Apache: d3stroy.com and How to Protect Your Site from Being Mirrored via DNS Redirect

Wow long time no post. I’ve been pretty busy with work and freelance stuff but I’m hoping to get back into posting again.

Well my employer had their site mirrored by d3stroy.com the other day. My coworker and I had the task of staying late and figuring out what they did.

It looks like it was some kind of DNS redirect. d3stroy.com has done this to tons of sites. They mirror any site like so: www.yourdomain_com.d3stroy.com. Just search d3stroy.com on google and see how many results there is. Does anyone what the point of this is? I don’t think they can actually harvest any data can they? Seemed like a good way to boost your google search results though.

A quick google search revealed other people with the same issue and the solution.

Add this into your htaccess or httpd.conf file and it should fix all your problems.

[pre lang=’unix’]
# redirect any request that came from a bad hostname
RewriteCond %{HTTP_HOST} !^www\.domain\.com$ [NC]
RewriteCond %{HTTP_HOST} !^$
RewriteRule ^/(.*) http://www.domain.com/$1 [R=301,L]
[/pre]

This basically says, any request that doesn’t come from our domain, redirect it to our domain. Then any d3stroy.com link that was pulling content from us would just be redirected to our site.

I hope this helps anyone else that has a similar issue.

Continue Reading