Jump to content

Recommended Posts

Hello,

I have a very big problem with stolen data and i don't know how to STOP that.

The situation :

I have a website where i spend lot of time to register events and info on events (something like www.CoolEvents.com)
Users can log in and then comment events, and do others actions when logged.

The PROBLEM :

Someone created AN IPHONE APPLICATION that is an EXACT copy of my website, and is name CoolEvent App !!!
Same infos, same comments, and you can log in via this app (parsing my site) and post comment on my website !

It's horrible for me, because 40% of my users now used this application (who earn money by displaying advertising).
So i losed 40% of visitors !!!

Without using legal channels, how can i STOP an IPHONE APP to parse my website or to acces to my website ?
Do you know a TECHNICAL solution to prevent an APP to PARSE and then copy my website ?
At least, is it possible to made it IMPOSSIBLE to log in to my website (and so be able to post comment on my site) by using this APP ?

Thanks for your help !!

Link to comment
https://forums.phpfreaks.com/topic/292434-website-stolen-by-iphone-app/
Share on other sites

- Change your database and other  credentials first  and do not share with anyone. Please note you may need to change in on website configuration as well.

- In case, you are have API, use API credentials

 

Also, I think you can ask iphone app support and enquire about the owner of the app as everyone has to register on site before making it availabel on app store.

Since people are using the native app it may be an opportunity for you to contact the creator of the app and come to a business arrangement, where he pays you X% of the profits. Be reasonable, he did create a native app for your website. If not, you have it taken down through the app store. Though the first option is better.

 

Not really sure what you can do as a defense, assuming the user enters his credentials into the app, which then performs a sub-request on your website and stores the cookie locally and sends them with every request there after making anti-CSRF useless. In essence the app acts as a browser, so you need to figure out how to filter out the app using only the request headers, though I assume it will only be a matter of time before these are spoofed.

 

Also keep in mind that any counter measures you may take may result in further visitor loss which is why I really advise you to take the first option.

Edited by ignace
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.