Somebody has stolen my whole blog – Cloned Website

Me monitoring the cloned website that stole content from philocalist.co.uk

My website has been cloned. Every single post from July 2017 dating back to the very beginning has been mirrored on another URL. The site looks exactly like mine; same images, same words, same logo, same layout, same face, same voice, different web address.

Someone has ripped out the source code and simply copy & pasted it somewhere else, stealing 3 years of my work. It’s a little more technical than that but I’m not giving them the credit.

How did I find out? Well, sometimes I’m too lazy to type my own URL in and search my blog for a specific post that I want to share on Twitter. Instead, I type some keywords into google that I know will bring the article up. A few days ago I used the niche combination of ‘Philocalist+emo’ to find a post I wrote a few months ago about the revival of my favourite subculture.

My article popped up right at the top of the search terms… but so did an identical article beneath. Had someone reblogged me without asking first?

I clicked on the listing to investigate and that’s when I started to panic. The website didn’t just share my article, they were using my logo too and the same theme I’d paid to use. I put my phone down utterly confused and typed the URL into my laptop to take a better look.

It was then that I realised I was dealing with a clone/scraper site. As I went through the website I realised they had taken absolutely everything; changing the internal links only to ensure they had a healthy backlink profile and that no links pointed back to the real Philocalist website. Everything was the same, even the comment section!

Weirdly enough, I’d heard of clone sites before. A friend of my boyfriend was targeted 5 times in one year, but he runs a great web design agency and since the thieves were trying to make their own website look like a top-notch UK agency to bring in clients, it made sense why he would be targeted.

Whereas in my case, there didn’t seem to be a clear motive.

Why has somebody cloned my website?

I’m going to share a few theories that apply to any cloned websites. I’m not 100% sure about the motive behind my own clone at the time of writing.

Ransom

Luckily this hasn’t happened to me but throughout my research I found plenty of stories where people were asked to pay anywhere between ยฃ400 to $1000 for the removal of stolen content.

If this applies to your situation, don’t be tempted to pay. There’s no trust in a criminal deal. Who’s to say that once you pay the thieves will really take it down? Who’s to say they won’t try and get money off you again a few months later down the line using the same trick? It simply isn’t worth it.

SEO Link building farm

Another reason that people clone websites is to build up a quick library of rich content. Once the stolen content starts to rank on Google and the website builds it’s own DA, they can go back through the cloned content and build links to other third party websites within the stolen content.

Whilst this practise is extremely outdated, it doesn’t take long to find people providing paid link services on freelancing directories like PeoplePerHour and Fivver.

Affiliate click farm

If the clone website starts to rank higher than the original content, the clone website holder may use affiliate deep links throughout the content to earn a passive income. This is an easy way for scammers to make money through affiliate marketing without writing any of their own content.

Phishing

Let’s say your website has been cloned and you’re an ecommerce website – It’s possible that the people behind the cloned website are merely trying to steal customer details. On this occasion, you can instantly report them for phishing. When customers are at risk it’s generally easier to take a website down.

It’s important that you report the website to Action Fraud, so that they can investigate the scammer. You can also report the website to individual browsers – Chrome, Firefox, & Internet Explorer (IE is as slightly more convoluted… because it’s Microsoft).

Harassment

Unfortunately we shouldn’t overlook the fact that some of these websites can be created due to malicious intent towards the original owner. I received an inbox message from someone who has been battling for a year to take down a fake ‘in memoriam’ website that an ex-boyfriend created for them.

If someone wanted to piss a blogger off, a clone website would be a sure way to get them hyped up about duplicate content issues. Personally I don’t think I’ve annoyed anyone enough to do this, but I did ruffle a few feathers with my post about how people can’t trust beauty bloggers, so you never know!

Which one applies to Philocalist.co.uk?
I’m not too sure yet. The clone website is so new (3.5 month URL age) and has only been up since July. I regularly use CopyScape after having fellow bloggers rip off my work before, so I’m guessing I got really lucky finding the clone website via a super fresh Google listing that not even CopyScape had found. The clone hasn’t been updated since the initial set up either, so I’m not too sure it’s a content farm. Right now, I don’t have an answer.

