My discourse has either been hacked or catfished?

I noticed bing webmaster telling me I had a backlink from somewhere. I investigated to find to my surprise someone had stole my discourse based site!

I deactivated ‘allow same origin’ plugin but its still somehow appearing on this fake site.

My site is and the catfish is

Has my discourse been hacked?


have you checked your DNS?

kindly check your host/domain provider as well. They might be able to look into the config/settings why is your site pointing to another domain simultaneously.

1 Like

Yes I contacted them. They said this other person is pointing their domain to the server. Why would they even bother doing that?? What’s a foolproof and easy way to block traffic from their domain?

1 Like

I think this is a fix @sam needs to make so the site will only answer to the official domain and IP address.


We already had this case once here on Meta, but I cannot find the topic or remember the resolution :frowning:

I don’t have the topic reference to hand, but it was given to me to rummage around and try to munge the nginx config to setup a separate default site. Never quite got around to actually doing it, though.

Sometime, it’s quite useful for helping reduce the redirection configuration, i.e. www

And I am pretty sure web ssl template will redirect the user to the actual domain.

if ($http_host != $$ENV_DISCOURSE_HOSTNAME) {
    rewrite (.*) https://$$ENV_DISCOURSE_HOSTNAME$1 permanent;

ssl and letsencrypt templates would relieve you from all kinds of troubles.

EDIT: You don’t even need to issue any certs for domain where you want redirection comes from.


Yes, I consider this solved, everyone should be using the lets encrypt template, it is free and solves this issue 100%


Ok where do I find it and use it? Does this mean I need to install a certificate?

The first search result for: “lets encrypt”