Support » Plugins and Hacks » Hacks » Why is my site on another domain? Is it hacked?

Viewing 15 replies - 1 through 15 (of 31 total)
  • I see the same theme. Isn’t it possible they use the same theme?
    I don’t see the same content. Do you?

    Jesper

    (@jesperpopma)

    Thanks for your reply.
    No it is not possible that they use exactely the same theme. Because all the background images are mine. Also the favicon is mine. But I don’t see the same content either. But I’m receiving referral traffic from this site. And my site is found with Turkisch keywords, wich have no relations to my content.

    Jesper

    (@jesperpopma)

    I just tried the following:
    I deleted my themes custom background images. Now the Turkisch site is effected by this, because all their background images are lost. So they must have some connection with our server.

    really not much we can do here if they have ripped you off
    here is the registrar info for the domain
    http://www.geektools.com/whois.php
    just input blogcu.com and all the contact info will come up

    wait – I see you are on wordpress.com
    the turkish site appears to be a similar site to wordpress.com
    anyway report this here and you will likely get some quick help
    Home

    Jesper

    (@jesperpopma)

    Samuel,

    My site is not on wordpress.com, but it’s self hosted!

    I’ve changed my theme-name and now the turkish site is without a theme:

    http://sekerziyafe.blogcu.com/

    But still there is a connection because When I load the Turkish site I see in my statusbar in firefox that it is also loading my site:

    Home

    So they must have acces to my server or embedded some code somewhere in my files?????

    What to do?

    sorry – looking at your profile link I thought you were on wordpress.com

    I would suggest contacting your host about this

    Jesper

    (@jesperpopma)

    I contacted my host and they think my site is hacked. They say I should restore my files. But where to start in this case. Start with plugins, themefiles, upload files? or WordPress core files? Any sugestions? Where is most likely to get infected?

    Jesper

    (@jesperpopma)

    Thanks,I’ll check!
    I found, using fire bug, several URL’s in the resources from my site on the Turkish site. Several themes and plugin CSS-es are used and/or have a referal. For example:

    Antwoordheadersbron bekijken
    Date	Sun, 17 Oct 2010 13:13:28 GMT
    Server	Apache
    X-Pingback	http://nijmegeneet.nl/xmlrpc.php
    Expires	Wed, 11 Jan 1984 05:00:00 GMT
    Last-Modified	Sun, 17 Oct 2010 13:13:29 GMT
    Cache-Control	no-cache, must-revalidate, max-age=0
    Pragma	no-cache
    Keep-Alive	timeout=10, max=50
    Connection	Keep-Alive
    Transfer-Encoding	chunked
    Content-Type	text/html; charset=UTF-8
    Verzoekheadersbron bekijken
    Host	nijmegeneet.nl
    User-Agent	Mozilla/5.0 (Windows; U; Windows NT 6.1; nl; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10
    Accept	text/css,*/*;q=0.1
    Accept-Language	nl,en-us;q=0.7,en;q=0.3
    Accept-Encoding	gzip,deflate
    Accept-Charset	ISO-8859-1,utf-8;q=0.7,*;q=0.7
    Keep-Alive	115
    Connection	keep-alive
    Referer	http://sekerziyafe.blogcu.com/
    Cookie	__utma=15978665.1807316893.1277214311.1287247968.1287316242.251; __utmz=15978665.1286897139.234.40.utmcsr=feedburner|utmccn=Feed:%20NijmegenEet%20(Nijmegen%20Eet)|utmcmd=feed|utmcct=FeedBurner; wp-settings-1=hidetb%3D1%26editor%3Dtinymce%26imgsize%3Dthumbnail%26urlbutton%3Dfile%26align%3Dleft%26galfile%3D1%26galcols%3D2%26m0%3Dc%26m1%3Dc%26m2%3Dc%26m3%3Dc%26m4%3Dc%26m5%3Dc%26m6%3Do%26m7%3Dc%26m8%3Do%26m9%3Dc%26m10%3Do%26m11%3Dc%26galdesc%3D1%26m13%3Dc%26m14%3Dc; wp-settings-time-1=1287316018; wpgb_visit_last_php-http://www_google_nl=1281467032; wpgb_visit_last-http://www_google.nl=Tue%20Aug%2010%202010%2021%3A04%3A24%20GMT+0200; wpgb_visit_last_php-http://nijmegeneet_nl=1281467068; wpgb_visit_last-http://nijmegeneet_nl=Tue%20Aug%2010%202010%2021%3A02%3A47%20GMT+0200; wpgb_closed-http://nijmegeneet_nl=Tue%20Aug%2010%202010%2020%3A59%3A22%20GMT+0200; wp-settings-2=hidetb%3D1%26editor%3Dtinymce%26imgsize%3Dfull%26galfile%3D1%26galdesc%3D1%26m4%3Do%26m1%3Do%26m10%3Do%26urlbutton%3Dpost%26m6%3Do%26m2%3Do%26m14%3Do; wp-settings-time-2=1284057078; wp-settings-time-3=1285682825; wordpress_test_cookie=WP+Cookie+check; __utmc=15978665; wordpress_logged_in_7c2bfd4ce9c908612bb87c0449d58bcf=jesperpopma%7C1287490898%7C6335460f791b97c89790f5adec43bf2b

    Maybe they have simply hotlinked to your site images and taken your theme?

    Jesper

    (@jesperpopma)

    Thinkdeep,

    Yesterday, I have disabled hotlinking on my server.

    But, since yesterdy night it looks like the entire turkish site is down:

    maindomain:
    http://blogcu.com/

    subdomain:
    http://sekerziyafe.blogcu.com

    Does this indicate that the problem is on their site?

    Moderator James Huff

    (@macmanx)

    If you view the source of the offending site (it’s back now), they have quite literally copied your entire site, including the fact that all of the resource links (CSS, images, plugins, etc) all point back to your domain.

    They’ve literally stolen your design, resource files, and they’re stealing your bandwidth.

    Add this to the very top of your .htaccess file ASAP:

    RewriteEngine On
    RewriteCond %{HTTP_REFERER} ^http://(.+\.)?blogcu\.com/ [NC]
    RewriteRule .*\.(jpe?g|gif|png|css|js|xml)$ - [F]
    Moderator James Huff

    (@macmanx)

    Update: I just updated the code above. I’m not sure if it works any better than the last, but it is the last of its type that I ever used, so I’m more confident that it’ll work.

    A brief explanation, the code will issue a 403 (access denied) error to all requests for .jpeg, .jpg, .gif, .png, .css, .js, and .xml files from any blogcu.com domain.

    Jesper

    (@jesperpopma)

    James,

    I’ve added your code like so:

    RewriteEngine On
    RewriteCond %{HTTP_REFERER} ^http://(www\.)?blogcu\.com/ [NC]
    RewriteRule \.(jpe?g|gif|png|css|js|xml)$ - [F]
    
    # BEGIN WordPress
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteRule ^index\.php$ - [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
    </IfModule>
    
    # END WordPress

    Doe not seem to do the trick?

Viewing 15 replies - 1 through 15 (of 31 total)
  • The topic ‘Why is my site on another domain? Is it hacked?’ is closed to new replies.