I noticed bing webmaster telling me I had a backlink from somewhere. I investigated to find to my surprise someone had stole my discourse based site!
I deactivated ‘allow same origin’ plugin but its still somehow appearing on this fake site.
My site is http://www.aibuapp.com/ and the catfish is http://labthi.ng/
Has my discourse been hacked?
2 Likes
have you checked your DNS?
kindly check your host/domain provider as well. They might be able to look into the config/settings why is your site pointing to another domain simultaneously.
1 Like
Yes I contacted them. They said this other person is pointing their domain to the server. Why would they even bother doing that?? What’s a foolproof and easy way to block traffic from their domain?
1 Like
I think this is a fix @sam needs to make so the site will only answer to the official domain and IP address.
3 Likes
fefrei
(Felix Freiberger)
May 6, 2016, 5:56am
5
We already had this case once here on Meta, but I cannot find the topic or remember the resolution
mpalmer
(Matt Palmer)
May 6, 2016, 6:15am
6
I don’t have the topic reference to hand, but it was given to me to rummage around and try to munge the nginx config to setup a separate default site. Never quite got around to actually doing it, though.
Sometime, it’s quite useful for helping reduce the redirection configuration, i.e. www
And I am pretty sure web ssl template will redirect the user to the actual domain.
if ($http_host != $$ENV_DISCOURSE_HOSTNAME) {
rewrite (.*) https://$$ENV_DISCOURSE_HOSTNAME$1 permanent;
}
ssl and letsencrypt templates would relieve you from all kinds of troubles.
EDIT: You don’t even need to issue any certs for domain where you want redirection comes from.
5 Likes
sam
(Sam Saffron)
May 6, 2016, 11:46am
8
Yes, I consider this solved, everyone should be using the lets encrypt template, it is free and solves this issue 100%
5 Likes
Ok where do I find it and use it? Does this mean I need to install a certificate?
Falco
(Falco)
May 13, 2016, 2:34pm
10
The first search result for: “lets encrypt”
This guide is only for existing installs where HTTPS is not enabled. Following the official setup guide automatically enables HTTPS by default.
So you’d like to add https to your Discourse absolutely free, courtesy of our friends at Let’s Encrypt?
Is everything else on your site ready for HTTPS?
Before you start, please bear in mind that for HTTPS to work properly, every single resource on the page must be HTTPS compatible. Consider your CDN, your social logins, your…
5 Likes