Results 1 to 21 of 21
  1. #1

    Unhappy Someone is mirroring my website on another domain

    Hi,

    I've noticed someone has been mirroring my website on another domain. When information gets updated on my website, the mirrored website gets updated instantly too. This is both with database updates and static HTML updates. They changed the logo at the top of the page and also changed the copy right text at the bottom, but everything else is the same. When I right click to view source, I noticed that the copied website is linking to my css file on my website.

    Is there any way I can stop people from mirroring my website? I wrote this PHP code below, but it didn't help. The website still shows up on the mirrored website.

    <?php

    if (!preg_match("/localhost|example\.com/i", $_SERVER['SERVER_NAME']))
    {
    echo "<p>Error.</p>";
    exit;
    }

    ?>

    Thanks for reading!

  2. #2
    Lodge a DMCA complaint against them.

  3. #3
    Join Date
    Aug 2008
    Location
    England, UK
    Posts
    974
    Are you sure your site is being mirrored and not framed? If framed you can try using a javascript breakout script.
    LampNetworks - Affordable Web Hosting
    Hosting locations in United Kingdom & United States
    cPanel+Softaculous | 99.9% Uptime SLA | Daily & Monthly Backups
    Custom Hosting Plans Available - Select and Pay only for the Quotas YOU need

  4. #4
    Thanks for your replies.

    1. Where is the best place to file a DMCA complaint? DMCA.com?

    2. How can I find out if a frame is being used? When I right click to view source, I don't see anything that says "frame"? What should I look for?

    Thanks again guys.

  5. #5
    Join Date
    Jul 2008
    Location
    Riverview, FL/Concord, NC
    Posts
    618
    Look for a php include statement.

  6. #6
    Join Date
    Jan 2005
    Location
    Minneapolis, MN
    Posts
    966
    This tells you what you need to include in the DMCA: http://www.anti-abuse.org/how-to-fil...mca-complaint/

    Send it to the offending site and their upstream providers.
    Doyle Lewis
    BuyHTTP Internet Services - In business since 2003
    Business Hosting | nginx, CloudLinux, Varnish cache, and CDP with every business account
    Shared, Reseller, Semi Dedicated, VPS, Cloud, Dedicated - We can grow with you

  7. #7
    Join Date
    Jul 2013
    Posts
    296
    use hotlink protection for you js css and images.

  8. #8
    Report the site to Google immediately so it doesn't damage your rankings!

  9. #9
    I had a similar situation yesterday. I noticed it through the live chat tracking system.

    But later I figured out that my IP address has been used by another client before and he didn't update his DNS yet. So his URL was still pointing to my new vps.

  10. #10
    Thanks for replying to this thread and offering suggestions. Once I find a solution I will report back here.

    I have sent a DMCA request to Google to have the site removed. It's still pending. I added this code to my htaccess file and it has blocked the copied website from using my photos and css file, however the database content and html files are all still on the fake website.

    RewriteEngine on
    # Options +FollowSymlinks
    RewriteCond %{HTTP_REFERER} otherdomain\.com [NC]
    RewriteRule .* - [F]
    How is this person able to copy everything including my database content? As I said before, if I edit a HTML file on my website, it automatically gets updated on the copied website, but their fake logo which over writes my logo at the top stays the same. Their copyright footer text which also over writes my footer copyright text at the bottom stays the same too.

  11. #11
    Join Date
    Mar 2003
    Location
    California USA
    Posts
    13,681
    Its probably a reverse proxy.
    Steven Ciaburri | Industry's Best Server Management - Rack911.com
    Software Auditing - 400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com
    Fully Managed Dedicated Servers (Las Vegas, New York City, & Amsterdam) (AS62710)
    FreeBSD & Linux Server Management, Security Auditing, Server Optimization, PCI Compliance

  12. #12
    Join Date
    Feb 2011
    Location
    Auckland, New Zealand
    Posts
    76
    If it is a reverse proxy as Steven has suggested, you could try opening a URL such as:

    http://fakesite/?thisissomethingtotallyunique=1

    Then check your own website logs to see if a request like this was made to your own site. If it was, then try blocking the originating IP of that request. (It could be the same as the IP of the fake site, but not necessarily.)

  13. #13
    Have you tried blocking the target server from your source server?
    And like everyone else says, Enable hotlink protection - That would do for now!

