Sometimes you will find that when you enter the website name in the search engine, the website information you came out belongs to, but the domain name is unfamiliar. This situation can basically confirm that the website has been mirrored. So what exactly does the website have been mirrored?
Malicious mirroring, also known as malicious cloning, refers to the process in which someone directly parses other people's IP addresses through domain name A records, thereby obtaining a website exactly the same in the eyes of visitors. Its working principle is basically like this: when a user visits a mirrored site, the program will query the data from the genuine site, modify the relevant links and present it to the user, which is essentially still reading the data from the original site. A more rigorous explanation: Copy the entire website or part of the web page content and allocate it to different domain names and servers to deceive search engines into indexing the same site or the same page multiple times.
The dangers of mirroring of the website
In layman's terms, malicious mirrors intend to use their domain names with certain weight to threaten them. They copied your site through certain means. Except for the different domain names, the other content is exactly the same, and users may not be able to distinguish them at all. Even for some new sites, search engines will be confused about which site is the real site, so it is possible that the authentic website will be deleted and included, while the pirated ones will be favored by search engines.
Although we do not know what the intention of maliciously mirroring our website is, it will definitely not be beneficial to us. If the domain name has some unhealthy information, then the mirrored site may be polluted, so we should still be wary of this phenomenon.
How to know if your website is mirrored
Copy the complete title of your website (PS: Check the source code of your website homepage, where <title>Long Xiaotianxia - Share sadness; Share happiness</title>), and then search in search engines such as Google and Baidu, such as search: intitle Long Xiaotianxia - Share sadness; Share happiness. If the website title, description and content of other websites are the same as yours, and only the domain name is different, it is mirrored.
How to handle the website being mirrored
This type of mirror looks like a complete site. In fact, every time a user visits the mirror site, the program will query the data from the genuine site, modify the relevant links and present it to the user. In essence, it is still reading the data from the original site. The following Long Xiaotianxia lists several solutions, and everyone can choose and use it!
Method 1: Find out the host IP of the mirror website and solve it by prohibiting IP
This tutorial is based on WordPress program, please test it yourself in other systems!
1. Obtain the mirror server ip.Note: This IP may not be the IP that pings to his domain name
Copy the following code, create a new php file, and upload it to your website root directory with "".
<?php $file = ""; //Save file name$ip = $_SERVER['REMOTE_ADDR']; $handle = fopen($file, 'a'); fwrite($handle, "IP Address:"); fwrite($handle, "$ip"); fwrite($handle, "\n"); fclose($handele); ?> <?php $file = ""; //Save file name$ip = $_SERVER['REMOTE_ADDR']; $handle = fopen($file, 'a'); fwrite($handle, "IP Address:"); fwrite($handle, "$ip"); fwrite($handle, "\n"); fclose($handele); ?>
2. Then visit your website’s mirror site, add.../ after the address, and then you will find the file in the root directory of the website and open the IP address in the copy.
3. Then open your .htaccess file and add the following code afterwards (modify it to the ip you just obtained by yourself)
#Add IP blacklistOrder Deny,Allow Deny from 162.158.72.179 #Add IP blacklistOrder Deny,Allow Deny from 162.158.72.179
Of course, if you use CDN, you can directly add an ip blacklist in the CDN background
At this time, you refresh the mirror site again. Is there an error reported by 403? This mirror site has been solved at this time, and then wait for the spider to solve it.
The disadvantage of this method is that if the mirror website is replaced with ip, our blocking will fail
Method 2: JS to protect
In head tag: taken from @boke112 Navigation
<head></head>
<head></head>
Add the following JS code:
<script type="text/javascript">
if ( != "") {
= (,'');
}
</script>
<script type="text/javascript">
if ( != "") {
= (,'');
}
</script>
Or add the following JS code:
<script type="text/javascript">
rthost = ;
if (rthost != "") {
= "";
}
</script>
<script type="text/javascript">
rthost = ;
if (rthost != "") {
= "";
}
</script>
Note: Put the above code inChange it to the homepage homepage of your website. If what I filled in above is not the main address of my website, but if it is, the website will keep refreshing!
