un-"hijacking" a stolen website

D

Delanie

hi folks

I recently discovered that my domain has been "hijacked" without permission
by someone who purchased a domain, obviously set up forwarding at the dns
level, in some kind of stupid attempt to hijack hits (or something) from my
site. My actual site does appear under his domain-name, and I tested by
updating a page, and it also updates, meaning he has forwarding which keeps
his domain name in the browser window.

I'm an html coder, not too "up" on JS, but I did use a simple function to
prevent my pages from being "locked" into other frames like hotmail pages,
etc.

this,

<SCRIPT LANGUAGE="JavaScript">

<!-- Begin

if (window != top) top.location.href = location.href;

// End -->

</SCRIPT>

Is there a similar script I could use to have my pages "jump" out of my
hijacker's site, back to my own site?

thanks for any suggestions ...

GB
 
E

Erwin Moller

hi folks

I recently discovered that my domain has been "hijacked" without permission
by someone who purchased a domain, obviously set up forwarding at the dns
level, in some kind of stupid attempt to hijack hits (or something) from my
site. My actual site does appear under his domain-name, and I tested by
updating a page, and it also updates, meaning he has forwarding which keeps
his domain name in the browser window.

Hi Delanie,

If you are the owner of the domainname, what kind of 'hijacking' via DNS
are you describing here?
Did the bad guy spread some malware that overwrites hosts files on
infected computers, telling infected computers that the actual IPnum is
different from the real one?
How can you hijack a domain?

I would like to help you, but I don't understand the situation.
Could you elaborate a little more?

Regards,
Erwin Moller

I'm an html coder, not too "up" on JS, but I did use a simple function to
prevent my pages from being "locked" into other frames like hotmail pages,
etc.

this,

<SCRIPT LANGUAGE="JavaScript">

<!-- Begin

if (window != top) top.location.href = location.href;

// End -->

</SCRIPT>

Is there a similar script I could use to have my pages "jump" out of my
hijacker's site, back to my own site?

thanks for any suggestions ...

GB


--
"There are two ways of constructing a software design: One way is to
make it so simple that there are obviously no deficiencies, and the
other way is to make it so complicated that there are no obvious
deficiencies. The first method is far more difficult."
-- C.A.R. Hoare
 
B

Brian Palmer

Delanie said:
<SCRIPT LANGUAGE="JavaScript">

<!-- Begin

if (window != top) top.location.href = location.href;

// End -->

</SCRIPT>

Note that this has potential issues for example when faced with some
of the anti-XSS measures in newer browsers; search for Adam Barth's
papers on clickjacking where he has some suggested scripts to deal
with framing.
Is there a similar script I could use to have my pages "jump" out of my
hijacker's site, back to my own site?

You could instruct your webserver to not respond to requests that
aren't for a fixed set of your hostnames, if you have control of the
webserver. Alternatively, you should be able to adapt your
framebusting code to simply do (untested):

var mydomain_re = /^http:\/\/www.myfoo.com/i;
if (!mydomain_re.test(location.href)) {
top.location.href = 'http://www.myfoo.com/';
}

(and it still needs some sprucing up like the framebusting, but that's
the core).
 
E

Evertjan.

Brian Palmer wrote on 25 aug 2010 in comp.lang.javascript:
Note that this has potential issues for example when faced with some
of the anti-XSS measures in newer browsers; search for Adam Barth's
papers on clickjacking where he has some suggested scripts to deal
with framing.


You could instruct your webserver to not respond to requests that
aren't for a fixed set of your hostnames, if you have control of the
webserver. Alternatively, you should be able to adapt your
framebusting code to simply do (untested):

var mydomain_re = /^http:\/\/www.myfoo.com/i;
if (!mydomain_re.test(location.href)) {
top.location.href = 'http://www.myfoo.com/';
}

This won't always work as the frame href might be correct.

try:

// if in a frame
if (top.location.href != location.href)
top.location.href = 'http://www.myfoo.com/';
// if not
if (!/^http:\/\/www\.myfoo\.com/i.test(location.href))
location.href = 'http://www.myfoo.com/';
 
D

Delanie

[snip]
// if in a frame
if (top.location.href != location.href)
top.location.href = 'http://www.myfoo.com/';
// if not
if (!/^http:\/\/www\.myfoo\.com/i.test(location.href))
location.href = 'http://www.myfoo.com/';

thanks guys,
i do have server access, I can do a lookup on the domain /IP and perhaps
block it at server level and/or the same with .htaccess. I've also sent a
warning to his contact email, re copyright infringement.

GB

ps - Evertjan's script works quite well. thanks
 
E

Evertjan.

Delanie wrote on 25 aug 2010 in comp.lang.javascript:
[snip]
// if in a frame
if (top.location.href != location.href)
top.location.href = 'http://www.myfoo.com/';
// if not
if (!/^http:\/\/www\.myfoo\.com/i.test(location.href))
location.href = 'http://www.myfoo.com/';

thanks guys,
i do have server access, I can do a lookup on the domain /IP and
perhaps block it at server level and/or the same with .htaccess.
I've also sent a warning to his contact email, re copyright
infringement.

ps - Evertjan's script works quite well. thanks

I once serverside redirected an infringer to the US WhiteHouse website,
he didn't know what hit him. ;-)

Half a year later he [I knew him personally] asked me how this was
possible, it had not occurred to him that his ip request was redirected
serverside on my page.

Something like this, methinks:

<% asp javascript
var temp = Request.servervariables('http_referer');
if (/^http:\/\/www\.myfoo\.com/i.test(temp))
Response.redirect('http://Obams.TheWhiteHouse.gov/');
%>

However, you cannot jump out of a frame with only serverside code.
 
T

Thomas 'PointedEars' Lahn

Brian said:
Note that this has potential issues for example when faced with some
of the anti-XSS measures in newer browsers;

It does not have any issues there. It has other (potential) issues:

- invalid markup (missing `type' attribute)
- error-prone unnecessary pseudo-comments (`<!--')
- implied references to properties of Window instances (`top', `location')
- unnecessary references to tainted properties (`href')
search for Adam Barth's papers on clickjacking where he has some suggested
scripts to deal with framing.

If Adam Barth suggested that this script code would cause any issues with
anti-XSS measures, he surely does not know what he is talking about (which
would not be unsurprising, given that 90% about JS on the Web is FUD, junk,
or both, and I have never heard about him before). There is no XSS here.

However, my quick research on Google indicates that you probably have
misunderstood one or two of his papers instead.
You could instruct your webserver to not respond to requests that
aren't for a fixed set of your hostnames, if you have control of the
webserver.

That would not have any effect, of course, because the request URI for the
iframe resource is correct, and if URL rewriting would be used at the
perpetrator's, the misused Web server (of the OP) would not know about it,
nor could they be sure from the Referer (sic!) header field (which is not
always sent, and can be spoofed).
Alternatively, you should be able to adapt your
framebusting code to simply do (untested):

var mydomain_re = /^http:\/\/www.myfoo.com/i;
if (!mydomain_re.test(location.href)) {
top.location.href = 'http://www.myfoo.com/';
}

Overkill, and a potential development/maintenance nightmare at the OP's.
(and it still needs some sprucing up like the framebusting, but that's
the core).

Dump it, please.


PointedEars
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,744
Messages
2,569,484
Members
44,903
Latest member
orderPeak8CBDGummies

Latest Threads

Top