I recently saw a few malicious domains including my website pages.
I initially suspected of iframe inclusion, but I already had Header always set X-Frame-Options SAMEORIGIN
configured in my httpd.conf.
Other ideas were about malware Javascript including remote pages in the DOM, or even external DNS pointing to my server IP (however, I have name-based virtual hosting on). None of them have been proved.
Investigating on remote domain and looking at apache logs showed us the reality: the malicious remote server made http requests to us, for each request it received, then sent back the result to its clients, actually "mirroring" our website!
I lack ideas on how to stop it. So I blocked its User-Agent completely, via apache conf: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
Hope I explained myself. Is there a smarter way to stop such a bad behavior from other domains like them, in the future?