Note: After testing on this site, if the mirror station blocks JS, the method will fail. Therefore, it is best to use Method 2 and Method 3 together!
Method 3: Method to prevent mirroring after Js is blocked
Add the following code to the website: The code is taken from @boke112
<div style="display:none;">
<script>proxy2016 = false;</script>
<img src="" onerror='setTimeout(function(){if(typeof(proxy2016)=="undefined"){="";}},3000);'>
</div>
<div style="display:none;">
<script>proxy2016 = false;</script>
<img src="" onerror='setTimeout(function(){if(typeof(proxy2016)=="undefined"){="";}},3000);'>
</div>
Some websites block JS code (such as the following code):
<script>...</script> <script>...</script>
so<script>proxy2016 = false;</script> The code will be filtered out, img's onerror sets the timeout time of 3000 milliseconds, and will run the function part to detect whether the proxy2016 character still exists. If it is not found, the URL of the host will be changed to;For security reasons, the js part can be obfuscated using js code (the "JS Code Obfuscating" tool of this website or the Webmaster's Home JS Obfuscating Tool).
The confusion results of this site are as follows:
<div style="display:none;">
<script>proxy2016 = false;</script>
<img src=" " onerror='setTimeout(function(){if(typeof(proxy2016)=="undefined"){window["\x6c\x6f\x63\x61\x74\x69\x6f\x6e"]["\x68\x6f\x73\x74"]="\x77\x77\x77\x2e\x69\x6c\x78\x74\x78\x2e\x63\x6f\x6d";}},3000);'>
</div>
<div style="display:none;">
<script>proxy2016 = false;</script>
<img src=" " onerror='setTimeout(function(){if(typeof(proxy2016)=="undefined"){window["\x6c\x6f\x63\x61\x74\x69\x6f\x6e"]["\x68\x6f\x73\x74"]="\x77\x77\x77\x2e\x69\x6c\x78\x74\x78\x2e\x63\x6f\x6d";}},3000);'>
</div>
After my tests, this code works on Chrome, IE11, and 360 Speed Browsers and will jump to the original article page of the source site! There is no effect on Firefox, and the mirrored article page will not jump to the original site... After changing the src reference address of the img tag in the code to a space or an invalid image address, it also works on Firefox!
Method 4: With Img's Onerror event
20161119 Update (adding Sogou snapshot support): After using this method, it will cause Baidu snapshots, Google snapshots, Bing snapshots and Sogou snapshots to jump to page 404 (360 search snapshots will not~). However, I don’t know how to do it. 2016-11-10 After Zhang Ge’s guidance again, the original code is:if( str1!=str3 ) Change to:if( str1!=str3 && str3!="" && str3!="" && str3!="c." && str3!="" && str3!="" ) . It is estimated that the effect will be known when the snapshot is updated!
20161127: After verification, the above update has worked! For specific results, please click me ~
20171022 Update: From Zhang Gena, this code will cause high load (CPU soaring) of the computer browsing web pages due to the onerror dead loop. Therefore, the onerror clearing mechanism is added to the onerror trigger event of the code, that is, =null. [Records of problem solving caused by the computer CPU surge in blog pages]
Compare with the mirror site by splitting the domain name link, and then trigger onerror with the img tag src empty value to perform js comparison. If the comparison fails, it will jump back to the source site.