How can you take down a clone website?

Contact the host to file a DMCA

This is the most effective (but still sometimes slow), legal way to take down the clone website.

First of all, you need to head to a free Who Is lookup service and see what you can dig up on the person who owns the website. You should be able to find their domain registra, contact email & server information. In my case, the site scraper is using a WHO IS guard service, so unfortunately I can’t find many details.

Work with what you’ve got and contact every reputable organisation you can find linked to the clone. Personally I even went as far as contacting CPanel, which is just a management system not a hosting company, to let them know what their customer was up to. They have no responsibility to act but they might be able to help you dig up extra data/act as a middle man and since their logo pops up alongside stolen content they’d probably rather know.


Once you’ve found out the host or where they purchased the URL from, you need to visit the company website and become familiar with their copyright policies. Most will reference the DMCA method and legal team contact details on their policy page.

Writing your DMCA email
I used a basic DMCA template from SarahFHawkins.com to complete my notice after initially being declined for not including a statement under penalty of perjury. I wanted to get legal advice when writing the email, but it’s Christmas (at the time I’m writing this) so my mind is on other things. Besides, there are plenty of resources online to help you.

Here is the full email I sent:
Here is the full DMCA email I sent to NAMECHEAP after finding a cloned website of Philocalist.co.uk.

File a Google DMCA notice

You can also file a separate Google DMCA notice, but these can be slow and ineffective. What makes this even more annoying is the fact that you’ll need to file a complaint for every single landing page individually. So in my case, I have to file about 150 individual complaints for every stolen article. (Celebrating Boxing Day was so much fun for me)

My Google DMCA dashboard where I file each violation claim individually.

Whilst this is totally tedious, it is worthwhile doing if you’re worried about Google Panda. It’s the thing I’m personally most concerned about! We all know Google hates duplicate content so my website is essentially fucked if the clone stays up, however if I keep reporting the clone website to Google hopefully they’ll become unlisted and receive a manual penalty.

This is perhaps me being very idealistic, but it’s the last fleeting bit of hope I have to take down this website.

Contact other search engines too
Whilst Google might be your main concern, it’s worthwhile reporting the clone website to other search engines such as Bing and Yahoo. It doesn’t matter if you don’t get lots of traffic from these engines, file the claims regardless.

Once a clone website becomes unlisted on various search engines, they instantly become less valuable to the scammer if their intention is to sell links/farm content.

Ddos the clone site

Ddosing is an illegal process where you flood a server with requests so that a 500 error occurs. This is totally illegal but I will fully admit that I have considered this… until I realised the price!

Let’s say that the person who owns the clone website is constantly updating it with dodgy links, more stolen content and affiliate advertisements. You’ve tried everything within the legal realm to get rid of the site, but it just isn’t working. You’re bound to consider some extreme methods. I wouldn’t blame you.

You can take down a website via Ddos, but it’s only temporary and you’re likely to get scammed if you pay for the service. I found a couple of subscription services offering a full month takedown for $900. There are also multiple free programs that you can download such as Ion Cannon and use with very basic knowledge – but you’d probably have to use a second-hand laptop to minimise the risk and even then you’re likely to be flagged for suspicious activity.

Let me be clear, I would not recommend this.

It’s a temporary fix. It’s expensive. It is illegal. The person who owns your clone website may have so many different fake websites to run that they might not even notice your efforts.

Can you hire a hacker?
As soon as I started talking about this on Reddit and Twitter I had a DM request from someone claiming to offer hacking services. I know nothing about hacking, but I like to believe I’m not completely naive. These people are often scammers praying on people in desperate need of help. This person also offered services such as ‘grade changing’ and ‘Facebook hacking’.

Whilst there are plenty of websites where you can hire an ‘ethical hacker’, these sites will (A) not take your request seriously as the practise of taking down a website is illegal and (B) will most likely be completely out of your budget.

What can you do to protect your content going forward?

Once your website has been cloned it’s easy to lose heart. The process of taking down a website can be time-consuming and full of setbacks. I’ve been digging around for a few ways we can protect our content from these absolute scumbags…

Tracking down the IP of the website clone using a free online service.

