I'm wondering how a website that has open-sourced its front-end (and back-end) code can prevent DNS cache poisoning phishing attacks? Since the front-end of the website is open source, the attacker's phishing site would look identical to the real site.<p>I was thinking the site owner could release a mobile app that checks the website's ip address and displays a message saying the site is safe to use if the site's ip address matches the ip address stored in the app. If the site's ip address doesn't match the ip address stored in the app, then the app would display a message saying the site is unsafe to use.<p>Is there a better solution?
Setting up an external website to check the main website's ip address doesn't seem like a good option, b/c the external website could also suffer a dns cache poison attack.