My website has been cloned. Every single post from July 2017 dating back to the very beginning has been mirrored on another URL. The site looks exactly like mine; same images, same words, same logo, same layout, same face, same voice, different web address.
Someone has ripped out the source code and simply copy & pasted it somewhere else, stealing 3 years of my work. It’s a little more technical than that but I’m not giving them the credit.
How did I find out? Well, sometimes I’m too lazy to type my own URL in and search my blog for a specific post that I want to share on Twitter. Instead, I type some keywords into google that I know will bring the article up. A few days ago I used the niche combination of ‘Philocalist+emo’ to find a post I wrote a few months ago about the revival of my favourite subculture.
My article popped up right at the top of the search terms… but so did an identical article beneath. Had someone reblogged me without asking first?
I clicked on the listing to investigate and that’s when I started to panic. The website didn’t just share my article, they were using my logo too and the same theme I’d paid to use. I put my phone down utterly confused and typed the URL into my laptop to take a better look.
It was then that I realised I was dealing with a clone/scraper site. As I went through the website I realised they had taken absolutely everything; changing the internal links only to ensure they had a healthy backlink profile and that no links pointed back to the real Philocalist website. Everything was the same, even the comment section!
Weirdly enough, I’d heard of clone sites before. A friend of my boyfriend was targeted 5 times in one year, but he runs a great web design agency and since the thieves were trying to make their own website look like a top-notch UK agency to bring in clients, it made sense why he would be targeted.
Whereas in my case, there didn’t seem to be a clear motive.
Why has somebody cloned my website?
I’m going to share a few theories that apply to any cloned websites. I’m not 100% sure about the motive behind my own clone at the time of writing.
Luckily this hasn’t happened to me but throughout my research I found plenty of stories where people were asked to pay anywhere between £400 to $1000 for the removal of stolen content.
If this applies to your situation, don’t be tempted to pay. There’s no trust in a criminal deal. Who’s to say that once you pay the thieves will really take it down? Who’s to say they won’t try and get money off you again a few months later down the line using the same trick? It simply isn’t worth it.
SEO Link building farm
Another reason that people clone websites is to build up a quick library of rich content. Once the stolen content starts to rank on Google and the website builds it’s own DA, they can go back through the cloned content and build links to other third party websites within the stolen content.
Whilst this practise is extremely outdated, it doesn’t take long to find people providing paid link services on freelancing directories like PeoplePerHour and Fivver.
Affiliate click farm
If the clone website starts to rank higher than the original content, the clone website holder may use affiliate deep links throughout the content to earn a passive income. This is an easy way for scammers to make money through affiliate marketing without writing any of their own content.
Let’s say your website has been cloned and you’re an ecommerce website – It’s possible that the people behind the cloned website are merely trying to steal customer details. On this occasion, you can instantly report them for phishing. When customers are at risk it’s generally easier to take a website down.
It’s important that you report the website to Action Fraud, so that they can investigate the scammer. You can also report the website to individual browsers – Chrome, Firefox, & Internet Explorer (IE is as slightly more convoluted… because it’s Microsoft).
Unfortunately we shouldn’t overlook the fact that some of these websites can be created due to malicious intent towards the original owner. I received an inbox message from someone who has been battling for a year to take down a fake ‘in memoriam’ website that an ex-boyfriend created for them.
If someone wanted to piss a blogger off, a clone website would be a sure way to get them hyped up about duplicate content issues. Personally I don’t think I’ve annoyed anyone enough to do this, but I did ruffle a few feathers with my post about how people can’t trust beauty bloggers, so you never know!
Which one applies to Philocalist.co.uk?
I’m not too sure yet. The clone website is so new (3.5 month URL age) and has only been up since July. I regularly use CopyScape after having fellow bloggers rip off my work before, so I’m guessing I got really lucky finding the clone website via a super fresh Google listing that not even CopyScape had found. The clone hasn’t been updated since the initial set up either, so I’m not too sure it’s a content farm. Right now, I don’t have an answer.
How can you take down a clone website?
Contact the host to file a DMCA
This is the most effective (but still sometimes slow), legal way to take down the clone website.
First of all, you need to head to a free Who Is lookup service and see what you can dig up on the person who owns the website. You should be able to find their domain registra, contact email & server information. In my case, the site scraper is using a WHO IS guard service, so unfortunately I can’t find many details.
Work with what you’ve got and contact every reputable organisation you can find linked to the clone. Personally I even went as far as contacting CPanel, which is just a management system not a hosting company, to let them know what their customer was up to. They have no responsibility to act but they might be able to help you dig up extra data/act as a middle man and since their logo pops up alongside stolen content they’d probably rather know.
Sadly, we don't provide hosting, just the software that most webhosts use. If you would like help tracking down the webhost, I might be able to provide that! Send me a quick email with the details (your site and the domain of the scraper): firstname.lastname@example.org
— cPanel (@cPanel) December 26, 2017
Once you’ve found out the host or where they purchased the URL from, you need to visit the company website and become familiar with their copyright policies. Most will reference the DMCA method and legal team contact details on their policy page.
Writing your DMCA email
I used a basic DMCA template from SarahFHawkins.com to complete my notice after initially being declined for not including a statement under penalty of perjury. I wanted to get legal advice when writing the email, but it’s Christmas (at the time I’m writing this) so my mind is on other things. Besides, there are plenty of resources online to help you.
Here is the full email I sent:
File a Google DMCA notice
You can also file a separate Google DMCA notice, but these can be slow and ineffective. What makes this even more annoying is the fact that you’ll need to file a complaint for every single landing page individually. So in my case, I have to file about 150 individual complaints for every stolen article. (Celebrating Boxing Day was so much fun for me)
Whilst this is totally tedious, it is worthwhile doing if you’re worried about Google Panda. It’s the thing I’m personally most concerned about! We all know Google hates duplicate content so my website is essentially fucked if the clone stays up, however if I keep reporting the clone website to Google hopefully they’ll become unlisted and receive a manual penalty.
This is perhaps me being very idealistic, but it’s the last fleeting bit of hope I have to take down this website.
Contact other search engines too
Whilst Google might be your main concern, it’s worthwhile reporting the clone website to other search engines such as Bing and Yahoo. It doesn’t matter if you don’t get lots of traffic from these engines, file the claims regardless.
Once a clone website becomes unlisted on various search engines, they instantly become less valuable to the scammer if their intention is to sell links/farm content.
Ddos the clone site
Ddosing is an illegal process where you flood a server with requests so that a 500 error occurs. This is totally illegal but I will fully admit that I have considered this… until I realised the price!
Let’s say that the person who owns the clone website is constantly updating it with dodgy links, more stolen content and affiliate advertisements. You’ve tried everything within the legal realm to get rid of the site, but it just isn’t working. You’re bound to consider some extreme methods. I wouldn’t blame you.
You can take down a website via Ddos, but it’s only temporary and you’re likely to get scammed if you pay for the service. I found a couple of subscription services offering a full month takedown for $900. There are also multiple free programs that you can download such as Ion Cannon and use with very basic knowledge – but you’d probably have to use a second-hand laptop to minimise the risk and even then you’re likely to be flagged for suspicious activity.
Let me be clear, I would not recommend this.
It’s a temporary fix. It’s expensive. It is illegal. The person who owns your clone website may have so many different fake websites to run that they might not even notice your efforts.
Can you hire a hacker?
As soon as I started talking about this on Reddit and Twitter I had a DM request from someone claiming to offer hacking services. I know nothing about hacking, but I like to believe I’m not completely naive. These people are often scammers praying on people in desperate need of help. This person also offered services such as ‘grade changing’ and ‘Facebook hacking’.
Whilst there are plenty of websites where you can hire an ‘ethical hacker’, these sites will (A) not take your request seriously as the practise of taking down a website is illegal and (B) will most likely be completely out of your budget.
What can you do to protect your content going forward?
Once your website has been cloned it’s easy to lose heart. The process of taking down a website can be time-consuming and full of setbacks. I’ve been digging around for a few ways we can protect our content from these absolute scumbags…
Block the IP
Whilst this won’t take the website down, it will potentially stop them coming back to scrape new content. This is extremely important. Site cloners are generally lazy – heck, that’s why they clone websites! Yes, they could use a VPN, but they’re more likely to give up and use another website instead when they can’t access your own site.
Keep checking for new backlinks
In a bid to get traffic to the clone website, the owners will start building links on social media, forums and third party websites. Make it hard for them! Use tools like Open Site Explorer and Linkody to find links pointing to the clone website, contact the site where the link is and explain that they are linking out to stolen content.
Ask for the link to be removed so that the clone website loses a valuable backlink. You might get lucky and the website owner might replace it with a link to your own content, but don’t push it. The aim is to remove the link to the clone site, building your own backlinks is simply a bonus.
By monitoring the backlinks you might be able to find more out about the person who owns the website too; whether the URL is for sale or whether they’re advertising paid links on third party websites.
Monitor their network
Note down the server details and IP. Pop them into google every now and again to keep an eye on the activity of linked sites. If they’re a spammer, phisher or content farm, they will probably own multiple websites. Bookmark these websites and make sure your content doesn’t end up on those too.
Some emotional advice
Seeing three years of my work stolen so easily was crushing and I want you to know that I empathise with your situation if you’ve found this post whilst looking for a solution to your own cloned website.
I was sat at work, finishing my to-do list before the employee Christmas party when I found the site. That morning I’d been so exited to finish work and get home to my boyfriend, to gorge myself on all the cheese and crackers I’d purchased for the holidays. When I found the clone website, it was as if someone had stolen all my cheese and Christmas just didn’t exist anymore.
I spent the festive season filing DMCA notices and annoyed the heck out of NameCheap’s social media team, for which I feel extremely guilty for because they turned out to be a great bunch.
Here’s a few things I learnt from this situation.
Do what you can, then put your laptop away
There isn’t likely to be an overnight solution, but working towards an end will at least make you feel like you’re making progress. However, once you’ve filed the DMCA notices you’ll need to step away and stop digging. You’re only going to annoy yourself if you keep searching for answers – they all lead to dead ends.
I kept searching and trying to build wild theories about why someone would do this, but really it didn’t matter. Boxing day was ruled by my Google DMCA dashboard and the magic of Christmas was spoiled by my desire to refresh every half an hour.
The second person I told about the clone website was my boss. He always has excellent words of wisdom. Unfortunately he’s suffered creative theft before after having a full film script stolen, but that hasn’t stopped him from sharing his creativity. He said “They might have stolen your old articles but they can’t steal your next one, the one you haven’t written yet. They can’t be you.”
Moan to people who actually understand
If you choose to vent about this issue to people who don’t really understand how the internet works, you’re only going to get more frustrated. Your friends and family will likely make suggestions that simply aren’t useful. It’s not their fault, they probably don’t know what else to say that will cheer you up. Spare them and seek advice from people who’ve been through the same thing online.
Don’t point the finger
When I looked for answers in Facebook groups and on Reddit, people told me I was going to have a hard time because they’d had similar issues with NameCheap websites before. It got me all riled up and I went in all guns blazing.
It’s much easier for you if you can put your ego aside and just deal with the situation as professionally as possible. The hosting company and registra will do all they can legally, but sometimes it just isn’t enough. That doesn’t mean it’s their fault.
What’s next for Philocalist.co.uk?
Well I’m going to use this as an opportunity to take time off blogging over Christmas. It’s simply a waiting game to see if the owner of the clone site responds to the DMCA notice. I happen to think they won’t respond, after all they haven’t touched the website since July from what I can see.
However, I can’t actually see all that much.
They’ve used a Who Is guard, so NameCheap will be acting as the middle men and passing on my messages. I can’t dig up too much on the people who own the site. Who Is records say the owner is from Panama, the IP says America.
They’ve also used fake numbers and fake fax details to set up the URL. Weirdly, it’s the same fake details used in the Bitpetite bitcoin scam. Whilst I’m not suggesting it’s the same people, you can’t help but wonder why.
The fact that this person is using CPanel and NS1 makes me this they probably do this to a lot of bloggers and are probably professional content thieves. I’m now leaning towards the theory that this is part of some sort of SEO link farm.
I’m going to do what I can and hope for the best, because that’s literally all I can do.
The site has now been down for over 48hrs. I think they got the message, but in case my DMCA didn’t spook them enough perhaps the fact I was tweeting about tracking them down personally gave them the creeps.
I’ve no doubt they’ll simply transfer the stolen data to another website, but for now this is a win. I still have no idea what their intentions were.