NTHP

I DMCA'd Myself

Web

Yes, you read that title right. I sent a DMCA takedown request to myself… by accident… How?

Logs & A Domain


While going through the NGINX logs for this site, I came across something odd. A long, semi-random domain was referring traffic to my site. That’s odd. So, I went to that domain, and… there was my site. Someone was rehosting it… Great.

Doing some digging, I found that the domain was created on 10/8, just last month. I also checked what ssl certificates were issued. Just a few wildcards on the same date. Sketchy.

So I submitted an abuse report to the domain’s registrar, and a DMCA takedown to Cloudflare, who forwarded it to the VPS provider.

The Email


Later that day, I got an email from DigitalOcean. Someone submitted a DMCA takedown request against my VPS… What? Reading the request, it was mine. As in the one I wrote. I DMCA’d myself.

The email was labeled as “No Action Required”. Probably because the email address I used to submit the complaint was the same as the one I use for my DigitalOcean account.

So, someone with a weird domain is pretending to be my site, using my VPS1… Interesting.

444


I needed to stop this weirdo. So I started looking into locking down when my server responds, and to what.

First thing I did was enable HSTS. Forcing the browser to use port 443, instead of just 80. I also submitted my site to the HSTS preload list. This didn’t stop the weird domain, just made my browser flip out when going to it. That’s good, but I want to kill it.

I needed NGINX to only respond to traffic that uses my domain. And not the naked IP addresses. This was pretty simple, though it took a bit to get NGINX to stop bitching about the config.

And with that, it’s dead.

In short, config your web server properly.

Lessons Learned


So yeah, I learned a bit here. How to “properly” configure a web server, and what could happen if you don’t.

With some of this in mind, I spun up a honeypot where I did none of this. Going to be cool to see what it catches.


  1. By using, they are pointing their DNS record to a CloudFlare IP, which is then passing traffic through to the IP of my VPS. They didn’t gain access to my VPS. ↩︎


Reply via email | Toss me a cheeseburger

Post 119 of 127
Previous | Random Post | Next
Subscribe via RSS
RSS users get bonus content*