Someone bought a similar domain and copied all of the content – wdyd?

34 points by matijash ↗ HN
Our original domain is https://wasp-lang.dev, while the fake one is https://wasp-lang.net/. They didn't change anything, even all of the URLs remained the same. Also didn't try to get in touch with us, we discovered it by accident.

I'm not sure what is their motivation (sell us domain at a premium?), but doesn't sound benign. What can we even do in such a situation?

Thanks for your advice!

31 comments

[ 3.1 ms ] story [ 71.1 ms ] thread
I wouldn't be surprised if they attempt to sell you the domain. It's a bit more elaborate than those Chinese cons where they want to sell you obscure domains similar to yours.

That said, I'm with you surely there is more to this?

I guess the first thing would be to try and contact them. They've anonymised their WHOIS info but it looks like there's a unique email associated with the domain: 53fdcf64883c49cb959ebaab98cea57e.protect@withheldforprivacy.com

Try emailing them and asking WTF they're doing?

That'd just set you up for easy blackmail, wouldn't it...
How so?

All you're doing is communicating with the fake website owners. At worst it gives them an email address. This could be a temp account set up just for this purpose though.

They know you're concerned or worried about the site. Who knows, maybe they regularly clone sites and sees who reaches out.
Someone bought a domain I let expire (intentionally - I no longer wanted to run that site) and appears to have mirrored all the content on it with occasional ad links thrown in here and there.

It's weird.

I don't want to link to the site because I don't want to drive traffic to them.

The exact same thing happened on an old blog of mine. They mirrored the content and changed all the links to ad links. I asked them once to take it down but received no response. I just ignored it and eventually they let the domain expire.
That makes sense. Your website probably had a good page rank and/or visibility. If they would have replaced your content with other content and/or filled it with a lot of ads, that might have dropped quickly. I often get request for links, advertisements or payed content for my personal website.
File DMCA notices with the registrar, the host, and all major search engines.
Has this worked in practice for you?
Basically I would challenge them on the bluff. I would take down my website and be like, "hey cool so I guess you're in charge now.". I would stop doing things in public related to the previous thing that was copied. I would see how far they take things. When they get bored and wasted enough of their own money on this I would pop back up.
Have you ever been known by the name thankful_for_today?
I recognize that name from the Monero project, but I learned about it after it was forked away from him. Is that who you're talking about?
Somebody once registered our company in google my business (basically google maps). Still no idea what was the point.
I've had that happen at my work, but afaik it was just so that the location could be added to google maps. Someone who just wanted your business to be on google maps for some reason?

Google has a pretty streamlined process to take back control of these too so maybe its pretty commonplace.

We already had it listed, and he abused the recovery process (no idea how!) to get control over it. We managed to appeal to get it back. Nothing really happened other than that.
Maybe they want to rank it up in SEO and then add ads to it? Or inject malware into their installer?
Could be one of your people.
we also thought that at first but we checked (there's only 5 of us) and it wasn't!
Given they've literally just deployed a copy of an open-source website, I'd guess it was a mistake rather than malicious: possibly someone who was testing out vultr's hosting or perhaps someone trying out docosaurus (given your website is listed in their showcase as open-source: https://docusaurus.io/showcase). Easy enough to imagine someone running through a deployment process that intelligently recommends a domain to register for them.

If malicious, it's probably not about the site content and rather they're sending out emails pretending to be you.

The contents of your site are your property, in America at least (and I assume most of the world), you have copyright ownership of any assets you create. File a DMCA and if the registrar refuses to take the site down, use the DMCA for its intended purpose.
Might be! Although a still bit hard to imagine someone "accidentally" buying this exact domain and then deploying the content.
It's not accidental. HTML source has a comment that probably gets auto added which says it is using a Mirroring Tool called httrack.com
This seems like it would be mostly automated on their part. You could add a bit of Javascript on your site and wait for them to mirror it.

if (document.location.hostname == 'wasp-lang.net') document.write("");

Making it a pain for them would make it probably not worth bothering with.

(comment deleted)
I would do this, but have it redirect to the original site. You could even add canonical tags in the head section so that Google sees it as a duplicate copy of the original site and doesn't index it. This basically makes their site not exist.

Then you can work on the DMCA takedown in parallel.

I have EXTENSIVE experience with this, as I’ve dealt with it many times as a brand owner.

The strategy is to attack them from all sides.

1) Shopify DMCA 2) Cloudflare DMCA 3) Web host DMCA 4) Look at any widgets or services they use on the page - DMCA 5) Get a lawyer to email them notice of violation and lawsuit 6) Google DMCA 7) Registrar DMCA

I’ve had most luck with 1 and 2 (most responsive). Others can work but take more time 2-3 months.

8) Order from their store (If they are selling) and write your company name as customer (so they can see you are buying to pursue legal action).

9) Start adding any relevant keywords they might be using on their domain to your website to catch any traffic (like variations of your trademark).

With all of these listed, the best method is to cite your Trademark # in each email. There’s a specific template for each service provider which needs to follow guidelines for takedown requests (such as your signature, mailing address etc), make sure you include all those relevant points or they may ignore your request.

The HTML source has this:

<!-- Mirrored from wasp-lang.dev/ by HTTrack Website Copier/3.x [XR&CO'2014], Fri, 14 Jan 2022 14:26:50 GMT -->

So it seems that this is a mirror and using this tool https://www.httrack.com to copy your site

The site is hosted on a Vultr VPS in Singapore. Could be someone there but you can raise a DMCA request with Vultr here:

https://www.vultr.com/legal/copyright/

Attn: David Gucker, DMCA Agent. 319 Clematis Street Suite 900 West Palm Beach, FL 33401 732-566-1268 (fax) Email: dmca@vultr.com

Also might be just SEO squatting... May throw up a bunch of AdSense ads on their side, the fact that there is a duplicate site is a problem for you, do what the comments say with adversarial stuff and complain to as many parties as possible including DMCA, registrars and the Microsoft/Google deceptive Site lists, etc. Don't let your domain expire or you'll get it bought of you and content mirrored there too which is surprisingly common
Happened to me. I emailed the abuse mailbox of their DNS provider and after two weeks their site was gone.