views:

788

answers:

4

The technical solution can be found here: Entire website hijacked! Part 2: How to configure name-based virtual hosting?


The original domain is http://neteditr.com

The offending copycat site is http://kitchen.co.jp

After reading upon some articles it seems like this kind of website hijacking is done by proxy servers, but how in the world is the link to "neteditr.com" removed from Google's search pages and theirs "kitchen.co.jp" is high up on the list? About a month ago, I could still do a "neteditr" search and have neteditr.com come up on 1st place.

As of now, I've used Google's SearchWiki to remove all of their entries and added the original URL hoping to give more weight back to the original domain. But this is only for my own Google account. If I do a generic search without being logged in, the problem still persists.

Anyhow my questions are:

  1. Technically, how do you prevent your website from being mirrored on another domain, I'm using Apache and serving HTML/JS/PHP/CSS files.

Short Answer: You can't prevent it

  1. What do you do if you are currently mirrored?

Short Answer: Set up name-based virtual hosting. See techinical solution above.

  1. Google deleted your original domain from their search rank and has ranked your offender's site on Google's first page. Can we[victims] complain to Google about this?

Answer: After name-based virtual hosting is set up and the offending domain is disallowed HTTP access, given time Google should automatically remove their domain name

***EDIT

Using stackoverflow.com as an example:

stackoverflow.com IP = 69.59.196.211

It would be the same as registering a domain named stackunderflow.com and pointing it to 69.59.196.211. And while doing a search for stackoverflow in Google, stackunderflow.com is on Google's first page and stackoverflow.com is nowhere to be found. How did they do this?

***EDIT 2

After learning kitchen.go.jp is pointing to my original IP I've concluded that the offender is not using a proxy server. Usually in malevolent mirroring cases, the offender will add their own ads and porn links on top of the mirrored content. Such is not the case in my situation. So it could be either:

A) To be honest I think someone just wanted to have your editor on a Japanese domain (company webfilter policy maybe?), nothing malvolent -DrJokepu

B) Could be someone wanting to build search engine rank before switching it out to different content (i.e. theirs) -Roland Shaw

+3  A: 

The domain kitchen.go.jp points to 209.20.77.104. According to GeoIP, it is in Saint Louis, MO, which means it is in a country with a strong legal system so you can sue them or send them a DMCA notice. Contact a lawyer.

Update: According to the Japanese NIC whois service (whois.jprs.jp) the contact information for the domain is the following:

Contact Information:
a. [JPNIC Handle]               SU180JP
c. [Last, First]                Usami, Shinichi
d. [E-Mail]                     [email protected]
g. [Organization]               Usami Co.,Ltd.
l. [Division]                    
n. [Title]                      Vice President
o. [TEL]                        0729-48-2801
p. [FAX]                        0729-48-2807
y. [Reply Mail]                 
[Last Update]                   1999/03/04 12:51:46 (JST)
                                [email protected]

You should probably contact them. To be honest I think someone just wanted to have your editor on a Japanese domain (company webfilter policy maybe?), nothing malvolent.

DrJokepu
..and so does neteditr.com, kitchen.co.jp just points to the original server. You should look up where the domain is registered, but I can't really make anything out of this: http://who.is/whois-jp/ip-address/kitchen.co.jp/
Jan Gressmann
209.20.77.104 is my original IP. Odd, why would someone register a domain name to be pointed to someone else's IP?
Could be someone wanting to build search engine rank before switching it out to different content (i.e. theirs)
Rowland Shaw
That's very likely
+4  A: 

Any website can be duplicated; and any that don't rely on any server side processing (i.e. entirely implemented in Javascript on the client, with associated HTML/CSS/images) is going to be especially easy, for the simple reason that to work, the browser needs to be able to download all the content, at which point it could be pulled from browser cache (or intercepted midway, or downloaded with a malicious client).

The best course of action is to approach the ISP hosting the copy -- they will probably need evidence that they copied you, and not vice-versa. It may carry more weight and be actioned faster if you get your lawyer to do this (as a copyright infringement)

In terms of Google ranking the page higher, that's down to their algorithms, which would be classed as trade secrets (I'd assume the number of inbound links plays a major part in the results). You could approach them to ask them to remove the pages, but I doubt it would be met with much success as it would be your word against theirs without producing the evidence that you're the victim of a copyright infringement

Rowland Shaw
Google's algorithm isn't completely secret. Take a look at http://http://infolab.stanford.edu/~backrub/google.html/
Mark Pim
Their original paper is a little of date now, and I strongly suspect that their approaches have been "tweaked" over the years with other factors becoming more important to defend against bias in results from people exploiting naiveties in older algorithms.
Rowland Shaw
+9  A: 

In Apache, set up virtual hosting. You can disallow access to your site from http://kitchen.co.jp/ or disallow from anything except http://neteditr.com/.

strager
Darn it, I was just typing the same thing. +1
Alterlife
+1, you should always use name-based virtual hosting so that your site is only available through known-good domain names. This avoids DNS rebinding attacks as well.
bobince
Yes, I think "disallow from anything except http://neteditr.com/" is the best solution. Thanks! With that in place, Google should automatically remove kitchen.co.jp from its search rankings when it finds an unresponsive server for that Japan domain name.
A: 

Technically, how do you prevent your website from being mirrored on another domain, I'm using Apache and serving HTML/JS/PHP/CSS files.

There's really no way to do this. In order for a web browser to display your content, you have to send them all your HTML/JS/CSS/Images, which is exactly what someone would need to copy your website. The only thing you don't serve up to them on a silver platter is the PHP. There's no way to get content to your users without making it possible for someone to rip off your website.

Chris Upchurch