①, WordPress special version
After @Zhang Ge, the continuous improvement of Tongxue (IE does not support the () function, so the "20160909 version" has been invalidated...), it has been perfectly adapted to Firefox, Chrome, IE11 and 360 fast browsers, and can be redirected to the corresponding article page of the source site. Thank you very much! Choose any of the following 3 paragraphs. See here for the results:./
The code is as follows: (copy and paste to the last one of the topic?> before)
/**
* What to do if the website is maliciously mirrored? A piece of code can be easily solved (full version) - Long Xiaotianxia
* /
* Last updated: 20171022 Release time: 20160912
* From:
*/
add_action('wp_footer','lxtx_deny_mirrored_websites');
function lxtx_deny_mirrored_websites(){
$currentDomain = 'www" + ".ilxtx." + "com';
// $currentDomain = '"zhangge." + "net"';
echo '<img style="display:none" src=" " onerror=\'=null;var str1="'.$currentDomain.'";str2="docu"+""+"";str3=eval(str2);if( str1!=str3 && str3!="" && str3!="" && str3!="c." && str3!="" && str3!="" ){ do_action = "loca" + "tion." + "href = loca" + "" + ".rep" + "lace(docu" +"ment"+".loca"+""+"st," + "\"' . $currentDomain .'\"" + ")";eval(do_action) }\' />';
}
/**
* What to do if the website is maliciously mirrored? A piece of code can be easily solved (full version) - Long Xiaotianxia
* /
* Last updated: 20171022 Release time: 20160912
* From:
*/
add_action('wp_footer','lxtx_deny_mirrored_websites');
function lxtx_deny_mirrored_websites(){
$currentDomain = 'www" + ".ilxtx." + "com';
// $currentDomain = '"zhangge." + "net"';
echo '<img style="display:none" src=" " onerror=\'=null;var str1="'.$currentDomain.'";str2="docu"+""+"";str3=eval(str2);if( str1!=str3 && str3!="" && str3!="" && str3!="c." && str3!="" && str3!="" ){ do_action = "loca" + "tion." + "href = loca" + "" + ".rep" + "lace(docu" +"ment"+".loca"+""+"st," + "\"' . $currentDomain .'\"" + ")";eval(do_action) }\' />';
}
Ps: If it is thrown into wp_head, after testing, it is found that the image is placed in the head, and the browser will automatically make error adjustments, resulting in some elements that were originally in the head being thrown into the body. For example, it is estimated that the image should not be placed in the head in the web page standard, so it is moved to the footer.
/**
* What to do if the website is maliciously mirrored? A piece of code can be easily solved (full version) - Long Xiaotianxia
* /
* From:
*/
add_action('wp_footer','lxtx_deny_mirrored_websites');
function lxtx_deny_mirrored_websites(){
$currentDomain = "www' + '.ilxtx.' + 'com";
// $currentDomain = "zhangge' + '.' + 'net";
echo '<img style="display:none" src="nothing" onerror="=null;var str1=\''.$currentDomain.'\';str2=\'docu\'+\'\'+\'\';str3=eval(str2);if( str1!=str3 ){ do_action = \'loca\' + \'tion.\' + \'href = loca\' + \'\' + \'.rep\' + \'lace(docu\' +\'ment\'+\'.loca\'+\'\'+\'st,\' + \'\\\'' . $currentDomain .'\\\'\' + \')\';eval(do_action) }" />';
}
/**
* What to do if the website is maliciously mirrored? A piece of code can be easily solved (full version) - Long Xiaotianxia
* /
* Revise
*/
add_action('wp_footer','lxtx_kimsom_reverse_proxy_defense', 99);
function lxtx_kimsom_reverse_proxy_defense(){
$currentDomain = '"www." + "ilxtx" + ".com"';