Block the IP

Whilst this won’t take the website down, it will potentially stop them coming back to scrape new content. This is extremely important. Site cloners are generally lazy – heck, that’s why they clone websites! Yes, they could use a VPN, but they’re more likely to give up and use another website instead when they can’t access your own site.

Keep checking for new backlinks

In a bid to get traffic to the clone website, the owners will start building links on social media, forums and third party websites. Make it hard for them! Use tools like Open Site Explorer and Linkody to find links pointing to the clone website, contact the site where the link is and explain that they are linking out to stolen content.

Ask for the link to be removed so that the clone website loses a valuable backlink. You might get lucky and the website owner might replace it with a link to your own content, but don’t push it. The aim is to remove the link to the clone site, building your own backlinks is simply a bonus.

By monitoring the backlinks you might be able to find more out about the person who owns the website too; whether the URL is for sale or whether they’re advertising paid links on third party websites.

Monitor their network

Note down the server details and IP. Pop them into google every now and again to keep an eye on the activity of linked sites. If theyโ€™re a spammer, phisher or content farm, they will probably own multiple websites. Bookmark these websites and make sure your content doesnโ€™t end up on those too.

Some emotional advice

Seeing three years of my work stolen so easily was crushing and I want you to know that I empathise with your situation if you’ve found this post whilst looking for a solution to your own cloned website.

I was sat at work, finishing my to-do list before the employee Christmas party when I found the site. That morning I’d been so exited to finish work and get home to my boyfriend, to gorge myself on all the cheese and crackers I’d purchased for the holidays. When I found the clone website, it was as if someone had stolen all my cheese and Christmas just didn’t exist anymore.

I spent the festive season filing DMCA notices and annoyed the heck out of NameCheap’s social media team, for which I feel extremely guilty for because they turned out to be a great bunch.

Here’s a few things I learnt from this situation.

Do what you can, then put your laptop away
There isn’t likely to be an overnight solution, but working towards an end will at least make you feel like you’re making progress. However, once you’ve filed the DMCA notices you’ll need to step away and stop digging. You’re only going to annoy yourself if you keep searching for answers – they all lead to dead ends.

I kept searching and trying to build wild theories about why someone would do this, but really it didn’t matter. Boxing day was ruled by my Google DMCA dashboard and the magic of Christmas was spoiled by my desire to refresh every half an hour.

Keep writing
The second person I told about the clone website was my boss. He always has excellent words of wisdom. Unfortunately he’s suffered creative theft before after having a full film script stolen, but that hasn’t stopped him from sharing his creativity. He said “They might have stolen your old articles but they can’t steal your next one, the one you haven’t written yet. They can’t be you.

Moan to people who actually understand
If you choose to vent about this issue to people who don’t really understand how the internet works, you’re only going to get more frustrated. Your friends and family will likely make suggestions that simply aren’t useful. It’s not their fault, they probably don’t know what else to say that will cheer you up. Spare them and seek advice from people who’ve been through the same thing online.

Don’t point the finger
When I looked for answers in Facebook groups and on Reddit, people told me I was going to have a hard time because they’d had similar issues with NameCheap websites before. It got me all riled up and I went in all guns blazing.

It’s much easier for you if you can put your ego aside and just deal with the situation as professionally as possible. The hosting company and registra will do all they can legally, but sometimes it just isn’t enough. That doesn’t mean it’s their fault.

What’s next for Philocalist.co.uk?

Well I’m going to use this as an opportunity to take time off blogging over Christmas. It’s simply a waiting game to see if the owner of the clone site responds to the DMCA notice. I happen to think they won’t respond, after all they haven’t touched the website since July from what I can see.

However, I can’t actually see all that much.

They’ve used a Who Is guard, so NameCheap will be acting as the middle men and passing on my messages. I can’t dig up too much on the people who own the site. Who Is records say the owner is from Panama, the IP says America.

They’ve also used fake numbers and fake fax details to set up the URL. Weirdly, it’s the same fake details used in the Bitpetite bitcoin scam. Whilst I’m not suggesting it’s the same people, you can’t help but wonder why.

The fact that this person is using CPanel and NS1 makes me this they probably do this to a lot of bloggers and are probably professional content thieves. I’m now leaning towards the theory that this is part of some sort of SEO link farm.

