SSL Cert being hijacked by my own sites

icky_thump · May 29, 2013, 9:28pm

I have multiple sites on a linux server.

I have one custom built PHP CMS that has an SSL Cert. (Site A)
I have a few Joomla sites that do not have or need SSL.

At least two of the Joomla sites (Sites B & C) are showing up in google with strange results.
The google result is taking the domain name of Site B or C, and cross-breeding it with the path/folder/file/query after the domain from Site A.
It is producing a URL that shouldn’t actually exist. The page it loads is from Site A, even though the domain in the URL is from Site B or C.
AND, it’s doing it as https – secure. Sites B & C do not have any https secure pages.
Before actually going to the page though, an Untrusted Cert warning appears.

It’s difficult to explain, I hope I’m making sense.
I’m muddling through the Joomla admin turning off all SSL functions that I can find.
It doesn’t seem to matter.

Any ideas what I can do to resolve this?
Thanks for any feedback!

dklynn · June 1, 2013, 10:40pm

i_t,

It appears that Site A is the master account and Sites B & C are “addon” domains which enable access via Site A’s subdirectories.

The simple way around this problem is to add mod_rewrite code to Site A which redirects the subdirectory requests (to Sites B & C) to their fully qualified domains, i.e.,

# BEFORE your custom CMS mod_rewrite code and after your RewriteEngine on

RewriteRule ^subdirectoryB/(.*)$ http://www.SiteB/$1 [R=301,L]
RewriteRule ^subdirectoryC/(.*)$ http://www.SiteC/$1 [R=301,L]

I’m sure that, with your level of expertise (if you’ve created your own CMS) that you can replace subdirectoryB and subdirectoryA as well as SiteB and SiteC with the correct subdirectories and correct domain names.

There are problems within the Apache board so I included this simple mod_rewrite code here rather than there.

Regards,

DK