echo '<img style="display:none" src="nothing" data-url="'.home_url().'" onerror=\'=null;var str0=("inlojv-rpd").("data-url").nodeValue;var ishttps="https:"==?true:false;if(ishttps){var str1="https"+"://";}else{var str1="http"+"://";}var str2='.$currentDomain.';var str3=str1+str2;if( str0!=str3 ){ = (,'. $currentDomain .');}\'/>';
}
Tips: If you want to have a prompt like "20160909 version", you can change the above code to this
add_action('wp_footer','lxtx_kimsom_reverse_proxy_defense', 99);
function lxtx_kimsom_reverse_proxy_defense(){
$currentDomain = '"www." + "ilxtx" + ".com"';
echo '<img style="display:none" src="nothing" data-url="'.home_url().'" onerror=\'=null;var str0=("inlojv-rpd").("data-url").nodeValue;var ishttps="https:"==?true:false;if(ishttps){var str1="https"+"://";}else{var str1="http"+"://";}var str2='.$currentDomain.';var str3=str1+str2;if( str0!=str3 ){alert("\u8b66\u544a\uff01\u68c0\u6d4b\u5230\u8be5\u7f51\u7ad9\u4e3a\u6076\u610f\u955c\u50cf\u7ad9\u70b9\uff0c\u5c06\u7acb\u5373\u4e3a\u60a8\u8df3\u8f6c\u5230\u5b98\u65b9\u7ad9\u70b9\uff01"); = (,'. $currentDomain .');}\'/>';
}
Excerpted from @Zeng Jinsong Blog
/**
* What to do if the website is maliciously mirrored? A piece of code can be easily solved (full version) - Long Xiaotianxia
* /
*/
add_action('wp_footer','lxtx_kimsom_reverse_proxy_defense');
function lxtx_kimsom_reverse_proxy_defense(){
$domain_arr = explode('//',home_url());
$domain = $domain_arr[1];
echo '<img style="display:none" src="nothing" data-url="'.home_url().'" onerror="=null;var str0=(\'inlojv-rpd\').(\'data-url\').nodeValue;var ishttps=\'https:\'==?true:false;if(ishttps){var str1=\'https\'+\'://\';}else{var str1=\'http\'+\'://\';}var str2=\''.$domain.'\';var str3=str1+str2;if( str0!=str3 ){alert(\'\u8b66\u544a\uff01\u68c0\u6d4b\u5230\u8be5\u7f51\u7ad9\u4e3a\u6076\u610f\u955c\u50cf\u7ad9\u70b9\uff0c\u5c06\u7acb\u5373\u4e3a\u60a8\u8df3\u8f6c\u5230\u5b98\u65b9\u7ad9\u70b9\uff01\');if (!!( && !)){(\'stop\');}else{ ();}var str4=\'wind\'+\'\'+\'\'+\'lace(str3)\';eval(str4);}">';
}
/**
* What to do if the website is maliciously mirrored? A piece of code can be easily solved (full version) - Long Xiaotianxia
* /
*/
add_action('wp_footer','lxtx_kimsom_reverse_proxy_defense');
function lxtx_kimsom_reverse_proxy_defense(){
$domain_arr = explode('//',home_url());
$domain = $domain_arr[1];
echo '<img style="display:none" src="nothing" data-url="'.home_url().'" onerror="=null;var str0=(\'inlojv-rpd\').(\'data-url\').nodeValue;var ishttps=\'https:\'==?true:false;if(ishttps){var str1=\'https\'+\'://\';}else{var str1=\'http\'+\'://\';}var str2=\''.$domain.'\';var str3=str1+str2;if( str0!=str3 ){alert(\'\u8b66\u544a\uff01\u68c0\u6d4b\u5230\u8be5\u7f51\u7ad9\u4e3a\u6076\u610f\u955c\u50cf\u7ad9\u70b9\uff0c\u5c06\u7acb\u5373\u4e3a\u60a8\u8df3\u8f6c\u5230\u5b98\u65b9\u7ad9\u70b9\uff01\');if (!!( && !)){(\'stop\');}else{ ();}var str4=\'wind\'+\'\'+\'\'+\'lace(str3)\';eval(str4);}">';
}
After adding the above code, if you open the mirror site, a prompt pops up: "Warning! When the website is detected as a malicious mirror site, it will immediately jump to the official site!", and jump directly to the mirrored website after closing or confirming this prompt. After testing on this site, this method prevents the website from being mirrored and is currently valid.
