How do you stop a 301 incoming to your website?

Hello simon_a6, & welcome. I hate to say this, but it sounds as though this site has been compromised/hacked. Google can sometimes give indication of this if you do a search that looks like:

site:example.com

but it’s not foolproof for sure.

Sometimes a visit to:

sucuri.sitecheck.net

& then entering the domain of the site in question can be helpful as well. That site doesn’t always see the compromise, but if it reports one, it’s usually quite accurate.

Running a plugin like Wordfence might also spot the compromise, especially if you set the option to search outside of your WordPress installation.

But the fact that there are redirects, etc, is highly suggestive of a compromise. If that be the case, then there are 2 objectives of the repair:

1. To fix the visible evidence of the hack, ie, the redirects, get the site off any blacklists, etc; &
2. 2) To make as certain as possible that the hack can’t occur again. This involves, at a minimum, changing all passwords, both to the dashboard, the database, as well as your hosting control panel, and examining the database & other configuration files such as .htaccess for evidence of compromise. Both are vitally important.
3. 
   If this feels like a bit more than you can or wish to handle, you can always post a job at jobs.wordpress.net

If the concern is Google SEO, you can simply disavow those domains so Google ignores all backlinks from those domains. Please see: https://support.google.com/webmasters/answer/2648487?hl=en

But how do you stop the redirection? You can’t.

I mean you can’t really “stop” what someone else does, but you can control what happens when someone follows such a redirected domain, like returning the 403/Forbidden response you mentioned.

You can do this…

–1– In your external WAF if you’re using one

–2– In your webserver (eg .htaccess rules if you’re running Apache). You didn’t mention what code you tried that didn’t work, but, in principle, you should be able to do this with the right redirect rule.

–3– In WordPress. Most of the WordPress security plugins will have a feature to deny requests from specific sources.

In all cases, you need to know the correct referring URL/domain to act on.

I added a referer code to HTACCESS but it failed, as it is not being referred, but 301 TO the website. It’s not a hack. It’s just like I bought ra domain and 301d it to another site. Easy to do. But how to you stop it at “your” end? Or is it simply not possible?

simon_a6, I guess perhaps I’m not completely understanding what you’re saying. Could you please provide an example, or perhaps a website where I can see what’s occurring?

It’s kind of simple really. A client of ours has been told that two domain names he doesn’t own, have a web forwarder, or 301 directing them to HIS website. He asked if I can apply something to his site, so that if it comes in, it’s kicked out.

I know you can do that if the referring is a domain, as like any SEO, you can see where a link has come “from”. But if it is a 301/Web Forwarding, such as via 123reg…. can you see it has 301d from another domain?

I guess perhaps I’m not completely understanding what you’re saying. Could you please provide an example, or perhaps a website where I can see what’s occurring?

Simply put, it’s an unwanted backlink.

I added a referer code to HTACCESS but it failed, as it is not being referred, but 301 TO the website.

Once again, you did not provide what code you’re using.

And are you even running Apache, and not Nginx or some other webserver that does not “understand” HTACCESS rules?

But how to you stop it at “your” end? Or is it simply not possible?

I’ve mentioned already: you cannot stop the request from being made. But you can intercept the request (if you know the domain or URL where it’s coming from) and respond appropriately.

I know you can do that if the referring is a domain, as like any SEO, you can see where a link has come “from”. But if it is a 301/Web Forwarding, such as via 123reg…. can you see it has 301d from another domain?

Now you’re confusing the situation.

You said you know some domain is being 301’d to your client’s website.

So that first or “fake” domain is the referring domain.

Knowing this original domain that the request is originating from before being redirected to your site, you can perform some action on your own web server.

RewriteEngine On
RewriteCond %{HTTP_REFERER} ^https?://(www.)?domain.com [NC,OR]
RewriteCond %{HTTP_REFERER} ^https?://(www.)?domain.uk [NC]
RewriteRule .* – [F]

This is the kind of code we are using. And yes, we do know the domains.

It’s not a link that it is coming from – it’s a domain that has been setup, to point to another domain. We want to intercept that “new domain” from reaching the domain.

Can you block the IP of the referring/forwarding domain?

The IP of what? 123REG?

Seems to me that if you know the domains you want to block, it would be easy to find the IP via a ping. Once that’s in place you can include deny ip.of.unwanted.domain in either .htaccess, or, even better, probably, in the firewall.

The domain is parked with a registrar, and just has a 301 web forwarder.

So how do you, with HTACCESS, block it?