Site being cloned/copied unauthorized


#1

Yesterday I was notified by DCMA that the badge on my site had been found on another url. When I went to that URL https://vodychka.racing/ it was indeed an entire functioning copy/clone of my site https://trans-americas.com. Today the copy is no longer fully functional, not all pages work, images aren’t displaying, css not properly formatted. However, it is still there.

I have been working with my host, Siteground to see if there was any access to my account/shared server. After reviewing the logs we determined this unauthorized site never had access to my account or server. That however doesn’t answer the question as to how they had a functional copy of my site. Siteground says the only relation they see is that both sites are on the Cloudflare DNS network. Is there someway this can be happening through Cloudflare.

Sorry, I maage my own WordPress site by I am by no means a webmaster or have much technical knowledge or understang as to how this could happen.


#2

Internet is bad and get etting a copy of a website is not that difficult. There are ‘security’ focused Linux distributions available that deliver tools to make a static copy. I recommend to file a ticket with the abuse team: https://www.cloudflare.com/abuse

It could also have a technical background. Misconfigured DNS for example.

Btw:
It not longer fully functional because almost no js or css file is loaded and throwing a 404.

https://www.webpagetest.org/result/180924_YA_dc6ab2692bce5df81402998b1d11ed29/1/details/#waterfall_view_step1


#3

Anyone can rip your site and upload it elsewhere as a copy. It could even just be proxied through a host they own and redisplay your realtime content as it changes. However there are some steps you can take to make it harder:

  • The best thing you can do is make sure they can’t simply point their hostname to your server and have you also pay for the bandwidth they’re stealing along with your content! To do so, make sure your site only displays when being access on the correct URL (so using a virtual host, say, in Apache).

  • If you have all your traffic coming in via Cloudflare you can block all direct access and only allow access form the Cloudflare IP addresses.

  • Once all access is coming via Cloudflare you can use User-agent blocking to drop access from the more common web scrapers (might stop skiddies but this is easy to get around. Still it’s free so worth a shot)

  • You can make sure people aren’t hotlinking to your images with a setting under the ‘Scrape Shield’ tab of the Cloudflare dashboard

  • You should also make sure all your pages have a canonical tag referring to your hostname so you don’t lose SEO if someone does rip-off your site.

  • A bit more hacky, but one could also add a javascript redirect on each page that checks the address of the page and reloads from your hostname if it doesn’t already match that.

But ultimately a determind thief can still rip off your content. You just need to make it hard enough that they find an easier target. All of the above with the exception of the last one are pretty easy to get up and running on most sites.