See here for the results:
/
This method will pop up on IE11, but the web page will not jump after clicking the "OK" button. . . This problem is not available on Firefox, Chrome and 360 Speed Browsers!
②, HTML universal version
Since you are using js code, you can use the html page. If it weren't for the purpose of putting it in wp, there was no need to write it into php mode. Just use the html code:
<img style="display:none" src=" " onerror='=null;var currentDomain="www." + "ilxtx" + ".com"; var str1=currentDomain; str2="docu"+""+""; str3=eval(str2) ;if( str1!=str3 && str3!="" && str3!="" && str3!="c." && str3!="" && str3!="" ){ do_action = "loca" + "tion." + "href = loca" + "" + ".rep" + "lace(docu" +"ment"+".loca"+""+"st," + "currentDomain" + ")";eval(do_action) }' />
<img style="display:none" src=" " onerror='=null;var currentDomain="www." + "ilxtx" + ".com"; var str1=currentDomain; str2="docu"+""+""; str3=eval(str2) ;if( str1!=str3 && str3!="" && str3!="" && str3!="c." && str3!="" && str3!="" ){ do_action = "loca" + "tion." + "href = loca" + "" + ".rep" + "lace(docu" +"ment"+".loca"+""+"st," + "currentDomain" + ")";eval(do_action) }' />
Put the above code in:var currentDomain="www." + "ilxtx" + ".com"; Split it into your own domain name to avoid being replaced by mirrored code, such as:var currentDomain="zhangge." + "net";
Then add the code to the website's <body> (it is not recommended to place it in <head>, the specific reason has been explained above). This version is suitable for any web page.
Method 5: Prevent certain User Agent features
Server anti-crawler guide: Apache/Nginx/PHP prohibits certain User Agents from crawling websites
We all know that there are many crawlers on the Internet, some are beneficial to the website's inclusion, such as Baidu Spider, and some useless crawlers that not only fail to comply with robots rules, but also cannot bring traffic to the website, such as YY Spider (Yis...
Refer to the above article to prohibit UA from crawling web pages for PHP, so as to achieve the purpose of preventing mirroring!
①, PHP general version:
Post the following code to the first <?php in the website entrance file:
//Prevent malicious HTTP_USER_AGENT acquisition$ua = $_SERVER['HTTP_USER_AGENT'];
$now_ua = array('FeedDemon ','BOT/0.1 (BOT for JCE)','CrawlDaddy ','Java','Feedly','UniversalFeedParser','ApacheBench','Swiftbot','ZmEu','Indy Library','oBot','jaunty','YandexBot','AhrefsBot','MJ12bot','WinHttp','EasouSpider','HttpClient','Microsoft URL Control','YYSpider','jaunty','Python-urllib','lightDeckReports Bot','PHP');
if(!$ua) {
header("Content-type: text/html; charset=utf-8");
die('Please do not collect this site, there are no small JJs for the collector! Please visit normally and identify the official website of [Long Xiaotianxia.com]! ');
}else{
foreach($now_ua as $value )
if(eregi($value,$ua)) {
header("Content-type: text/html; charset=utf-8");
die('Please do not collect this site, there are no small JJs for the collector! Please visit normally and identify the official website of [Long Xiaotianxia.com]! ');
}
}
//Prevent malicious HTTP_USER_AGENT acquisition$ua = $_SERVER['HTTP_USER_AGENT'];
$now_ua = array('FeedDemon ','BOT/0.1 (BOT for JCE)','CrawlDaddy ','Java','Feedly','UniversalFeedParser','ApacheBench','Swiftbot','ZmEu','Indy Library','oBot','jaunty','YandexBot','AhrefsBot','MJ12bot','WinHttp','EasouSpider','HttpClient','Microsoft URL Control','YYSpider','jaunty','Python-urllib','lightDeckReports Bot','PHP');
if(!$ua) {
header("Content-type: text/html; charset=utf-8");
die('Please do not collect this site, there are no small JJs for the collector! Please visit normally and identify the official website of [Long Xiaotianxia.com]! ');
}else{
foreach($now_ua as $value )
if(eregi($value,$ua)) {
header("Content-type: text/html; charset=utf-8");
die('Please do not collect this site, there are no small JJs for the collector! Please visit normally and identify the official website of [Long Xiaotianxia.com]! ');
}
}
②, Wordpress applicable version
If you use the above php version, WordPress will need to be updated every time, which is more troublesome, so you can get a special version.
