My discourse has either been hacked or catfished?


I noticed bing webmaster telling me I had a backlink from somewhere. I investigated to find to my surprise someone had stole my discourse based site!

I deactivated ‘allow same origin’ plugin but its still somehow appearing on this fake site.

My site is and the catfish is

Has my discourse been hacked?

(| full stack virgin) #2

have you checked your DNS?

kindly check your host/domain provider as well. They might be able to look into the config/settings why is your site pointing to another domain simultaneously.


Yes I contacted them. They said this other person is pointing their domain to the server. Why would they even bother doing that?? What’s a foolproof and easy way to block traffic from their domain?

(Jeff Atwood) #4

I think this is a fix @sam needs to make so the site will only answer to the official domain and IP address.

(Felix Freiberger) #5

We already had this case once here on Meta, but I cannot find the topic or remember the resolution :frowning:

(Matt Palmer) #6

I don’t have the topic reference to hand, but it was given to me to rummage around and try to munge the nginx config to setup a separate default site. Never quite got around to actually doing it, though.

(Erick Guan) #7

Sometime, it’s quite useful for helping reduce the redirection configuration, i.e. www

And I am pretty sure web ssl template will redirect the user to the actual domain.

if ($http_host != $$ENV_DISCOURSE_HOSTNAME) {
    rewrite (.*) https://$$ENV_DISCOURSE_HOSTNAME$1 permanent;

ssl and letsencrypt templates would relieve you from all kinds of troubles.

EDIT: You don’t even need to issue any certs for domain where you want redirection comes from.

(Sam Saffron) #8

Yes, I consider this solved, everyone should be using the lets encrypt template, it is free and solves this issue 100%


Ok where do I find it and use it? Does this mean I need to install a certificate?

(Rafael dos Santos Silva) #10

The first search result for: “lets encrypt”

(Jeff Atwood) #11