Hello anthonyinit 2017 and welcome to WebmasterWorld [webmasterworld.com]

This is most often done by the remote site wrapping your site's address in an iframe.

<iframe>https://example.com/</iframe>

You can't stop them from doing this, but you can stop your server from sending your content to the user's browser by using this script at the top of every page (or in the header for the entire site):

<script type="text/javascript">
if (parent.frames.length > 0) {
parent.location.href = location.href;
}
</script>

and the header tag in htaccess:

 
Header set X-FRAME-OPTIONS "deny"

This should stop any effect caused at Google.

@keyplyr thank you so much for your reply... but i like to say that i'm not so good with codes and stuff so can i simply copy this code as it is into my header and .htaccess file ? or do i need to edit this code?

thank you for your understanding :)

Code is generic... no need to edit

As always, make a copy of any file you intend to edit, so if things go sideways, you can always put the original file back.

i add the 1st code into my header and all works well then i add the 2nd code into my .htaccess file and i got 500 internal server error so i remove the code from my .htaccess file now site is back online

The header code goes at the very top, outside of anything else.

Different servers are set up differently. The "header set" syntax is the most common for Apache versions, but you should ask your admin how they prefer it done.

You could try:

 Header append X-FRAME-OPTIONS "deny"

Are you using a CMS (like Drupal or Wordpress)?

I'm using VPS with fully root access. OS Debian and latest Apache. control panel Virtualmin.

even your 2nd code "Header append X-FRAME-OPTIONS "deny"" gave me 500 internal error

no sir i'm not using a CMS

thank you

Always good to state your server set-up :)


Add following line in Apache Web Server’s httpd.conf file:

Header always append X-Frame-Options SAMEORIGIN

https://geekflare.com/secure-apache-from-clickjacking-with-x-frame-options/

i add the 2nd code into my .htaccess file and i got 500 internal server error

500 errors tend to be caused by embarrassing typos on your part. (Ask how I know this :() Check for basics like trailing (or leading) blank spaces at the end of the line: some areas of Apache don't care, but others throw fits.

:: detour to check something ::
Override: FileInfo so no worries there. If you have htaccess at all, you can use this directive. As usual, Apache 2.4 has more options than 2.2 when it comes to the "Header" directive, but anything you could do in 2.2 you can continue to do in 2.4.

For a single word like “deny” the quotation marks are optional.

Are you copying-and-pasting the suggested headers, or typing them in from scratch?

@keyplyr i don't see apache httpd.conf i only see apache2.conf

@lucy23 yes i'am copy and paste whatever the code is given here.

My apache2.conf file [snip]

my .htaccess file [snip]

mod note: [please post your code here using code [webmasterworld.com] tags]

[edited by: phranque at 12:08 am (utc) on Oct 29, 2017]
[edit reason] download links [/edit]

Require all granted

Ka-ching, you're in Apache 2.4. That's assuming this is the .conf file your site is actually using. Do the .conf file and the .htaccess pertain to the same site? The only AllowOverride directives I can find say "None", meaning that your htaccess wouldn't even be read.

<tangent>
If you've got "Order Deny,Allow" and you've got "Deny from all" then the "Deny from..." lines at the end have become superfluous. But I do hope you've got mod_compat_thingy, because these are 2.2 directives.

Things that can happen when copy-and-pasting include various changes to white space--for example when I copy from Firefox, I tend to end up with an added blank space at the beginning--though this probably wouldn't lead to a lethal error. (I did some experimenting on my test site to confirm that I'm not talking through my hat.)

But first let's sort out the apparent mismatch between .conf and .htaccess

Edit: I grabbed the two files before the download links were edited.

[edited by: lucy24 at 12:16 am (utc) on Oct 29, 2017]

i got 500 internal server error

check your server error log file for clues.

@anthonyinit 2017 - using the javascript alone (without the header) will be successful in stopping a remote webpage from capturing your content.

Just know that all this is done in the browser. The remote site may iframe the URL of your page, but it is the browser that renders your page. Most modern browser support javascript. A few users turn it off, or use a browser extension to block it, but the majority of users browse the web with javascript on. That javascript stops the iframe from working in the browser.

i will try to use this java code without .htaccess code

what if i change my server/web IP address will this fix my problem?

i found another 4 domain pointing to my website content under their domain name...

