It is likely an innocent mistake on the part of your web host, not an attack. What may have happened is that the IP address assigned to your domain by the host was recycled. Your domain has a new IP. And the old IP is being used by the other domain. You can verify this by going through the original emails/documentations for your domain when it was first hosted and noting the IP they gave you. Then verify what your new IP is. You can do that by checking at your hosting control panel or doing a whois search. Ideally your hosting CP will tell you. If the case is as I described then the current IP will not match your original records. Additionally, the IP the OTHER domain has will be your original IP.

If this is the case then you're looking at a DNS configuration issue that must be worked out with your web host.

@martinibuster:

I would love that to be an innocent mistake on someone's part (including mine) but that seems highly unlikely.

The offending domain name was chosen from the same niche as my site, my site is on a VPS that has its own nameserver and most importantly, for the last couple years the site has been on the same dedicated IP.

So, yeah, I would be inclined to think it was a deliberate setup. About 10% of my pages have been indexed by Google under the other site's domain name. The domain name's homepage shows same PR5 as mine (though site has no history). It's really hard to tell about links going to the other domain because all the links Google shows on links:otherdomain.com are actually links to mine(!). It's as if, if I didn't catch it soon enough, my site would have been completely replaced by the other one. At which point, I presume, the perpetrator would have switched the IP and channeled all my Google traffic (and possibly all other traffic except for direct type-ins) to the site/landing page of his choosing.

What's the right name for this kind of attack, anyone knows? I'd like to read up on it to see if any other site I work with can be compromised that way.

[edited by: encyclo at 12:10 am (utc) on June 8, 2009]
[edit reason] disabled smiley graphics [/edit]

It could be a variant of DNS Cache Poisoning [webmasterworld.com]

1script, none of the reasons you suggested exclude the possibility of what I'm suggesting. You didn't post that you did the diagnostics I suggested so I recommended you do that before writing it off. I'm not insisting this is positively what is going on, but I am suggesting you diagnose the issue first as I suggested before coming to a conclusion.

The symptoms you posted are the same in the phenomenom I suggested, particularly the PR showing. Another symptom is if you do a search for something you ranked for but when you click on the SERP you get the other domain. So do the diagnostic as I suggested, I've seen this before and am speaking from personal experience, not something I read on sphinn. ;)

I'll explain it with more detail
Do a whois lookup on the other domain. Write down the IP address it's being hosted on. If it's the phenomenom I'm suggesting then that IP is what your content used to be hosted on but at some point, likely when you moved from the Dedicated Server to VPS the IP was changed to a new one.

Sometime afterward, the old IP was assigned to the other domain. What is happening though is that your host is still associating your Domain with the content being hosted at the old IP. This is what may be causing the issue.

It doesn't matter if your registrar is pointing the domain to the new IP where your content is being hosted. The problem is with the hosting.

[edited by: martinibuster at 12:42 am (utc) on June 8, 2009]

Does the other domain use your host's DNS? How long have you had the same dedicated IP? This exact scenario has not happened to me, but I have been shown a few examples of this. Every time, it was malicious. Of course that does not discount the possibility of an innocent mistake, just that it appears I have less faith in human nature than martinibuster. ;)

In any case, whether deliberate or not, it has highlighted a weakness in your site's setup. The changes you need to make are the same whatever the explanation. Check the link profile of the other domain. If it is unsavoury, then serve a 403 for requests for that hostname, otherwise serve a 301 permanent redirect for any request other than for the preferred variant of your primary domain.

>>>The changes you need to make are the same whatever the explanation.

No, the solutions are not the same. If it's the situation I am suggesting then it is something an admin at the web host will have to resolve.

>>>it appears I have less faith in human nature than martinibuster...

It takes faith to make an assumption. I have zero faith. ;) I'm simply suggesting that the OP examine the clues first before reaching a conclusion. Not 100% certain and it could be malicious. But it's best to examine this thoroughly before assuming it is malicious.

For instance, that the OP moved from a dedicated to VPS server is a clue in the direction there is a legacy issue at the web host. To verify, find out what the previous IP was, then look up the IP of the other domain. If they match then that's the issue.

Anyone can aim their DNS entry at your server's IP and assuming you have more than one domain on the server it will only resolve to the first domain on that server.

Adding this to your .htaccess file should help this problem:

RewriteCond %{HTTP_HOST} !^(example\.com)?$
RewriteRule ^(.*)$ http://example.com/$1 [R=301,L]

This will stop any DNS hijacking of your site in the search engines or otherwise as Apache will redirect anything that isn't your domain name back to your actual domain name.

[edited by: incrediBILL at 2:16 am (utc) on June 8, 2009]

@incrediBILL and encyclo:

The other domain did not use my DNS, they just pointed their nameserver to my IP. I have implemented just the directive you gave here in .htaccess (with !^www 'cause the canonical name has a www.mydomain.com) and it worked. Still, it just strikes me as incredible that Apache (1.3) would serve a host that does not exist in its VirtualHost directives. I would much prefer this possibility eliminated using proper Apache directives. And also, it looks like there could be plenty of other sites vulnerable that way.

Still, since this is a Google forum after all, I am concerned about Google indexing my pages as their URLs thus creating perfectly duplicate content. It is probably too early to tell but the number of the pages they show for the offending site is still the same. I hope it's going to come down (to zero?) as they re-visit the pages.

