Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
This project is not covered by Drupal’s security advisory policy.
Are you serving content to mirrors?
Are those mirrors capturing user logins?
When accidental or fraudulent mirrors are found get: a message in front of admin's faces, watchdog entries, and a report of domains. This is just an awareness tool.
How it works
This module has two modes which will depend on if you've set $base_url in your sites/default/settings.php file...
#1) WITHOUT hard coded $base_url
Page URLs are stored with page cache entries, this module creates a report of non-base domains in the cache and rolls them up by with a count by domain. It assumes the domain you are accessing from is your base. Additionally, on each cron run a watchdog note will be made if any are detected, this is for trigger an alert if you desire. NOTE: Full results only stick around as long as your page cache. Watchdog messages will stick around in accordance with your row count setting. Though if you're getting consistant mirror hits you'll be able to see it.
#2) WITH hard coded $base_url
You'll need to check "Check for mirror on page loads" on the admin page if $base_url is set or it will have no effect. This approach checks the domain on non-cached page loads. As long as you're not using a crawler to pre-warm your cache you can catch mirrors after a while if they exist. Additionally, logged in mirroring --a serious security problem-- will be detected immediately.
What to do with results
You can't stop people from setting up a CNAME to your domain or IP address; IP/nameserver blocks get resold and reused. But once you know you can block hosts and reach out for admins to fix their domain records (people forget to set the *empty subdomain). Be aware you could be blocking legitimate traffic when doing this... so investigate and communicate!
In the event that other domains are found, this does not mean you've been hacked. This just means other domains have pointed at your site and are being served static content. We recommend you track these down and solve the problem. This can occur when DNS/ISP servers alter record locations, and is therefor not necessarily malicious. However, you should be concerned with site mirroring for SEO reasons, to control your credibility and know where your content is going.
This module is not currently integrated with modules like Domain Access and others that allow normal multi-domain behavior. If you're interested in that functionality please visit the issue queue and let's see what we can do.
Get alerts
The watchdog level is WATCHDOG_ALERT if you'd like to include/exclude it from auto-alerts you may receive via another module. Here are your options in that regard:
Project information
Unsupported
Not supported (i.e. abandoned), and no longer being developed. Learn more about dealing with unsupported (abandoned) projects- Module categories: Security
- Created by doublejosh on , updated
This project is not covered by the security advisory policy.
Use at your own risk! It may have publicly disclosed vulnerabilities.