Just paste the following code to the last ?> in :
/**
* What to do if the website is maliciously mirrored? A piece of code can be easily solved (full version) - Long Xiaotianxia
* /
* From:
*/
//Prevent malicious HTTP_USER_AGENT acquisitionadd_action('wp_head', 'lxtx_deny_mirrored_request', 0);
function lxtx_deny_mirrored_request()
{
$ua = $_SERVER['HTTP_USER_AGENT'];
$now_ua = array('FeedDemon ','BOT/0.1 (BOT for JCE)','CrawlDaddy ','Java','Feedly','UniversalFeedParser','ApacheBench','Swiftbot','ZmEu','Indy Library','oBot','jaunty','YandexBot','AhrefsBot','MJ12bot','WinHttp','EasouSpider','HttpClient','Microsoft URL Control','YYSpider','jaunty','Python-urllib','lightDeckReports Bot','PHP');
if(!$ua) {
header("Content-type: text/html; charset=utf-8");
wp_die('Please do not collect this site, there are no small JJs for the collector! Please visit normally and identify the official website of [Long Xiaotianxia.com]! ');
}else{
foreach($now_ua as $value )
if(eregi($value,$ua)) {
header("Content-type: text/html; charset=utf-8");
wp_die('Please do not collect this site, there are no small JJs for the collector! Please visit normally and identify the official website of [Long Xiaotianxia.com]! ');
}
}
}
/**
* What to do if the website is maliciously mirrored? A piece of code can be easily solved (full version) - Long Xiaotianxia
* /
* From:
*/
//Prevent malicious HTTP_USER_AGENT acquisitionadd_action('wp_head', 'lxtx_deny_mirrored_request', 0);
function lxtx_deny_mirrored_request()
{
$ua = $_SERVER['HTTP_USER_AGENT'];
$now_ua = array('FeedDemon ','BOT/0.1 (BOT for JCE)','CrawlDaddy ','Java','Feedly','UniversalFeedParser','ApacheBench','Swiftbot','ZmEu','Indy Library','oBot','jaunty','YandexBot','AhrefsBot','MJ12bot','WinHttp','EasouSpider','HttpClient','Microsoft URL Control','YYSpider','jaunty','Python-urllib','lightDeckReports Bot','PHP');
if(!$ua) {
header("Content-type: text/html; charset=utf-8");
wp_die('Please do not collect this site, there are no small JJs for the collector! Please visit normally and identify the official website of [Long Xiaotianxia.com]! ');
}else{
foreach($now_ua as $value )
if(eregi($value,$ua)) {
header("Content-type: text/html; charset=utf-8");
wp_die('Please do not collect this site, there are no small JJs for the collector! Please visit normally and identify the official website of [Long Xiaotianxia.com]! ');
}
}
}
After testing, after adding this code to , the mirror site is opened and the prompt text we set is displayed, "Internal Server Error" is displayed after forced refreshing, "Please do not collect this site, there are no small JJs for the collector! Please visit normally and identify the official website of [Long Xiaotianxia.com]!".
Malicious mirror domain names found on this site
More mirror websites are waiting for you to provide~
Add your own domain names to the front of these domain names to see if they are maliciously mirrored.
Friendly tips: Suggested method 2 and method 3 to use together! Method 4 includes method 2 and method 3~