My website is being used by another company

Hello

I have a dormant website which I’m using to display a ‘Coming Soon’ page, as I plan on using it as a portfolio site of sorts in the near future. However, as of a few weeks ago, I’ve noticed it no longer displays my page, but rather a hotel booking site for a foreign company, called ‘Apartmenty Molo’.

I was using FreeHosting.com to host my site, which admittedly sounds a bit sketchy, but the site offered very easy file transfer, cPanel, mySql databases, and other useful things - with unlimited bandwidth and storage all for free. This was just fine for me since I only wanted to display a ‘Coming Soon’ page. I thought maybe since the website had been dormant for so long, they were using it to host advertiser’s pages, and that’s how they could afford the free hosting aspect (something I might have missed in the small-print when signing up). Although, after cancelling my hosting package with FreeHosting, the issue persists. The site is https://barjo.co, as of 26/09/18 the company’s page continues to be hosted there.

How can I resolve this problem?

Thanks

One suggestion is to change your SSL setting to Flexible. This is in the SSL/TLS settings page. If that doesn’t fix it…

Go to your DNS page here at Cloudflare and set your domain DNS records to :grey:. This will bypass Cloudflare. Let us know if either of these change anything.

Thanks for your reply. My SSL setting was already set to Flexible, and I have now set my DNS records to grey. Unfortunately the site still shows the Apartmenty Molo page, but this time without https.

The site seems to be hosted at OVH, you sure that the IP it resolves to (164.132.190.162) is correct and it’s your server?

% IANA WHOIS server
% for more information on IANA, visit http://www.iana.org
% This query returned 1 object

refer:        whois.arin.net

inetnum:      164.0.0.0 - 164.255.255.255
organisation: Administered by ARIN
status:       LEGACY

whois:        whois.arin.net

changed:      1993-05
source:       IANA


#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/whois_tou.html
#
# If you see inaccuracies in the results, please report at
# https://www.arin.net/resources/whois_reporting/index.html
#
# Copyright 1997-2018, American Registry for Internet Numbers, Ltd.
#


#
# Query terms are ambiguous.  The query is assumed to be:
#     "n + 164.132.190.162"
#
# Use "?" to get help.
#

NetRange:       164.128.0.0 - 164.143.255.255
CIDR:           164.128.0.0/12
NetName:        RIPE-ERX-164-128-0-0
NetHandle:      NET-164-128-0-0-1
Parent:         NET164 (NET-164-0-0-0-0)
NetType:        Early Registrations, Transferred to RIPE NCC
OriginAS:       
Organization:   RIPE Network Coordination Centre (RIPE)
RegDate:        2003-07-23
Updated:        2003-08-06
Comment:        These addresses have been further assigned to users in
Comment:        the RIPE NCC region.  Contact information can be found in
Comment:        the RIPE database at http://www.ripe.net/whois
Ref:            https://rdap.arin.net/registry/ip/164.128.0.0

ResourceLink:  https://apps.db.ripe.net/search/query.html
ResourceLink:  whois.ripe.net


OrgName:        RIPE Network Coordination Centre
OrgId:          RIPE
Address:        P.O. Box 10096
City:           Amsterdam
StateProv:      
PostalCode:     1001EB
Country:        NL
RegDate:        
Updated:        2013-07-29
Ref:            https://rdap.arin.net/registry/entity/RIPE

ReferralServer:  whois://whois.ripe.net
ResourceLink:  https://apps.db.ripe.net/search/query.html

OrgAbuseHandle: ABUSE3850-ARIN
OrgAbuseName:   Abuse Contact
OrgAbusePhone:  +31205354444 
OrgAbuseEmail:  [email protected]
OrgAbuseRef:    https://rdap.arin.net/registry/entity/ABUSE3850-ARIN

OrgTechHandle: RNO29-ARIN
OrgTechName:   RIPE NCC Operations
OrgTechPhone:  +31 20 535 4444 
OrgTechEmail:  [email protected]
OrgTechRef:    https://rdap.arin.net/registry/entity/RNO29-ARIN


#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/whois_tou.html
#
# If you see inaccuracies in the results, please report at
# https://www.arin.net/resources/whois_reporting/index.html
#
# Copyright 1997-2018, American Registry for Internet Numbers, Ltd.
#

% This is the RIPE Database query service.
% The objects are in RPSL format.
%
% The RIPE Database is subject to Terms and Conditions.
% See http://www.ripe.net/db/support/db-terms-conditions.pdf

% Note: this output has been filtered.
%       To receive output for a database update, use the "-B" flag.

% Information related to '164.132.190.160 - 164.132.190.175'

% Abuse contact for '164.132.190.160 - 164.132.190.175' is '[email protected]'

inetnum:        164.132.190.160 - 164.132.190.175
netname:        OVH_188628250
country:        PL
descr:          Failover Ips
org:            ORG-KG48-RIPE
admin-c:        OTC12-RIPE
tech-c:         OTC12-RIPE
status:         LEGACY
mnt-by:         OVH-MNT
created:        2018-08-24T16:02:28Z
last-modified:  2018-08-24T16:02:28Z
source:         RIPE

organisation:   ORG-KG48-RIPE
org-name:       Krzysztof Gawrys
org-type:       OTHER
address:        ul. Rynek Nowy 6/2
address:        70-533 Szczecin
address:        PL
phone:          +48.503545368
mnt-ref:        OVH-MNT
mnt-by:         OVH-MNT
created:        2015-12-30T13:06:05Z
last-modified:  2017-10-30T16:45:38Z
source:         RIPE # Filtered

role:           OVH PL Technical Contact
address:        OVH Sp. z o. o.
address:        Ul. Szkocka 5 lok. 1
address:        54-402 Wroclaw
address:        Poland
admin-c:        OK217-RIPE
tech-c:         GM84-RIPE
nic-hdl:        OTC12-RIPE
abuse-mailbox:  [email protected]
mnt-by:         OVH-MNT
created:        2009-09-16T16:09:56Z
last-modified:  2013-10-30T11:40:58Z
source:         RIPE # Filtered

% Information related to '164.132.0.0/16AS16276'

route:          164.132.0.0/16
descr:          OVH
origin:         AS16276
mnt-by:         OVH-MNT
created:        2015-12-09T09:54:51Z
last-modified:  2015-12-09T09:58:12Z
source:         RIPE

% This query was served by the RIPE Database Query Service version 1.92.6 (BLAARKOP)
1 Like

Well I don’t have a server, it’s only ever been hosted on FreeHosting, which I cancelled recently. As far as I’m concerned, the site shouldn’t be being hosted by anyone!

Well you still have that IP in the DNS records though. Remove it and it should not resolve to anything.

1 Like

Ah yes that did work, thank you. Do you have any idea of what was causing the initial issue? Or is there further actions I can take to stop this happening again?

Three cases:

  • actual sabotage, which I would exclude here since the domain was barely used.
  • misconfigured server (or eventually the DNS, but doesn’t appear to be the case) which would be possible given the fact everything is free.
  • reused IP, in case the problem arised after terminating the service, with a misconfigured server that accepted every domain.

Nothing to do, simply remove the IPs which you no longer control since they can lead to issues like this.

1 Like

Alright, thanks for your help and the info.

1 Like

This topic was automatically closed after 14 days. New replies are no longer allowed.