Regarding recent malicious image solutions and countermeasures

Yesterday I found a webmaster friend having a heated discussion in the group, saying that there was an identical website! This site also had the mentality of giving it a try, entered its own small site, and found that it was also mirrored! Through continuous discovery, this malicious mirroring incident is not targeted at a single person, but is a group, including Alibaba Cloud, 360, 163, qq, JD.com and other major websites or those specializing in security. What is curious is that Check Baidu on this website, you are lucky!

At present, this site has checked 360, qq, Alibaba Cloud and the famous Lu Songsong blog and other related websites again, and similar problems still appear!

This is true for big sites, and small sites like ours are not free from this fate either! This site checked the domain name ytlqpo. It was registered not long ago and was registered abroad. Will malicious mirroring have any impact on our site?

This can only be done with the help of Du Niang!

The dangers of malicious images

[warning] The malicious mirrorer intends to use his own domain name with a certain weight to coerce, so that search engines will be confused about the newly established website. It is difficult to distinguish the authenticity of the two domain names that exist and are resolved at the same time, and do not know how to choose. . Some search engines have relatively mature technology and can distinguish true from false, but you cannot guarantee that all search engines can give you the correct choice. They may also choose the domain name of a malicious person and delete the domain name of the original webmaster. At the same time, many webmasters who encounter this situation may also be newbies and do not know how to deal with it, which ultimately allows malicious people to succeed.

As for what the malicious actors will do after they get their hands on it? We can only speculate. But no matter what, it won't be to your advantage. Don't be happy because you bring some traffic, because when you bring traffic, you will also take away your users. While search engines are confused, users will also be at a loss, not knowing which is true and which is false. If the malicious person's domain name or other parts contain sensitive and unhealthy information, the victim's IP may also be blocked. [/warning]

Resolutions and Countermeasures®

After trying many methods to no avail, I thought of a stopgap measure: banning the access IP of malicious mirror websites. This is a stopgap measure because there is no guarantee that its IP will change, and this IP is not a mirror URL. The resolution IP

Due to many attempts to solve the problem, I discovered that the principle of this malicious mirror website is probably: when others visit abc.xxxxx.com, it will visit (www)abc.com(cn\net\cc \xyz\wang), and then modify the access result and return the link to you. Therefore, it must have a process of accessing the origin site. So the solution is to ban this access IP.

After searching a large number of website logs and failing to confirm this IP, I wrote a PHP file to intercept this access IP.

1. Intercept IP

Name the above file "ip.php" and place it in the root directory of the website. Then I access 7vps.xxxxx.com/ip.php through the mirror website URL, and then obtain this in the ip.txt generated by the above PHP program. IP:

104.194.16.230 (United States)

2. Block IP

Add the following code in htaccess:

When you use the mirror URL to access your website again, a 403 error will be reported. Now even if Baidu includes this URL, it will not have any impact on your website.

3. Countermeasures

In order to give this mirror website a small "counterattack", I decided to set this 403 error page to the URL of another website. The method is to add the following to the htaccess code that blocks the IP:

The above method is based on wordpress. If you use other types of programs, you can give it a try!

No matter how you operate, first block the original IP, so this site found that it can be blocked with the help of some CDN! Currently, the VPS recommendation network uses IP shielding performed by Baidu Cloud Acceleration. This is still worth learning from!

If you are using a vps or server, you can also block it through firewall and other related rules, such as: iptables -I INPUT -s 104.194.16.0/24 -j DROP

If you are using a virtual host, you can ask the host provider to help with the shielding operation! The current demonstration effect of this site is like this!

Recommended site searches: virtual host application, Hong Kong server rental, US free hosting, vps virtual server, Wanwang space registration website, domain name resolution query, server rental, network server rental, US space,