My website is cloned by some people? help please


#1

Hello Everyone,
i launched a website and it was doing good and was ranking high, but the ranking was dropped almost immediately when i checked my search console, my website has been cloned by lot of domains and was getting a lot of bad badlinks thats why i lost my ranking.
currently my website is cloned and what i do on my website happens there all automatically. i did tracked there ip to ban it from my server side but they are also using cloud flare so i cant actually block it.
i also tried x-frame-option tags but didnt worked.
i dont know what to do, any help would be greatly appreciated.


#2

I see you and that other domain are both using Cloudlfare. Can you list one of the other two that are cloning your domain?

My first guess is a misconfigured server is letting this happen. Can you check your server logs to see if it’s logging the visitors to the sweet potato site? It could just be redirecting those requests to your server.


#4

Wow, all of them though Cloudflare. I still suspect they all ultimately hit your server and it’s misconfigured.

I suggest you open a Support Ticket for Abuse here:
https://support.cloudflare.com/hc/en-us/requests


#5

Yes they all are using cloudflare to mask there ip. you wont believe but i blocked more then 5 clones already which are not using cloudflare. but i cant tackle them as they are using cloudflare ip.
Anyways i submit request hopefully they will shutdown there websites.
what are the time span they will reply usually?


#6

Support usually responds within 24 hours.

As I’ve mentioned before, this is probably a misconfigured server. You should contact your web host for help on this.


#7

i have tried different hosting companies but the issue still remains.


#8

Cloudflare can shut down the offending sites, but you’ll have to track down those other non-Cloudflare hosts to shut the sites down.

It sounds like you’ll be playing whack-a-mole for a long time until you figure out how they’re cloning your site.


#9

i think, they will not be able to clone again as i have improved my scripts security so they will no longer be able to clickjack my website. as these one are already cloned so i cant fight them.


#11

Do you use the <canonical> tag? If so - were the clones smart enough to remove it?
You can get the end user’s (cloner’s) IP rather than cloudflare’s masked IP. Have you tried that?


#12

can you please tell me how to get cloners real ip not cloudflare ip. that way i can easily block them ip i know the real ip.


#13

With the http request data header CF-Connecting-IP.

You can also set your domain to “I’m Under Attack”.

Visitors will receive an interstitial page for about five seconds while we analyze the traffic and behavior to make sure it is a legitimate human visitor trying to access your site.

Or set the Security Level to “High”.

Both Explained:


#14

This would appear to me to be bad config rather than malicious but I could be wrong.

As has been mentioned, as an immediate action, set a canonical tag in your HTML for your real domain name as to keep your SEO etc whilst this persists. (EDIT: They also have the same msvalidate.01 code so you should be able to control bing results for them)

You then need to make sure your site responds only to your hostname (e.g. using virtual host in Apache or whatever). If you’re using a host which has that control abstracted from you then let them know of your problem as this, at least to me, looks like just poor config on the backend - i.e. your site is being shown as a kind of default for uncaught sites or something.


#15

As far as I can see the OP is publishing a website whose purpose is to pirate commercial videos, or assist in piracy. And the websites who he’s having issues with are engaged in the same criminal enterprise. He complains there’s no honour among thieves. He’s concerned about his SEO ranking because Google and other search engines are in the same business too. They pretend they are merely cataloguing the Internet according to impartial algorithms, but at the same time their business model is built on specifically targeting individuals with search results tailored for their susceptibility at the behest of conmen. If cloudflare can “shut down the offending sites”, maybe it ought to shut down the OPs too.


#16

Yes, Bill. It’s a fine line for CF to walk for sure.

Any kind of censorship is bad, because it can slowly creep up from the gutter to the sidewalk to the home. CF must stay impartial and simply do it’s job. They are not the DMCA police.

Personally I want to know more about this case for my own knowledge of how things work, where the weak link is, how to fix it, etc. It will probably help me in the future with legitimate cases.
I don’t really care about a site trying to make $ads with stolen goods while being cloned by others trying to do the same exact thing.


#17

Sure, Jules. CF is infrastructure and thus a “mere conduit”. And it’s not their job to police the Internet. Excuse me interjecting my opinions into a technical discussion.


#18

Sounds like they are also scraping & crawling to get this data to update constantly. Try Rate limiting & honey pot pages. Google for more info.


#19

thanks jules for showing interest but i have sort out the problem, i have used X-Frame-Options Response Headers to avoid any other users and servers to iframe my website.


#20

Thank you for posting back your solution. In case X-Frame-Options is not supported by the web browser, you might want to try add a JS fallback as well:

<script type="text/javascript">
//framebuster
if (top.location != document.location) {
	top.location = 'http://mySite.tld/myHomePage';
}
</script>