Exact illegal copy of my Site on another Domain

[Neo]

A couple of months ago I created a portfolio website with ProcessWire for a client of mine.

For both server and CMS I used strong passwords and the usual security measures.

My client contacted me now that an exact, dynamic copy of the website was created on 

another domain. I already filed a complaint with the respective Domain registrar (GoDaddy) 

and also notified Google via the DMCA procedure. The violating domain uses the same IP

like the VPS of my client. 

The question is now how this could have happened. I know that there are tools like HTTrack on

Kali Linux, which would to my knowledge require access to the MySQL database to create an

exact copy. As you don't easily hack a secured Linux server, this makes me think that the intrusion

must come from inside the hosting company; i.e. a system administrator accessed the VPS.

Would appreciate your advice.

[adrian]

HTTrack (at least how I have used it) just downloads the served HTML pages - it doesn't need any access to your server for this - it just grabs the pages that any browser can view. How do you know that the copy isn't just serving static HTML pages? If that is the case, then there really isn't anything that can be done. Even if they have duplicated some dynamic functionality from your site, that doesn't necessarily mean anything was hacked.

The violating domain uses the same IP like the VPS of my client. 

This does seem a bit weird though. I assume you mean the same IP CIDR block, rather than the exact same IP address?

[kongondo]

The violating domain uses the same IP like the VPS of my client. 

Is this even possible? Two machines to have the same IP address?

[Craig]

Have you checked the copied site using http://isit.pw/?
 

If you update content on your client's site, is it coming up on the copied site; or is the content "as it was" at the time it was copied?

Are you able to access the control panel with your known credentials?

Is there a chance that the new domain is "pointing" to your client's site?

Is this even possible? Two machines to have the same IP address?

It depends. If the servers are behind a load balancer or caching server, then many websites would appear to use the same IP. It would all depend on the hosting provider's configuration and DNS configuration of the domains in question.

[adrian]

Is there a chance that the new domain is "pointing" to your client's site?

Seems like a very possible scenario!

[Neo]

I just changed some content on the original site and the changes also appear on the other domain, i.e.

the domain just seems to point to the site.

Could I redirect incoming traffic from this specific domain (both www and non-www) with .htaccess?

Or what would you do? 

I am just asking myself why you would redirect to another domain like that? 

Earn domain authority with someone's content?

The original content is the personal portfolio of a graphic designer, so there 

is really not much commercial value...

[Peter Knight]

Is the other domain for a business in the same industry? Just trying to establish if this is a genuine mistake.

You could also consider that someone did a deliberate point to harm your rankings? Duplicate content etc?

[OrganizedFellow]

When you view the offenders website source code, what does it show?

An iframe?

Your content?

Maybe some crafty hotlink protection in your htaccess file is needed.

[pwired]

This happened to me once when I forgot to delete a development site on a free hosting. Once the production site was online the two where still connected through the .htaccess file. It looked exactly as you describe your situation now.

[LostKobrakai]

I just changed some content on the original site and the changes also appear on the other domain, i.e.

the domain just seems to point to the site.

Use both of these in the command line. If both return the same IP you can be really sure. 

nslookup mydomain.com
nslookup copydomain.com

[kongondo]

@Neo,

Mod note: I changed the title of your topic. Reading it quickly one would think there was an 'illegal copy of ProcessWire'.

[Neo]

@LostKobrakai nslookup returns the exact IP for both domains, i.e. this domain seems to just point to the website.  

@OrganizedFellow No iframe involved. It is the exact same content.

@Peter Knight The original website is from a graphic designer. The hijacking domain seems to be unrelated. Some sort of theater or show from Canada.

Neither the domain owner nor GoDaddy's abuse service are reacting. 

Is there anything I can do about this?

[diogo]

Here's the same exact problem and solution for it http://stackoverflow.com/questions/13872892/htaccess-deny-requests-from-unauthorized-domains

[kongondo]

How did they get Neo's client's VPS IP address in order to point to it? That is not info you get on whois, or am I missing something?

