Domain Hijacked

My domain http://www.dolphincoast911.co.za has been working for a few years. It did have a SSL certificate which expired.

Now when you go to the website it initially diverted to a website which had a red banner on top with contact details and asking if we wanted to buy domains. Since then it now diverts directly to https://www.jbsports.co.bw/index.php

I use C Panel to run my site. I have deleted and reinstalled the website. I have deleted the website completely off C Panel and still it goes to https://www.jbsports.co.bw/index.php

I am at a total loss

1 Like

I’m sorry to hear it, but does your question have anything at all to do with the Let’s Encrypt service? Because it doesn’t appear that it does.

From your description, it sounds like you let your domain registration expire, and someone else bought it and redirected it to their site. It’s a little hard to say for sure–if you’d answered the questions you were presented when you started this topic, rather than deleting them, it might have helped fill in some details–but that’s what it looks like.

1 Like

My domain has not expired.

It appears the ssl certificate expired that i had and on that happening my website was diverted in some way to this other website

1 Like

Have you tried putting a valid ssl certificate?

I assume that other site just happens to be the default SNI when connecting to that server and the webserver is configured extremely badly, switch hosts if you can.

2 Likes

Hi @Sean1

checking your domain you have a redirect to that other domain - https://check-your-website.server-daten.de/?q=dolphincoast911.co.za

Domainname Http-Status redirect Sec. G
http://www.jbsports.co.bw/index.php? 301 https://www.jbsports.co.bw/index.php? 1.153 A
http://dolphincoast911.co.za/ 41.185.8.66 No GZip used - 326 / 447 - 72,93 % possible 200 Html is minified: 105,67 % 0.377 H
http://www.dolphincoast911.co.za/ 41.185.8.66 No GZip used - 326 / 447 - 72,93 % possible 200 Html is minified: 105,67 % 0.376 H
https://dolphincoast911.co.za/ 41.185.8.66 302 http://www.jbsports.co.bw/index.php? 6.060 N
Certificate error: RemoteCertificateNameMismatch
https://www.dolphincoast911.co.za/ 41.185.8.66 302 http://www.jbsports.co.bw/index.php? 5.826 N
Certificate error: RemoteCertificateNameMismatch
https://www.jbsports.co.bw/index.php? No GZip used - 17024 / 124451 - 13,68 % possible Inline-JavaScript (∑/total): 6/3602 Inline-CSS (∑/total): 0/0 200 Html is minified: 129,54 % 10.314 I

There are two certificates:

CRT-Id Issuer not before not after Domain names LE-Duplicate next LE
243599023
leaf cert CN=COMODO RSA Domain Validation Secure Server CA, O=COMODO CA Limited, L=Salford, C=GB, ST=Greater Manchester 2017-10-26 22:00:00 2019-10-27 22:59:59 dolphincoast911.co.za, www.dolphincoast911.co.za
2 entries
241637083
leaf cert CN=Let’s Encrypt Authority X3, O=Let’s Encrypt, C=US 2017-10-26 20:36:42 2018-01-24 21:36:42 autodiscover.dolphincoast911.co.za, cpanel.dolphincoast911.co.za, dolphincoast911.co.za, mail.dolphincoast911.co.za, webdisk.dolphincoast911.co.za, webmail.dolphincoast911.co.za, www.dolphincoast911.co.za
7 entries

The Letsencrypt certificate is from 2017-10-26, the Comodo has the same “not before”, but was 2 years valid. So your domain is invalid since 2019-10-27.

So it’s not a new problem.

Are you the domain owner? If yes, fix your configuration. If not, use another domain.

1 Like

SSL certificates don’t “divert” to other sites. Webservers do. TLS (the actual name of current “SSL” protocols) is just an encryption method. It doesn’t do anything else. It doesn’t provide content, it doesn’t provide redirects.

Is the IP address of your server actually 41.185.8.66?

1 Like

I still don’t see what you think your problem has to do with the Let’s Encrypt service (and therefore, why you asked the question here).

Deleting it from cPanel doesn’t remove the IP from DNS:

Name:    dolphincoast911.co.za
Address:  41.185.8.66

When anyone goes to HTTP or HTTPS://dolphincoast911.co.za/ they will still hit 41.185.8.66
The webserver at that IP will do its’ best to match that name to the proper content, but it will connect to the “default” or first available site when no exact match is found.
[i.e. Your problem is within cPanel or your hosting provider.]

1 Like

Well something changed… curl gives me a 200 & my browser gives me an empty index.

1 Like

on port 80 it did that, yesterday. I only saw the redirect on 443.

2 Likes

Of course… Didn’t think about that.

$ curl -ILv www.dolphincoast911.co.za
* Rebuilt URL to: www.dolphincoast911.co.za/
*   Trying 41.185.8.66...
* TCP_NODELAY set
* Connected to www.dolphincoast911.co.za (41.185.8.66) port 80 (#0)
> HEAD / HTTP/1.1
> Host: www.dolphincoast911.co.za
> User-Agent: curl/7.58.0
> Accept: */*
>
< HTTP/1.1 200 OK
HTTP/1.1 200 OK
< Date: Sat, 29 Feb 2020 06:37:32 GMT
Date: Sat, 29 Feb 2020 06:37:32 GMT
< Server: Apache
Server: Apache
< Content-Type: text/html;charset=ISO-8859-1
Content-Type: text/html;charset=ISO-8859-1

<
* Connection #0 to host www.dolphincoast911.co.za left intact
:/ $ curl -ILv https://www.dolphincoast911.co.za
* Rebuilt URL to: https://www.dolphincoast911.co.za/
*   Trying 41.185.8.66...
* TCP_NODELAY set
* Connected to www.dolphincoast911.co.za (41.185.8.66) port 443 (#0)* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: none
  CApath: /system/etc/security/cacerts
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server accepted to use http/1.1
* Server certificate:
*  subject: CN=jbsports.co.bw
*  start date: Jan 27 22:37:57 2020 GMT
*  expire date: Apr 26 22:37:57 2020 GMT
*  subjectAltName does not match www.dolphincoast911.co.za
* SSL: no alternative certificate subject name matches target host name 'www.dolphincoast911.co.za'
* Closing connection 0
* TLSv1.2 (OUT), TLS alert, Client hello (1):
curl: (51) SSL: no alternative certificate subject name matches target host name 'www.dolphincoast911.co.za'

No 443 routing on the domain, so it routes to the default 443 block on the server. Which means you need to set cPanel to use https somehow if you want to use cPanel. Are you on a shared host? The fact that you know nothing about the other domain suggests so. If not, check your default 443 vhost block configuration (usually found in /etc/httpd/conf.d/ssl.conf on RHEL/CentOS)

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.