  14. #14
    The guy has removed my website from his domain and now he is copying a competitor of mine. I now think he is a competitor who is doing negative SEO to try and knock out his competition from Google. I received this email from Google today:

    Please identify the exact content at http://example.com/ that you claim infringes upon your copyright. Once we have received this information, we will be able to continue our investigation.
    It seems like Google do not have a cache of the site, so the fake site may be able to get away with it by removing my site from their domain for a few days then uploading all the files again. I wrote back to Google and told them that he is now copying a competitor of mine and gave them the URL. I'm not sure if I should email my competitor yet in case they think I have something to do with it, especially if he goes back to copying my website again. I think I will wait to see what Google says first.

    Last night I tried the reverse proxy URL tip that KiwiDave gave on my iPhone and I looked at my logs this morning and saw an IP I am not familiar with, so I banned it with htaccess. I also noticed other activity where someone has been trying to access files that do not exist on my server.

    I got the info below from Google about hot linking. Is it correct?

    RewriteEngine on
    RewriteCond %{HTTP_REFERER} !^$
    RewriteCond %{HTTP_REFERER} !^http://(www\.)?mydomain.com/.*$ [NC]
    RewriteRule \.(gif|jpg|css)$ - [F]
    Thanks for all your help guys. Much appreciated.

  15. #15
    Join Date
    Dec 2013
    Posts
    2

    Reverse Proxy

    As previously stated, it has to be a reverse proxy because there is no way that a remote website can copy your mysql database unless your hosting machine is infected. So I wouldn't recommend sending a DMCA complaint.

    You can simply block the IP of the webserver that is accessing your website.

    You can use this simple script I just coded to find the IP of the reverse proxy.

    Simply upload this to your web server and access it through the mirrored web site to find out the remote servers IP.

    Code:
    <?php
    
    echo $_SERVER['REMOTE_ADDR'];
    
    ?>
    Hope I helped!

  16. #16
    Thanks for your advice OnlineServices.

    How does this proxy thing work? Does it constantly download all the information from my website and then upload it to the fake website?

    I haven't heard anything back from Google since I told them that this guy is now copying someone else.

    If anyone else wants to find out if someone is copying their website content, try this link: http://copyscape.com/

  17. #17
    Join Date
    Mar 2003
    Location
    California USA
    Posts
    13,681
    A reverse proxy can be something as simple as nginx.
    http://www.cyberciti.biz/tips/using-...rse-proxy.html

    If its a reverse proxy, and it sounds like it is, it loads your site in real time. They can use the proxy to rewrite parts of the site to match what they want all in realtime.
    Steven Ciaburri | Industry's Best Server Management - Rack911.com
    Software Auditing - 400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com
    Fully Managed Dedicated Servers (Las Vegas, New York City, & Amsterdam) (AS62710)
    FreeBSD & Linux Server Management, Security Auditing, Server Optimization, PCI Compliance

  18. #18
    Join Date
    Dec 2013
    Posts
    2

    Reverse Proxy

    Yes as steven stated, reverse proxies are essentially just relays of data between you and the server.

    During this relay process if you said that certain content of your page is being modified. It is likely that the relay software reads the page data and then modifies it with some of their ad code before relaying the now modified data back to you.

    Let me know if you have any more questions/concerns.

  19. #19

    I've had this happen... I took control

    I've had one of the websites I manage being reverse proxied (i.e. "stolen") ... twice. It's a Russian language site, and for whatever reason, the Russian scammers seem more aggressive.

    The first time, they were reverse proxying, and they always came from the same IP address and same user agent. They were clever enough to ignore requests to things like "robots.txt" and the Google/Yandex verification files and headers, so I wasn't having any luck adding their phony domain to my Google/Yandex webmaster.

    I noticed though that if I added the verification headers and used HTML encoding instead of a plain old string for the Yandex thing, it was accepted. So I was able to add the bogus hostname to my Yandex account, tell it to remove all URLs. Google was tricky too but I finally got it. They also filtered out any meta tags where we specify the canonical URL... lame.

    Meanwhile, I setup an iRule on my F5 to take any requests from that IP address/user agent and always return a simple HTML setup with a meta-refresh to the *real* host. If the browser is set to ignore meta-refresh, I also display a message saying "click here to get to the real page" or whatever (in Russian of course). I could have just blocked traffic from them, but people were clicking on the links and I wanted to help those visitors get to the real thing, while also making sure crawlers would kill off those bogus links.