I’m going to do what I can and hope for the best, because that’s literally all I can do.

Update: 29/12/2017
The site has now been down for over 48hrs. I think they got the message, but in case my DMCA didn’t spook them enough perhaps the fact I was tweeting about tracking them down personally gave them the creeps.

I’ve no doubt they’ll simply transfer the stolen data to another website, but for now this is a win. I still have no idea what their intentions were.

29 Comments

  1. December 31, 2017 / 9:12 am

    I’m so sorry this has happened to you Jess. Thanks for sharing what you did in – it’s such a difficult thing to find advice on. I’m hoping this website stays down.

  2. JESSICA BROWNE
    December 31, 2017 / 9:56 am

    Omg Jess! this is crazy! so sorry to hear this babe!

    <3

  3. December 31, 2017 / 4:42 pm

    Glad to know my DMCA template was helpful for you!

    • Jess - Actual Philocalist
      Author
      January 1, 2018 / 1:12 pm

      It really was, Sarah! You saved my Christmas!

  4. January 1, 2018 / 5:48 pm

    What the hell?? I’m so sorry you had to go through something like this and reading this phrase “When I found the clone website, it was as if someone had stolen all my cheese and Christmas just didnโ€™t exist anymore.” made me sad. Hopefully the clone website will stay down forever! Happy New Year Jess ๐Ÿ™‚

  5. January 3, 2018 / 12:30 pm

    what seriously?? cant believe this has even happened! so sorry to hear ๐Ÿ™ hopefully you can do something aobut it.

  6. January 3, 2018 / 9:33 pm

    Oh my god I am so sorry to hear that someone cloned your entire site that must have been so scary but thank goodness you found out through Copyscape. Fingers crossed that you are able to get them to take down their clone site. What a horrible situation to be in!

  7. January 3, 2018 / 9:57 pm

    Ugh this absolutely sucks, I’m so sorry to hear that somebody ripped off your work. I’m glad they took it down and I hope this doesn’t happen again for you!

  8. January 3, 2018 / 10:52 pm

    Wow, I can’t believe that someone would do something like that. Thank you so much for sharing your experience & what to do incase it ever happens to any of us!

  9. January 4, 2018 / 10:02 am

    This is really sad to know, indeed I would have got emotional for all the hardwork which got copied by some fake people. But I’m happy that things are moving in right direction. Fingers crossed for you!

  10. January 4, 2018 / 10:17 am

    omg! this is awful! the internet is sooo the wild wild west.
    i’m sorry, this seems like a huge hassle also!!

  11. January 4, 2018 / 12:01 pm

    “The fact that this person is using CPanel and NS1 makes me this they probably do this to a lot of bloggers and are probably professional content thieves.”
    cPanel is used by virtually every apache-based hosting company worldwide – it’s really not indicative of anything of the sort.

    “When I looked for answers in Facebook groups and on Reddit, people told me I was going to have a hard time because theyโ€™d had similar issues with NameCheap websites before.”
    This isn’t NameCheap’s fault – being an absolutely huge registrar – and again isn’t really indicative of anything. I’ve used NameCheap for years and I’ve never hosted stolen content – far more NC customers are law abiding web sorts than otherwise. ๐Ÿ™‚

    The quickest way to get stolen content removed from a site is to go straight to the host itself (not the registrar) – although in this case the site is hosted by NameCheap as well. Every host has a DMCA process with a specific set of requirements, NameCheap’s are listed here:
    https://www.namecheap.com/support/knowledgebase/article.aspx/9198/5/dmca-takedown-request-requirements

    with more info on how to file the complaint here (point 3)
    https://www.namecheap.com/support/knowledgebase/article.aspx/9196/5/how-and-where-can-i-file-abuse-complaints

    In my experience, *most* hosts are VERY quick to remove stolen content but you have to make sure it ends up with the right person.

    You needn’t stress too much about Google. For starters, the duplicate content thing is over-stated. Secondly, having both published the content first and also a higher “authority” site, if anyone is likely to be penalised or “punished”, it’s them.

