Block data to rogue site?

MouthBoy · 10 Oct 2012 at 20:45

Might not be the right section but here goes.

My Dad builds weather stations and sells them to local clubs such as the local model flying club. He found out recently that another website is copying his URL and using the data on their own site and branding it as their own.

Is there anyway he can limit the data to only go to his site and not another for example?

Dads site: http://www.woodspringwings.co.uk/weather.html

Rogue site: http://www.amarc2002.co.uk/index.php/weather/gordano-weather

Just so you know all the data is being hosting on my Dads hosting so already I understand they are stealing his bandwidth and stuff, but what can be done?

Tilluss · 10 Oct 2012 at 22:55

The data is being displayed in some kind of flash component, do you have access to the code of that flash component or not? If you do then you can add some URL/IP validation to see if it's being accessed from a white listed site.

Failing that you can possibly black list the IP of the site on your dads host, but it depends if he has access to it.

MouthBoy · 10 Oct 2012 at 23:02

That sounds like a plan. I have linked him to this site so he can read any replies so I will see what he says. I was hoping there would be some form of validation that would be possible to prevent access so thats good news.

squarebutt · 10 Oct 2012 at 23:07

Put a dodgy comment there instead of the weather station, or just a blatant advert to your Dads business.

Montala · 10 Oct 2012 at 23:12

How about a nice big banner or something inside the 'box' saying that this data is supplied by xxx sort of thing?

sjs · 11 Oct 2012 at 02:57

Out of curiousity, have you actually asked them to stop and explained to them that its a service you provide and running it costs you money (bandwidth). In my experience, people do this sort of thing in ignorance rather than malice. Maybe theres another customer in there.

sist_si · 11 Oct 2012 at 05:01

it's a shame it's in an iframe on your dad's site. you could have added some code to the page to tell it to auto break out of any iframe's it may be placed in

PistolPete · 11 Oct 2012 at 10:29

The problem is that it's not the "rogue site" collecting the info, it's the client (ie the user)
So your ability to block the rogue site is not possible.

I'd randomly change the URL on the host, and the website and send the other site a nice email asking them to stop linking to your URL.

MouthBoy · 11 Oct 2012 at 21:14

We have found out the IP address of the host of the site. We have tried to block the IP address using TSOhost's tools on their CPanel but this is proving fruitless. Any ideas on how to go about this?

uniQ · 11 Oct 2012 at 22:32

Have you contacted them and asked them to remove the content? That's your first step.

Next create a .htaccess file in your domains root or the directory of the flash file and put something like this inside it:

Code:

<IfModule mod_rewrite.c>
 RewriteEngine on
 RewriteCond %{HTTP_REFERER} .
 RewriteCond %{HTTP_REFERER} !^$
 RewriteCond %{HTTP_REFERER} !^http://(www\.)?amarc2002/\.co.uk/.*$ [NC]
 RewriteRule .*\.(fla|swf|xml|js|html)$ [url]http://i.imgur.com/hvEmh.jpg[/url] [R,NC,L]
</ifModule>

Or

Code:

RewriteEngine on
RewriteCond %{HTTP_REFERER} .
RewriteCond %{HTTP_REFERER} !www\.amarc2002\.co.uk
RewriteRule /flash/(.+)?\.swf$ www.example.com/$1 [L,R]

Also please don't block right clicking it's not effective and just annoying.

MouthBoy · 11 Oct 2012 at 23:28

Yes they have been contacted but no reply. Also we did change the address etc of the data but within a few days they had redirected it back to their site so to speak.

Oh and about the right clicking, the site itself is the model flying club site, but the content in the iframe is my Dads. The club basically bought a weather station from my Dads business and are paying for the data (or something like that, not to sure). I already made a comment that the right clicking is annoying but its not our site to change unfortunately.

uniQ · 11 Oct 2012 at 23:41

I added another block. Add that to your htaccess and put it in the same directory as the html/flash file on your server.

Or thinking about it if your hosting the content then you could just whitelist the IP of http://www.woodspringwings.co.uk with something like:

Only allow from specified IP's:

Code:

ErrorDocument 403 /specific_page.html
order deny,allow
deny from all
# Modify the following IP to match woodsprings.
allow from 111.222.333.444

Or Allow all and restrict specified IP's:

Code:

<Limit GET POST>
 order allow,deny
 allow from all
 deny from 111.222.333.444
</Limit>

Make sure this is only in the swf directory though, you don't want this in your root.

PistolPete · 12 Oct 2012 at 11:12

uniQ said:
I added another block. Add that to your htaccess and put it in the same directory as the html/flash file on your server.

Or thinking about it if your hosting the content then you could just whitelist the IP of http://www.woodspringwings.co.uk with something like:

Only allow from specified IP's:

Code:

ErrorDocument 403 /specific_page.html order deny,allow deny from all # Modify the following IP to match woodsprings. allow from 111.222.333.444

Or Allow all and restrict specified IP's:

Code:

<Limit GET POST> order allow,deny allow from all deny from 111.222.333.444 </Limit>

Make sure this is only in the swf directory though, you don't want this in your root.

Explain how this is going to work. The data is simply a link on someone elses page and you are restricting it so only the woodsprings host can view it..... but the woodsprings host is never going to be requesting it - the person viewing the data will be requesting it, not the woodsprings host.

How about rewriting the HTTP_REFERRER so ONLY requests with a referrer of the woodsprings host can view it.

Mark M · 12 Oct 2012 at 13:32

I sadly have nothing to offer other than to say what cheeky bar stewards they are!

Is there a different way it could be written to totally prevent it happening again?

PMWD · 12 Oct 2012 at 15:08

http://stackoverflow.com/questions/...rom-an-external-site-to-specific-domains-only

You could use the htaccess file to rewrite the php as the html one, or just get the server to parse the html as php.

reefoid · 12 Oct 2012 at 15:16

Can't help from a technical point of view, but I'd be putting a large copyright image on that page somewhere so it also appears on their page. I'd also contact them again asking nicely for them to remove it, but reserving the right to seek legal advice if they fail to do so. Also copy in their hosting company (Redeye Media?).

visibleman · 12 Oct 2012 at 16:06

Blocking the 'rogue' website's domain or IP won't do anything as it isn't their host that is requesting the flash file from alignsolutionsltd.com, rather it's the client.
As mentioned, do a redirect or block based on the HTTP_Referer (ie: if domain equals amarc2002.co.uk then block). Although note that it isn't a complete full proof solution as the HTTP_Referer could easily be forged.

Either way i'd put some branding on the flash 'app'/file, at least then clients will know where the data originates.

Although why do you use iFrames rather than embedding the flash object directly into the page?

Edit - My rewrite rules are a bit rusty but the below should work (allow only woodspringswings.co.uk domain, otherwise redirect) -

Code:

RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://www\.woodspringwings\.co\.uk [NC]
RewriteRule ^.*$ http://www.yourdomain.com/restricted_page.html [R,L]

Sherbs · 13 Oct 2012 at 13:54

Er am I the only one that can see that it isn't even hosted on that domain?

Its an iframe to this site on both.

http://alignsolutionsltd.com/woodspring/12woodspring19.html

Edit: ^ Ahah, that'll teach me.

MouthBoy · 16 Oct 2012 at 20:17

Hi All

It seems the situation has been resolved now without having to block anything. The 2 clubs talked to each other and the rogue site has been removed.

My Dad wants to thank you all for you help and advice. He really appreciated it. So thanks!