How to deal with malicious domain redirections?
Posted
by
user359650
on Pro Webmasters
See other posts from Pro Webmasters
or by user359650
Published on 2012-05-06T14:11:24Z
Indexed on
2012/06/12
22:49 UTC
Read the original article
Hit count: 302
It is possible for anybody to buy a domain name containing negative terms and point it to someone's website in order to damage their reputation. For instance someone could buy the domain child-pornography.com
and point it to the address 64.34.119.12
which is the address behind stackoverflow.com
and people navigating to the domain in question would end up visualizing content from StackExchange
which would be detrimental to StackExchange
's image. To illustrate this, I added the entry 64.34.119.12 child-pornography.com
to my /etc/hosts
file and tested. Here is what I obtained:
I personally found this user experience terrible as someone could think that Stack Exchange are in favor of child pornography and awaiting support from the community to create a Q&A site about it.
I tested with other websites and experienced other behaviors that I would categorize as follows:
1 - Useful 404 page (happens with stackoverflow.com
):
For me the worst way of handling this as the image of the targeted website is directly associated with the offending domain. The more useful the 404 page, the bigger the impression that the targeted website would be willing to help with child pornography.
2 - Redirection (happens with microsoft.com
):
For instance when accessing child-pornography.com
you get redirected to www.microsoft.com
. It isn't as bad as above as the offending domain name never appears alongside the targeted website's content, but still bad in my opinion as it gives the impression the targeted website bought the offending domain and redirected it to their website to get more traffic.
3 - Server error (happens with lemonde.fr
):
You get an error from the webserver which page doesn't contain any content that can be associated with the targeted website (e.g. default Apache 404 page, completely blank page). I believe that is good as the identify of the targeted website isn't revealed.
Above are the various behaviors I experienced, but I also thought about a fourth way of dealing with this which is described below.
4 - Disclaimer page (haven't found any website implementing that technique):
Display a message such as :
"You ended here because someone bought and linked the
child-pornography.com
domain to our website. We do not own this domain and do not associate ourselves with it. This request has been logged by our servers and we will raise this issue with the competent authorities to have this domain taken down. If you want to access our website, please click here."
The good thing about this method is that it can be implemented at application layer (good if you don't have control over web server which happens with some hosting solutions), allows you to protect yourself from any liability, and offer the visitor to be redirected to your own website.
Which of the above options would you implement to deal with malicious domain linking (IMO only options 3 and 4 are worth considering) ?
© Pro Webmasters or respective owner