

Ask HN: Someone copied my website exactly - hbhakhra

I am working on a startup called KMSurvival[1] - a tool intended for cancer researchers generating Kaplan Meier Survival Curves. We just pushed out the 2.0 version of our website yesterday and I was just googling around checking how it ranked (very poorly) when I saw that there was a website called codemonkeyjava.com that was an EXACT duplicate of our site. It even said (c) KMSurvival. It seems that even the server requests to generate the curve are going to their own back end.<p>What can I do about this and is this something I should be worried about? There is a whois record with a person&#x27;s name and email address, would that help?
======
kaolinite
You haven't posted the real domain so I can't check but try pinging the
clone's domain and make sure it isn't pointing to your server's IP. It may
just be a domain that belonged to the previous owner of your server's IP.

~~~
codepeach
Yep, good point - and quite likely if your website is on it's own (non-shared)
IP address. One way to work around this would be to create a .htaccess file to
redirect any requests not matching your domain name to your own :)

~~~
hbhakhra
Real domain is kmsurvival.com. Your guess were correct, pinging the fake
domain did return our ip address. I will go ahead and put in the redirect in
the .htaccess file.

~~~
quesera
I always run a null default virtual host, which serves no content and logs no
traffic (or maybe logs to a default-access.log).

It deflects a lot of blind security attacks..all of which would fail of
course, but I don't need that noise in real log files.

This would solve your problem too. If you're feeling vindictive, redirect
requests for the offending domain somewhere that will be bad for their SEO.

EDIT: I should add that a null default vhost will exclude HTTP/1.0 clients.
But that's a non-issue unless you're serving to _very_ old embedded systems.

------
bbthorntz
One of our client's websites was recently cloned and hosted on the back of a
hacked .org TLD. The cloned site immediately trumped our client's website in
rankings and severely impacted their SEO (sales dropped drastically). The
sneaky part was that the cloned site was only displayed to GoogleBot and
normal users were redirected to a website in China selling fakes. Google
support were completely unresponsive and didn't understand the problem. In the
end we just blocked the scraping website's IP address from accessing our site
- unfortunately sales were affected for over a week.

------
iamjdg
I just checked both sites, they are both up, the fake codemonkey site and the
real kmsurvival.com.

neither show up on the first 3 google pages for "km survival" or "kmsurvival".
I have to google kmsurvival.com to get you to come up on the first google
page. you have some seo to do. good news is the fake site never came up on any
of the searches above.

------
tacone
Partially related: I had a personal blog and after 8 years or so, I let the
domain expire.

After a month it was not only bought, but replaced with an identical mirror
outdated of circa 2 years. Even the infinite scrolling js was working.

They replaced all the adsense with their own ads, and put textlinks inside the
posts (usually sex/abuse related keywords).

Not knowing what to do, I just reported it to google (and that led to no
appreciable result).

Luckily it went away after a bunch of months (the domain is still there, but
the website does not load nor it appears to be indexed in google any more)

Needless to say, being the website domain my real name, I felt pretty
embarrassed about it. :)

------
hbhakhra
So now that I know the fake host is just pointing to our IP, what can I do
about it (contact registrar etc)?

~~~
Raed667
This is an SEO thing, they hijack your domain to get their rank up a bit then
ditch you for their commercial website. Had that once working for a client,
just added a rule about if requests came from the fake URL I redirect them to
a porn website. Worked like a charm and they stopped their scam by the end of
the day.

~~~
mcv
Can't you turn the tables by sending a permanent redirect to your own domain,
thereby stealing whatever SEO ranking they built up?

~~~
Raed667
I'm not an SEO expert just asked around around the office, Googled it, and
then acted. I was just a backend dev and this (a part from a couple of vague
forum questions) is not that well documented, so I don't know how this works
exactly.

------
atoz
do a

dig codemonkeyjava.com or kmsurvival.com

=> both domains point to the same ip.

=> this seems to be a problem of the webservers vhost configuration.

cheers v.

