DNS/IP hijack

[timgdixon]

I have a situation here I hope someone can help me with.

I have a client who has the domain www.tmdcourses.com hosted on my appliance with their own unique IP address. We discovered yesterday that someone who owns the domain www.justgf.com has created an 'A' record pointing that domain to my clients domain IP, in effect hijacking them and their listing in search engines such as google. Needless to say my client is very upset about this. So if you enter www.justgf.com it takes you to my clients site but the URL address remains justgf.com.

Is there some way I can create a record on my end to redirect that domain? I know its not the complete solution, and my client is preparing to serve the offending parties provider with a subphoena to release contact/ownership info, but in the mean time when someone searches for the clients corporate name, TMD Courses Inc. google returns the www.justgf.com site as the hit. A week ago the same search returned www.tmdcourses.com

I have spoken with the offenders provider 'eNom Inc' who has basically told me they can do nothing about it because they can't tell their clients what IP's to point to and basically said because the offender has used whois privacy they won't/can't release any info about the person(s) who are doing this.

It makes no sense to me why someone would do this in the first place, so if someone with more experience than I can help me out here to do something in the meantime I would truly appreciate it.

TIA,

Tim

 

[jwdick]

It looks like you might have this solved. I just clicked on www.tmdcourses.com and was taken to the correct url in the address bar.

I was just wondering what you did to correct this?

Thanks

 

[timgdixon]

Hi Jack,

Its the other way around, my client is www.tmdcourses.com the offender(for lack of a better word) is www.justgf.com

So when a person searches google for TMD Courses Inc. google returns www.justgf.com instead of what it returned a week ago which was the correct site www.tmdcourses.com

Hope that clears up the confusion.

Edit: and I should add that the issue is one of a hijacking by way of an 'A' record pointing to the client domain from the offender domain which affects how the site is indexed in search engines, i.e., the incorrect URL

 

[timgdixon]

I guess I should take the lack of response to mean there is no way to defeat this type of an attack.

However, I remain hopeful someone else has encountered this same problem or is this so enigmatic that no one knows what to do to defend against it.

 

[Highland]

Wow, this is a new spin on the 302 problem. Thankfully you've got a hella easy fix that will work. You need to 301 the hijacking URL to your true URL. If your site is in PHP you can use the following script

<?php if(getenv("HTTP_HOST")=="www.justgf.com")
{
header("HTTP/1.1 301 Moved Permanently");
header("Location:http://www.tmdcourses.com");
exit;
}?>

What this does is it fixes Google's sloppy coding. Yes, Google considers it your problem when their system screws up. Google will see the 301 and reassociate the site with its proper URL. To further help this along you should use fully qualified URLs for links and images (ie "http://www.domain.com/file" instead of "./file")

Hope this helps.

 

[timgdixon]

Thank you Highland it definitely did the trick. I figured someone had to have a work-around for this.

I will have the client conform to qualified URLs for links and images as you have suggested.

I am still shaking my head as to why someone would do this, but they do have a surprise coming as the company has hired a lawfirm to subphoena the registrants name and will likely go after them.

Again thank you for the help.