Newbie

    Joined:
    Jun 25, 2017
    Messages:
    25
    Likes Received:
    12
    Gender:
    Male
    What language were the scripts written in? What kind of information did you find in the database? Did you find your own content in there?

    Then again, the "how" is easy to guess, and it doesn't really help moving forward.

    What would help in the future:

    - Whenever you notice a site mirroring you, find the server IP, blacklist it on your side, problem solved against most ideas they can have.

    The solution with stopping a mirror is the same as the problem with security:

    - You cannot protect yourself 100%, you can only make it not worth the effort :)
     
  15. RazeByte

    RazeByte Junior Member

    Joined:
    Mar 13, 2014
    Messages:
    131
    Likes Received:
    108
    Gender:
    Male
    Occupation:
    Student
    I found my own content in the database, which was being updated on real-time, with same exact names - I think it was literally the same SQL data - like they had a connection to my SQL. It's a mirror, it was my shit. I think it was an exact mirror through domain masking with their own custom scripts appending shit on my scripts. The scripts are written in PHP. I know, I was going to blacklist it but I wanted to know how it even happened. Also, if I just blacklist it, they could easily just register a new domain and do it again.
     
  16. Darmor

    Darmor Newbie

    Joined:
    Jun 25, 2017
    Messages:
    25
    Likes Received:
    12
    Gender:
    Male
    That's where the "not worth it" part I said above comes in! The more money they have the spend the better!

    You cannot prevent it 100% of the time, you can do a few of the following tho:

    - Check your CloudFlare settings, try RocketLoader and combine it with a custom JS that checks the domain and redirects if it's not your own (given that RocketLoader compiles all JS later, your new script mixed into the code of another essential plugin is going to make the effort go from 0 to 100 very quickly)
    - If they are not masking and they are actively scraping you (you said your content was in their DB), to achieve near-real-time they must be sending a TON of requests to your server, which you can easily rate-limit
    - Check your database listen ip/port, check iptables, there was a recent viral InfoSec research article that said there were apparently thousands of unsecured database instances allowing remote connections out there
     
  17. hualdo171

    hualdo171 Registered Member

    Joined:
    Dec 11, 2010
    Messages:
    76
    Likes Received:
    9
    Location:
    Flushei maior Malandro
    Sick history, is your movie site? How is your journey?
    I followed up on your topic and was inspired me to learn code and i created a 100% automated movie site two months ago and I'm curious how someone apparently without access to the database can clone this content in real time, if you can solve this problem please report.
     
  18. redarrow

    redarrow Elite Member

    Joined:
    Apr 1, 2013
    Messages:
    5,164
    Likes Received:
    1,175
    Mirror a url is done this way

    ----------------/-

    RewriteEngine on

    RewriteCond %{REQUEST_URI} bar
    RewriteRule ^ /index.php [L,R]

    --------////////

    What the code does, it looks for a url on any page on my website i own, and sends the user to my index page if a link is pressed......

    This is a apache code ,but can be done in any programming code ,just a example what social websites are doing.

    The only way around this is send a image with the url written on it.....
     
  19. RazeByte

    RazeByte Junior Member

    Joined:
    Mar 13, 2014
    Messages:
    131
    Likes Received:
    108
    Gender:
    Male
    Occupation:
    Student
    This thread has been super useful, the knowledge has been helpful.

    Thanks!
     
  20. tommoody

    tommoody Newbie

    Joined:
    Jan 8, 2013
    Messages:
    5
    Likes Received:
    1

    Hi Razebyte,

    Are you using knownSrv hosting?

    I have same issue and my main domain is on wordpress and its mirrored on nearly 8 website and known SRV support is of no use.