My discourse has either been hacked or catfished?

I noticed bing webmaster telling me I had a backlink from somewhere. I investigated to find to my surprise someone had stole my discourse based site!

I deactivated ‘allow same origin’ plugin but its still somehow appearing on this fake site.

My site is http://www.aibuapp.com/ and the catfish is http://labthi.ng/

Has my discourse been hacked?

2 Likes

have you checked your DNS?

kindly check your host/domain provider as well. They might be able to look into the config/settings why is your site pointing to another domain simultaneously.

1 Like

Yes I contacted them. They said this other person is pointing their domain to the server. Why would they even bother doing that?? What’s a foolproof and easy way to block traffic from their domain?

1 Like

I think this is a fix @sam needs to make so the site will only answer to the official domain and IP address.

3 Likes

We already had this case once here on Meta, but I cannot find the topic or remember the resolution :frowning:

I don’t have the topic reference to hand, but it was given to me to rummage around and try to munge the nginx config to setup a separate default site. Never quite got around to actually doing it, though.

Sometime, it’s quite useful for helping reduce the redirection configuration, i.e. www

And I am pretty sure web ssl template will redirect the user to the actual domain.

if ($http_host != $$ENV_DISCOURSE_HOSTNAME) {
    rewrite (.*) https://$$ENV_DISCOURSE_HOSTNAME$1 permanent;
}

ssl and letsencrypt templates would relieve you from all kinds of troubles.

EDIT: You don’t even need to issue any certs for domain where you want redirection comes from.

5 Likes

Yes, I consider this solved, everyone should be using the lets encrypt template, it is free and solves this issue 100%

5 Likes

Ok where do I find it and use it? Does this mean I need to install a certificate?

The first search result for: “lets encrypt”

5 Likes