Colin Law wrote in post #1088392:
containing the link) or does it just appear in the url bar of your
browser as you are typing something, in which case it is just that at
some point you have tried to visit that page and it is the type-ahead
in the browser entering it.
Added automatically means that I would enter http://mydomain.com and hit
enter, then the url becomes http://mydomain.com/#login I have never
tried to visit that url, the normal url is http://mydomain.com/login
Do you have logging enabled in your app so that each request is shown?
If so then what do you see in the log when you hit enter after
entering mydomain.com? If not then enable it and see what happens.
Sure I can follow the logs in real time in Heroku and when visiting the
app you can see the requests hitting the app. I can follow up any
requests. When this "ghost" site has been active the application at
Heroku is not hit, the app does not serve the content, nothing is seen
in the logs.
Well maybe not. I had some XSS issues reported as weak by brakeman. But
I don't think those had anything to do with the issue. I have solved
those weak issues now.
I have not seen the issue in last two days but on Friday (for 15 minutes
or so) typing http://mydomain.com/#login would end up not on our app but
on that strange page. Then it stopped. Right now (and pretty much
always) it goes correctly to our app. This has been seen by and another
person in a different country (and machine obviously).
You said earlier that you had never typed mydomain.com/#login, now you
say you spent 15 mins doing so.
Yeah, it was a coincidence that I found it. Another guy found it in
Spain and told me about. At that time I tried visiting the server but
didn't get "redirected" there. Then the next day it also happened to me.
So I took note of the url and I was visiting it for about 15 minutes
with the same result (the bad page), then it kind of died out and the
same url would take to my app as expected.
Can you let us know your domain name so we can try it?
I still have to push the latests changes I have which include update to
Rails 2.3.8 and other stuff. But one thing that is now different is that
I forces https in all the requests. So I don't know if this will
mitigate the problem. Anyway the app is at sharebi.com
Btw I just found a screenshot of the bad page (attached). You can't see
the #login part but that was consistently taking me here on Friday.
After the loading part the form I mentioned before is displayed.