Post by lingtalfi » Sat Apr 07, 2018 5:27 pm

Hi, the same thing happens on one of my site.
I turns out this is just an apache (or any server) trick called reversed proxy.

To create such a scam mirror from your vps to facebook for instance, use this in one of your virtual host:

Code: Select all

<Location "/">
    ProxyPass "" 
And to prevent it, I used a "Require expr" (expression, read the apache manual...).
Here is my code (I'm using ssl in this case):

Code: Select all

<IfModule mod_ssl.c>
        <VirtualHost *:443>
                SSLEngine on
                SSLProxyEngine on
                ServerAlias *

                DocumentRoot /myphp/mysite/www
                <Directory "/myphp/mysite/www">
                        Options FollowSymlinks MultiViews
                        AllowOverride All 
                        Require expr "%{HTTP_HOST} == ''" 

                ErrorLog /var/log/apache2/somelog.log

                SSLCertificateFile /etc/letsencrypt/live/
                SSLCertificateKeyFile /etc/letsencrypt/live/
                Include /etc/letsencrypt/options-ssl-apache.conf

                #<Location "/">
                #       ProxyPass "" 

You see the line:

Code: Select all

Require expr "%{HTTP_HOST} == ''" 
That's the one you need (I'm no expert at apache at all, but at least in my case it solved the problem).
It basically says: if the host is not, deny the access. Now the scam site can setup a reverse proxy to your website if she wants,
but (hopefully) she cannot fake her host.
So, fuck her (and I'm being polite).

Hope this helps.



Sat Apr 07, 2018 5:16 pm

Post by Dunald » Sun Apr 08, 2018 8:09 am

Hi! Sorry did not understand.
Where do I put what code to prevent a mirror-site?
In what way is the mirror stoped, is it still a mirror of my site when I use this or does the fake site no longer have access to my site?
Do I need to know that fake-sites URL or does it prevent mirror-sites in general?

Active Member


Tue Mar 15, 2011 9:05 pm
Who is online

Users browsing this forum: No registered users and 6 guests