OMG i'm going crazy right now. google already dropped my website and up the fake website :(

what if i change my server/web IP address will this fix my problem?

No, after the DNS propagates to all the ISPs (where the browsers get it) the domain name will point to your new IP.

Did you look in your server's error log as phranque suggested? That should tell you the reason for the 500 error. It's likely to be just a syntax mistake and easily fixed.

this is what my hosting provider (ISP) said to me

Those IP ranges belong to Cloudflare so the behavior makes sense. The owner of the domains you see probably has them still configured in Cloudflare with your VPS IP as target.

If you do not want the requests to reach your server, you may block the Cloudflare IP ranges on your server via firewall. The networks are listed here:

https://www.cloudflare.com/ips/

Here is an example iptables rule:

iptables -I INPUT -s 104.16.0.0/12 -j REJECT 

Well that would be worth a try, however the problem is Cloudflare is a CDN (content distribution network) using potentially thousands of ip addresses.

The /12 is a huge block, so that just may do it. I'd keep a very diligent watch on your raw server logs for a couple months to see if any hits are coming from beyond that /12 block.

so should i log into my terminal as root and simply add the given command ?

iptables -I INPUT -s 104.16.0.0/12 -j REJECT

thank you

Whenever you get a 500 internal server error you should have a corresponding entry in the server error log file. What did the server error log file tell you?

You could do that, and it is one of the common defense approaches to block server farm IP ranges. I block about 6k ranges, including that CF range, read here: Blocking Methods [webmasterworld.com]

However, it will *not* fix the problem you are reporting. Your ISP is not understanding what is happening.

If in fact your content is being iframed, and it certainly sounds like it is, blocking the IP address of the offending website has nothing to do with that iframe. They are not *linking* to your site. They are not *requesting* your content.

Your content is being served to users by your own server, just remotely and inside an iframe located at another webpage. That's why you need to block iframes.

A better use of your ISP support team would be for them to assist you with the proper syntax to install the above mentioned header.

@keyplyr i agree with you on this definitely this has something to do with iframes so i gave up on blocking IP's now i'm only going to focus on iframe issue only... let me try to add you js code u have given me and if i get 500 error i will post here my log data... so u all can help me

thank you all so much for your continuous support i really appreciate it.

Don't overlook phranque's advice. Check your server error log if you get a 500 error and work with your host to get that header installed.

ok i will thank you all... i will keep u all updated :)

haha congradz to me this is what my hosting provider told me

Dear Sir,

Thank you for your message.

The domain fakedomain.com does not appear to be using an iframe to fetch the data from your server. It is more likely that it is getting the data through some other method and automatically editing the source code to replace the links. We could try a few different approaches to block this behavior, unfortunately this exceeds our regular support and would have to be done by one of our specialists. This service would have to be charged with 25.00 EUR per 15 minutes and parts thereof. We do not know how long it would take to find a working solution for this, but we expect it to take at least 45 minutes, which is why we would need a payment of at least 75.00 EUR upfront. In case we find a solution faster than expected, we would of course only charge for the time we actually needed and the remaining amount would stay in your user account to cover future invoices. In case the estimated time does not suffice, we will of course contact you again before additional costs arise.

i gave up

What do you see when you examine the source code at the offending site? What type of HTML tags surround your content?

The proactive defensive blocks for remote iframes is something every website should use whether this is the cause of your hijacked content or not.

Another common method to scrape content are the various RSS feed checkers & fetchers. They scrape your content and display them remotely and never leave a trail. I recommend blocking them all, especially Google's feedfetcher. More info here: [webmasterworld.com...]

someone who actually saw my website and fake website and he/she reply me with this

Got a PM with the actual domains. The other sites are using cloudflare it appears. One domain is indeed no longer resolving. The other is showing OP's page and not removing their name from it. This leads me to think cloudflare is pointing to the server IP. The good news is, you can block cloudflare's grabs easily but putting denies in .htaccess for their IPs. 

Well that may in fact be what is happening, so blocking that range would be worth considering. Also consider sending Cloudfare support an explicit email asking them to remove your server IP from their config.

is there any code for me to block that range of IPs any help for this poor guy :(

You posted it above. I assume that is the correct syntax. Sorry, I'm not familiar with how your terminal is set up.

oh yeah let me try to add those IPs and see :)