I feel a bit unsafe about requesting a spam removal using Webmaster Tools because if you open a cache of a page at *THEIR* site it says: "This is Google's cache of *URL at MY site*". So, Google seems a bit confused about what's where. I don't want to report *THEIR* site only to find out that Google removed *MINE*

I would not suggest submitting a spam removal request. Instead I'd suggest a reconsideration request that explains the details.

Another step that could help untangle things here, although it is still rather new, would be the canonical tag [webmasterworld.com]. Then if some other domain points to your page, their page will also be indexed as using YOUR url and that should help to make things perfectly clear.

One more thing @encyclo:

I would certainly serve 403 instead of 301 to my canonical URL as it is now if I better understood implications with the way Google indexed their site.

You see, I'm sort of out of fresh ideas trying to find their link profile. For all intents and purposes *THEIR* link profile as shown by G using link:theirdomain.com is *MY* link profile. It's like a perfect site takeover. VERY scary how Google fell for it (Yahoo didn't - no links shown for theirdomain.com )

The other domain did not use my DNS, they just pointed their nameserver to my IP.

Never said they used your DNS, they don't have to use YOUR DNS, a DNS record is simply a pointer that resolves a domain name to an IP address.

Anyone can randomly point any domain name pointer to any IP address anywhere.

Most likely it's something simple on your hosting companies site like MartiniBuster said because leftover DNS records from old sites lingering in the hosting companies server happen all the time.

Still, since this is a Google forum after all, I am concerned about Google indexing my pages as their URLs thus creating perfectly duplicate content.

If you do as I suggested with the Apache redirect (if you're on apache) then Google won't index the other domain whatsoever.

We've run into this problem before, it's easily solved with 2 lines in an Apache file, done, problem solved.

@IncrediBILL:

Most likely it's something simple on your hosting companies site like MartiniBuster said because leftover DNS records from old sites lingering in the hosting companies server happen all the time.

No, I don't really think it's possible. In any case, it would have been one heck of a co-incidence. But in any case, my site has a dedicated IP address and it is on a VPS server that I got from the good provider fresh with nothing on, and built all the sites up from scratch. It was back in 2006 and the IP has not changed since. On that VPS I do have an IP that's shared but this was not it. Also, I don't have DNS records mentioning the offending domain.

But I do agree that the actual root of the problem IS simple: Apache in its vanilla cPanel setup just does not check the stupid server name before serving up on an IP from its <VirtualHost blah-blah:80> directive. I use Apache 1.3, should I upgrade to 2? Does that even matter in this particular case?

Now I must agree that this is probably a legit malicious attempt considering the similarity of the domain names industry and the relative new creation of the other domain.

Typically it's older sites that die off registered for years in advance that cause these sorts of problems which is clearly not the case here.

Let us know how it works out, if you can get the host of their DNS record to remove your IP.

You might actually want to ask your host to attempt this because the hosts usually have contacts within the various other hosts and registrars and will more than likely get a response quicker than just a domain owner.

As it is a dedicated IP, you should ideally add one line to that rewrite for the sake of completeness. If you are using the non-www version:

[b]RewriteCond %{HTTP_HOST} .[/b]
RewriteCond %{HTTP_HOST} !^(example\.com)?$
RewriteRule ^(.*)$ http://example.com/$1 [R=301,L]

If you prefer www.example.com then:

[b]RewriteCond %{HTTP_HOST} .[/b]
RewriteCond %{HTTP_HOST} !^(www\.example\.com)?$
RewriteRule ^(.*)$ http://www.example.com/$1 [R=301,L]

The extra line allows for a true HTTP/1.0 request with no hostname specified - otherwise such a request would go into an infinite loop. More details in the Apache forum [webmasterworld.com].

I'm not familiar with Apache servers but the default setup on IIS servers is for ANY domain name arriving at the server on ANY IP to be served the content of the default site.

The first thing I do on a new server (or IP on existing virtual server) is to set up the site for the correct IP with ONLY the domains that should work with the site: eg example.com and www.example.com. No other domains can then access the site, even if they are on the same IP (in fact the situation arose on a previous server where the IP was still active for another domain; accesses got logged but no content was served).

I assume there is something similar on Apache rather than use rewrites? It's worth checking that your hosting company (or whatever) has set up the IP/domains correctly and not just left it as default.

Or did I miss this suggestion reading through the above?

Yes, Apache does work in a similar way. Even though there is a name of the server in the VirtualHost directive, it responds to ANY host name for as long as it recognizes the IP address.
Was actually an eye-opener for me, I never thought this behavior is by design but here I am, trying to fix a problem that everybody says does not exist. I tried to elevate the issue with my hosting provider, they responded that there is nothing to fix, Apache always works like that.
Tried to contact GoDaddy's abuse team (the other domain registered with them and uses their nameservers), gave them all the pertaining details but they are saying: "it's not abuse, talk to our customer service department".
So, it looks like we have a perfect hack on our hands: everything works as intended and yet someone can easily create an exact replica of your site on their domain name using resources of *your* server!

And yes, the proper use of .htaccess as given above in this thread seems to help in sending your users back to you (via the 301 redirect) even when they click on links to the offending site. However, what makes me still uneasy is that the amount of indexed pages Google returns for the offended site is still growing! Two days after the 301 redirects have been in place, they have indexed 400 more pages under the wrong domain name. I mean, those pages probably don't rank for anything but I think there may be a chance they are hurting my site through the duplicate content.