    I know it’s hard, but try not to stress too much about it. It happens, it sucks, but even where hosts are slow to remove content these types of quick churn sites very rarely last long enough to cause any damage.

    • Jess - Actual Philocalist
      Author
      January 4, 2018 / 12:32 pm

      Hi Jem,

      Thanks for taking the time to share such a detailed comment, I really appreciate it :). I would just like to clarify what I’m thinking with the CPanel comment. Let’s say this is an affiliate farm or SEO link building farm. The fact that they’re investing in their network with paid services makes me think that whoever has done this a) obviously hasn’t done this for any malice personal reasons and b) probably has a lot of clone sites on the go .

      Yep, this absolutely wasn’t NameCheaps fault at all. They were great and I can’t thank them enough. I can’t speak for them as a hosting service but it’s nice to hear they’re good to customers too.

      However, the host wasn’t Namecheap. As mentioned, NameCheap didn’t have access and couldn’t take it down. After I sent my DMCA I was even reminded that they could only act as a middle man “we would like to inform you that Namecheap is currently providing only registration services for the domain name in question.” You are 100% right in saying that going to the host is best, but I personally didn’t have that option so I had to go another way – the scrapers had created a mask loop. I might go back and edit this so that it’s clear.

      Thanks so much for the encouragement :). My fear stems from the fact that people have been outranked by SEO/click farms before and I’ve also had to perform recovery work on a website that’s suffered from duplicate content issues before after a similar issue when I used to work on the agency side of things. Hopefully another website doesn’t pop up again!

      • January 4, 2018 / 12:45 pm

        The person who did this won’t have paid for cPanel, the host will have. Yes, there are probably multiple sites on the go, but I also have hundreds of websites and every single one has cPanel ๐Ÿ™‚

        I did a trace route on the cloned site, which gave me a NameCheap hosted IP address – although looking again it looks like it’s being re-sold via these guys: https://staticdatahosting.com/ So that’s where your DMCA should go ๐Ÿ™‚

        • Jess - Actual Philocalist
          Author
          January 4, 2018 / 1:23 pm

          Yeah that’s the weird thing, I did the same and NameCheap contested unfortunately. So I was in a bit of a pickle, thankfully it’s gone for now but you know what these scrapers are like it’s probably just been migrated. I guess for now we’ll just have to see, but I’m feeling hopeful :).

          I’d definitely still suggest people to contact Cpanel IF it’s their absolute last resort though – only because they also offered to help me track down the info I needed and act as a middle man, in the same way NC did. Sam from TestingTime was super helpful when I was looking for answers but she literally battled with NC for about a year to get assistance, so I’m really lucky that they stepped in when they did.

          Thanks for checking in though I really appreciate your input. Is there anything else you’d suggest for people in this situation? I’ve been chatting to people who’ve just been outright ignored when sending their DMCA. My pal Emma has literally given up on battling her clone site after a year.

          • January 4, 2018 / 1:55 pm

            Sounds like NC were just avoiding dealing with the issue – tch tch ๐Ÿ™

            The only thing I can add to your already detailed blog post (although I would warn heavily against engaging in DOSing however desperate you feel) is to do a reverse look-up on the server and look for other potentially dodgy websites hosted at the same IP just for more “ammo” to throw at the host.

            Always Google every single piece of info you can scrape together. Because it’s been taken down, I can’t see the dupe to get a good look, but e.g. the dupe site has staywayup.com listed as a private nameserver. That means that it’s highly likely that whoever ripped off your content also owns or is working for the person who owns staywayup.com. Looking at staywayup, I can see the author of posts is listed as aphan29; if I google that I find entertainmentheadline.com, readyupdatedot.com & buzznewsdaily.org etc – all identical sites all with stolen content, indicative of content farming as you mentioned, all hosted on the same server.

            aphan29 has multiple social media profiles which names him as Albert Phan – obviously usernames aren’t always unique but when they’re a combo of names and numbers it does usually increase the chances.

            aphan29 twitter account has Aphan29@gmail.com listed as an email address (way back) – google that and boom, it’s connected to several domains I mentioned and more. So now you have a contact address. And so the hunt continues… ๐Ÿ™‚

            When a host doesn’t respond within a reasonable time frame, engage in a targeted social media campaign naming and shaming the host in question. Publish details of when they were contacted, information on the case, any follow-ups etc and then call on them to reply. Get as many friends and family to share it as possible. Get other bloggers to link to that post to drive it up the SERPs.

