Stop a site mirroring our own

Hi all,

We have discovered a site that is mirroring our own. I know this is a common thing and I’ll do my best to give all the relevant details.

Our site is https://micky.com.au/
The mirror is https://kronsepdownnews.tk/

It is getting stuff live from our site. If I purge / rename our assets those changes are reflected immediately in the mirror site (we put query strings on CSS).

I have set up a firewall rule in CloudFlare to Block if the “referer” contains kronsepdownnews.tk in the hope it would resolve the issue. I then updated the query string on our assets and purged CloudFlare. Despite this the mirror site is not blocked from serving the updated assets.

If the page requests an asset it from our domain it gets the 403 response. But most of them are being accessed via their domain but still somehow coming from our own, perhaps they are removing the referer.

I’d appreciate any advice on how to proceed / what to look for.

We have sent an email to [email protected] also.

I might add that when I tried setting the rule to “not contains micky.com.au” it broke some stuff on our own site. EDIT: I had to allow a blank referer as well as our domain to get this to work but still doesn’t block the bad domain.

They must have got your origin IP address somehow. (So allowing Cloudflare only IP to your origin may not work.) You must contact your hosting provider to allow connection from particular host.

Or if you can do it yourself, you can allow request coming from your own domain name host.

Thanks for the response, though I’m not sure I understand.

The requests from the domain are coming via CloudFlare servers so indeed only allowing CloudFlare IP’s to access the server does not work (we already had that in place).

Unfortunately the requests from that domain also do not contain a referrer and the request host is set to our own domain so it is proving difficult to find a way to block them.

Can you elaborate on “you can do it yourself, you can allow request coming from your own domain name host.”? I think you are suggesting adding a rule to allow our own domain name only, but unfortunately that doesn’t stop it.

If you use control panels you can only allow requests from the same host name as you specified in the panel. I use plesk control panel in my case. even though there is option to allow request from any hosts. I only use one host to show the websites directories.

Maybe you need to specify the domain for the directory you are hosting.

Unfortunately the requests form their domain have been modified to have the referer removed and our own host name so their is nothing to differentiate them from our own requests.

I am not taking about referrer header. Talking about Http-Host header. Id they have modified even the host header to your site. You can contact cloudflare support team…

I appreciate you are trying to help so I’ll be more explicit since you have missed the vital information in my last two replies. The http host is set to our own domain. I also said that they have removed the referer from the request.

I have logged all possible request headers in apache including IP, server name, host name, referer etc. None of it includes their domain for the requests that are coming via their own CloudFlare account. And because they are coming from their CloudFlare account the IP’s are CloudFlare IP’s so we can’t block those.

You can surely contact Cloudflare support team for further investigating if they have changed the host header different than the actual domain name. It is actually banned in Cloudflare.

Also contact your hosting provider to block it. They may really able to help you.

This topic was automatically closed after 30 days. New replies are no longer allowed.