About a week ago I deployed my first digitalocean droplet. I used 12.04 and installed Apache, MySQL and PHP. I successfully got my index.html to load in my browser when entering my droplet’s ip address indicated in my digitalocean control panel. That same weekend in a humble state of accomplishment, I shared the ip address to my freshly deployed LAMP stack with a friend of mine from work who works in our IT department. This is the same person who recommended digitalocean to me in the first place. He and I share a lot in common.
I Googled a string of uniquely worded content from my site in quotation marks yesterday and discovered that someone had mirrored my HTML and CSS code onto their server with a domain name. I did a whois query and discovered the domain registered to someone in Texas in December of 2013. My site was live on someone else’s server before I had the opportunity to bind my ip address to the domain name I registered, which was something I was planning on doing this weekend.
I didn’t want my content mirrored like this so I destroyed my droplet last night. About an hour or two later this third party clone of my site indexed on Google went down too.
What the hell could be going on here?
I have a suspicion. I shared my digitalocean droplet ip address with only one person - - that co worker I mentioned earlier. This coworker is a very gifted individual. He has worked at fortune 500 companies in the past and is in the process of studying to write advanced level Cisco certifications. The domain name which the third party used was goofy, goofy in a way that matches my coworker’s playful character. I suspect it could be my co worker playing a prank on me, but I don’t know for sure.
Is there any other logical explanation for someone getting a hold of my droplet’s ip address, hijacking my content and hosting on their own public server? Could this be a malicious third-party who somehow discovered my hexadecimal ip address and decided to copy my HTML? If this happens to other people, why would third-parties do such things? What could be his or her motive? Do they have something financial to gain? Do these kinds of third-party hijackers do so for similar reasons that DNS squatters register potential names to sell to the highest bidder? Do they use it for hidden, malicious intent involving spam or malware or something?
Is there any other possible explanation for this phenomenon I am experiencing?