Ask HN: Someone copied my website exactly

15 points by hbhakhra ↗ HN
I am working on a startup called KMSurvival[1] - a tool intended for cancer researchers generating Kaplan Meier Survival Curves. We just pushed out the 2.0 version of our website yesterday and I was just googling around checking how it ranked (very poorly) when I saw that there was a website called codemonkeyjava.com that was an EXACT duplicate of our site. It even said (c) KMSurvival. It seems that even the server requests to generate the curve are going to their own back end.

What can I do about this and is this something I should be worried about? There is a whois record with a person's name and email address, would that help?

15 comments

[ 4.0 ms ] story [ 32.9 ms ] thread
You haven't posted the real domain so I can't check but try pinging the clone's domain and make sure it isn't pointing to your server's IP. It may just be a domain that belonged to the previous owner of your server's IP.
Yep, good point - and quite likely if your website is on it's own (non-shared) IP address. One way to work around this would be to create a .htaccess file to redirect any requests not matching your domain name to your own :)
Real domain is kmsurvival.com. Your guess were correct, pinging the fake domain did return our ip address. I will go ahead and put in the redirect in the .htaccess file.
I always run a null default virtual host, which serves no content and logs no traffic (or maybe logs to a default-access.log).

It deflects a lot of blind security attacks..all of which would fail of course, but I don't need that noise in real log files.

This would solve your problem too. If you're feeling vindictive, redirect requests for the offending domain somewhere that will be bad for their SEO.

EDIT: I should add that a null default vhost will exclude HTTP/1.0 clients. But that's a non-issue unless you're serving to very old embedded systems.

So now that I know the fake host is just pointing to our IP, what can I do about it (contact registrar etc)?
You can setup a virtualhost for that URL and have some fun with the domain. (Think; porn, disgusting stuff, extremist stuff)
No need to be malicious unless you're sure. A common mistake not to keep A records updated for domains sitting disused.

Perhaps, just redirect to a non locally hosted neutral page saying something like "The domain you requested was redirected to an invalid server. The reason for this is not clear."

I'd not like a redirect on my server sending people to something deliberately offensive; that reflects on me.

This is an SEO thing, they hijack your domain to get their rank up a bit then ditch you for their commercial website. Had that once working for a client, just added a rule about if requests came from the fake URL I redirect them to a porn website. Worked like a charm and they stopped their scam by the end of the day.
Can't you turn the tables by sending a permanent redirect to your own domain, thereby stealing whatever SEO ranking they built up?
I'm not an SEO expert just asked around around the office, Googled it, and then acted. I was just a backend dev and this (a part from a couple of vague forum questions) is not that well documented, so I don't know how this works exactly.
(comment deleted)
One of our client's websites was recently cloned and hosted on the back of a hacked .org TLD. The cloned site immediately trumped our client's website in rankings and severely impacted their SEO (sales dropped drastically). The sneaky part was that the cloned site was only displayed to GoogleBot and normal users were redirected to a website in China selling fakes. Google support were completely unresponsive and didn't understand the problem. In the end we just blocked the scraping website's IP address from accessing our site - unfortunately sales were affected for over a week.
I just checked both sites, they are both up, the fake codemonkey site and the real kmsurvival.com.

neither show up on the first 3 google pages for "km survival" or "kmsurvival". I have to google kmsurvival.com to get you to come up on the first google page. you have some seo to do. good news is the fake site never came up on any of the searches above.

do a

dig codemonkeyjava.com or kmsurvival.com

=> both domains point to the same ip.

=> this seems to be a problem of the webservers vhost configuration.

cheers v.

Partially related: I had a personal blog and after 8 years or so, I let the domain expire.

After a month it was not only bought, but replaced with an identical mirror outdated of circa 2 years. Even the infinite scrolling js was working.

They replaced all the adsense with their own ads, and put textlinks inside the posts (usually sex/abuse related keywords).

Not knowing what to do, I just reported it to google (and that led to no appreciable result).

Luckily it went away after a bunch of months (the domain is still there, but the website does not load nor it appears to be indexed in google any more)

Needless to say, being the website domain my real name, I felt pretty embarrassed about it. :)