[DaveP]

@kongondo Lots of tools on the web - http://get-site-ip.com/ for example.

[LostKobrakai]

How did they get Neo's client's VPS IP address in order to point to it? That is not info you get on whois, or am I missing something?

Exactly the way I posted above. How else would your browser get your requests to the right server if there wasn't a way to get the ip address behind a domain.

[ryan]

If you upload a random txt or html file to your web server, can you access it at the other domain? My guess is yes. If so, it sounds like an honest mistake. Perhaps you are on a dedicated IP and the owner of the other domain made a typo when setting up their DNS record. Or perhaps the web host made an error when setting up their VirtualHost directives in Apache. You should be able to correct the problem by adding this to your .htaccess file somewhere after the "RewriteEngine On" line:

RewriteCond %{HTTP_HOST} !^www\.yourdomain\.com [NC]
RewriteRule ^ http://www.yourdomain.com/ [L,R=301]

[kongondo]

@kongondo Lots of tools on the web - http://get-site-ip.com/ for example.

Exactly the way I posted above. How else would your browser get your requests to the right server if there wasn't a way to get the ip address behind a domain.

Well, I am totally ignorant about servers . Learn something new everyday..

[Neo]

Thanks Ryan. I used your snippet to redirect all incoming traffic from potentially misleading domains, which works.

Might be possible that this is an error, however, I contacted the domain-owner who is not responding, which is strange.

I was thinking that the whole domain might have been kidnapped and the owner does not know about it. 

In any case, it is the responsibility of the domain registrar to investigate this further.

Thanks to everyone for the comments.

Again, ProcessWire stands out when it comes to community support.

[Pete]

Just thought I'd add that if you thought it was malicious then diogo's way above might be better: https://processwire.com/talk/topic/11380-exact-illegal-copy-of-my-site-on-another-domain/?p=106247 as it will show a forbidden warning, rather than cause potentially dodgy urls to redirect to your site as per Ryan's solution.

Either is valid - just different results for anyone loading the URL in question. If it was a dodgy XXX url for example (I know it isn't in this case) then showing a forbidden warning might be preferable to something that sounds a bit x-rated silently redirecting to your domain name

[Neo]

@Pete I appreciate your comment and will also consider diogo's solution, which makes sense if the pointing domain contains XXX content. 

The domain owner has still not reacted, which makes me think this has been done on purpose. GoDaddy also refuses any responsibility.

Overall, not an ideal situation.

[kixe]

To force a reaction of the responsibles

RewriteCond %{HTTP_HOST} !^(.*)\.yourdomain\.com$ [NC]
RewriteRule (.*) <h1>Error 502 Bad Gateway</h1><p>Please contact <a href="mailto:owner@example.org">domain owner</a> and/or <a href="mailto:provider@example.org">Service Provider</a></p> [R=301,L]

[MuchDev]

I have an interesting related problem. There is a website that is using a meta refresh to redirect to our domain, is there any way to filter that out using htaccess?

[Pete]

I have an interesting related problem. There is a website that is using a meta refresh to redirect to our domain, is there any way to filter that out using htaccess?

Here you go: http://stackoverflow.com/questions/13106299/redirect-using-htaccess-based-on-referrer

Actually, that link I posted is part of the puzzle, what you might actually want (untested) is this since you know the referring domain:

RewriteEngine On
RewriteCond %{HTTP_REFERER} ^http://the-naughty-domain.com [NC]
RewriteRule ^ http://the-website-of-your-choosing.com/ [L,R]

Basically targetting only the naughty domain and sending them somewhere else. This can also be changed to do any of the other actions discussed in this topic.

[elabx]

I am having this exact same problem right now. Shouldn't this type of issues be solved by default on PW's .htaccess?

Also, I have a doubt, I thought this kind of protection involved the configuration variable $config->httpHosts, or maybe I am missing what this variable is for exactly?

Best regards.