Domain spoofing

Hi team,

First time posting here.

I am running a shopify store hosted on shopify servers/platform. For the last 36 hours I have been receiving a lot of traffic for ne of my products n my store that I am not advertising. Upon further investigating I found out that a page on Facebook is running a misleading advertisement with and routing all traffic to my store. When the user clicks on their ad, they land on my product page but surprisingly the URL on the browser window is theirs. I contacted Shopify support and was told it seems like a domain spoofing attack and asked me to file a complaint with name.com.

I filed a report with name.com but their response was that they can’t do much as the domain in question is just registered via them and that I should instead be reaching out to the hosing party. I am running in circles for last 36 hours and kind of loosing track what to do and who to reach out to - to get the issue resolved.

Any little help/tip from you will be greatly appreciated.

What led you to Cloudflare to try to fix this problem?

Who.is info for that domain says that its hosted on cloudfire.

Ok, so it sounds like a domain that has DNS on Cloudflare points to your server’s IP address, and your server is improperly serving up your content for their domain.

If that’s the case, you need to get your host to fix that. This often happens when a host doesn’t block requests to domains not hosted on that server, often using someone’s site as the “Default Domain.”

1 Like

Thank you for your response. My host is Shopify (and I believe they use Google could for hosting) and I have already notified them of the issue. Do you think there is anything else I can do? Or if Cloudfare can help in some way by stopping that domain sending traffic to my IP address?

You won’t be able to convince Support to do anything about it because the misconfigured domain isn’t yours. Shopfiy is the appropriate place to fix this.

If you want to pursue a Cloudflare remedy, you’d have to file an Abuse complaint and justify it.

https://www.cloudflare.com/abuse/

Thank you! I already filed a complaint with cloudfire using the abuse form and waiting to hear from them. Was just thinking if there is any way I can block that particular IP.

I really don’t see how you can block those IP addresses if it’s bypassing your domain. But if your domain isn’t on Cloudflare, you’re welcome to try blocking Cloudflare’s IP addresses:

1 Like

Thank you!

1 Like

This topic was automatically closed after 30 days. New replies are no longer allowed.