            Negative publicity is a shitty way of dealing with it, but it hits them where it hurts.

          • Jess - Actual Philocalist
            Author
            January 4, 2018 / 2:54 pm

            Yep, those are the other rip off blogs I found. I contacted a few people who’ve had their content ripped off on them too. When you google the content on them it’s stolen from multiple bloggers all over the place. I couldn’t find straight up clones though which was the only thing that threw me off a little.

            I didn’t go far enough when looking for the name, do you think it’s safe to assume it’s the same person? Then again, if someone was desperate for answers and not getting anywhere with the hosting company this could be a great way of tracking down who was responsible. I didn’t even think to consider author profile, what an oversight.

            Imagine their shock receiving a DMCA right to their personal email – I’m definitely keeping that safe in case they ever pop up again. I’m honestly laughing just thinking about it, I think you’ve made my day. I guess it would be a long shot that they’d check but just imagine their shock. I am creasing!

            And yes couldn’t agree more with Ddosing – it simply isn’t worth the risk. At the best you might end up downloading a virus and at worse you’ll end up breaking the law.

            Again thanks a million for all your advice!

          • January 4, 2018 / 5:27 pm

            It’s impossible to say whether or not it’s 100% definitely the same person, but I’d be willing to put money on it! (I have done this sort of tracking a million times and never been wrong before ๐Ÿ˜‰ )

  12. January 4, 2018 / 5:46 pm

    OMG, this is a very detailed description of something that none of us would like to go through but a “must keep and save” list. I know you have been to a lot with this unpleasant experience but I think and hope for you that gaining all that knowledge will actually help you grow and help others who can learn from your experience.

  13. January 4, 2018 / 7:06 pm

    Now that’s really scary … While science is yet to find the perfect solution to create clone for human but clone of website is a big risk … I ran an e-ommerce business and accept online payment .. Wondering what if someone has the clone website and it just collect money from people and actually don’t ship anything .. Got lot of food for thought to think on how to prevent the same .

  14. January 4, 2018 / 9:21 pm

    It’s terrible! It’s so hard to imagine what would I do if something like this happened to me… maybe I would be crazy! By the way It’s useful to know that there are ways to avoid to lose it all

  15. January 4, 2018 / 10:57 pm

    I’m so sorry that this happened to you! Thank you for being willing to share your experience with us though, it well help us to know how to address it if we are ever faced with the same problem.

  16. January 5, 2018 / 5:04 am

    I’m literally stunned by what has happened to you, and so very sorry. I’ve heard of people copying content before, but never an entire website! Also, what a nightmare of a process to try to have it taken down. I wonder, are there companies out there that you can hire to take care of it for you? Someone who has been there/done that and knows all of the paperwork, etc that you would need to file? x

  17. January 6, 2018 / 3:13 am

    Oh my goodness this would be devastating. I’m so sorry that you’re even having to go through this. Most of this info I didn’t even know so honestly thank you for sharing it. I’m saving and passing it on! I hope you can get this resolves quickly!

  18. January 6, 2018 / 11:34 am

    This sucks! I mean Iโ€™ve heard about copying an post without credit or photo theft but this is a whole new level of bad carmaker. I am happy the site is down!

  19. January 8, 2018 / 9:00 am

    OMG this is horrible! I hope everything’s going OK with you/ website now. Thank you so much for sharing the info!

  20. Rara
    January 11, 2018 / 10:04 am

    This saddens me. I hope there is a way to make it fair and at least pay you for the stolen content.

  21. May 1, 2018 / 9:48 am

    This is happening to me at the moment and I’m honestly so confused as to what to do! I’ve been in contact with everyone including the police and no one seems to be bothered about helping me at all. So unfair ๐Ÿ™ xx

    • Jess - Actual Philocalist
      Author
      May 1, 2018 / 10:01 am

      Lauren I’m so gutted for you. I’ll ping you an email now and help all I can.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.