    So that worked... eventually hits to the bogus page died off. It was annoying because for a while, their site was ranking ahead of ours in Yandex results.

    Then it happened again, different hostname, different IP address. This time they didn't even try to filter out requests for verification files so that part was easy. And Yandex now has a feature where it automatically figures out duplicate sites and will set the earliest known one to be the canonical domain. I did the same thing, putting in a meta tag refresh, even though this time Yandex wasn't even ranking them. Google was starting too though.

    Oh, and in that second case, the folks who setup the reverse proxy were at least passing through the original user agents, so all I had to go on was the IP from them.

    But yeah, it's easy enough to verify... like someone already mentioned, I went to the bogus site and added a made-up parameter like "?this-is-bogus" and looked for that in my server logs to confirm how they're hitting my server.

    Could a future case be even sneaker and do more to block my attempts? Probably, but worst case I just deny their reverse proxy any access at all. Unless they have a vast pool of proxies they come from, there's not much left for them to try besides scraping the site entirely and merely serving up static copies.

    I considered denying access to our JS/CSS unless the referrer was our actual site, but we use Akamai for CDN and a change like that would take a while anyway, and since I found another way it wasn't a priority. Their site would have still worked, it just would have looked ugly. Pictures are a big part of our site and they often get linked elsewhere on social media so we wouldn't want to block those in particular, but if your needs are different, that's definitely an option.

    Just remember, if they're mirroring/proxying your content, you do actually have some control, because their server is hitting you to know what to serve to the end user. Unless they spend more time trying to work around whatever you're able to do, you should be able to stop them, or best case, subvert them and send them to the correct URL.

  20. #20
    Join Date
    May 2008
    Location
    Cusco Perú
    Posts
    531
    Quote Originally Posted by Topkat325 View Post
    The guy has removed my website from his domain and now he is copying a competitor of mine. I now think he is a competitor who is doing negative SEO to try and knock out his competition from Google. I received this email from Google today:



    It seems like Google do not have a cache of the site, so the fake site may be able to get away with it by removing my site from their domain for a few days then uploading all the files again. I wrote back to Google and told them that he is now copying a competitor of mine and gave them the URL. I'm not sure if I should email my competitor yet in case they think I have something to do with it, especially if he goes back to copying my website again. I think I will wait to see what Google says first.

    Last night I tried the reverse proxy URL tip that KiwiDave gave on my iPhone and I looked at my logs this morning and saw an IP I am not familiar with, so I banned it with htaccess. I also noticed other activity where someone has been trying to access files that do not exist on my server.

    I got the info below from Google about hot linking. Is it correct?



    Thanks for all your help guys. Much appreciated.

    To view the cache by date, design and text you can use:

    http://archive.org/


    Note: http://copyscape.com/ is just to know if your text is copied to another page, but not for web design, if your site down with programs like teleport, your site would have a script that will record the IP and send an email.
    Last edited by CircuitoX; 01-06-2014 at 10:50 PM.

  21. #21
    Join Date
    Sep 2007
    Posts
    357
    Here is a simple javascript code to prevent iframe requests on your website. Add the code in <head> tag for your default theme.
    Code:
    <script type="text/javascript">
                //<![CDATA[
                    if (window.top !== window.self) {document.write = '';window.top.location = window.self.location; setTimeout(function(){document.body.innerHTML='';},1);window.self.onload=function(evt){document.body.innerHTML='';};}
                //]]>
                </script>
    PHP | MySQL | JS | Ajax | HTML

Similar Threads

  1. Website mirroring
    By digitalracks in forum Hosting Security and Technology
    Replies: 1
    Last Post: 01-06-2007, 03:28 PM
  2. website mirroring
    By rexster99 in forum Hosting Security and Technology
    Replies: 5
    Last Post: 12-23-2005, 03:25 AM
  3. Failover and mirroring a website.
    By dee_at_candl in forum Dedicated Server
    Replies: 7
    Last Post: 05-05-2004, 02:16 PM
  4. Mirroring a website
    By grace5 in forum Hosting Security and Technology
    Replies: 4
    Last Post: 01-22-2003, 05:44 AM
  5. website mirroring
    By inquisitive in forum Web Hosting
    Replies: 7
    Last Post: 07-11-2001, 03:56 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •