Basically what the title says. I’d rather not share any links because I don’t need the word “scam” showing up next to my website but yeah they duplicated our site, gave everything a too-good-to-be-true discount, and now they’re stealing credit card numbers and all that jazz.
This is the first time I’ve been on this side of things and I’m not sure how to handle it.
This isn’t a web dev problem. Issue a PSA to your customers on your legitimate site, and social media. Look up how to issue a DMCA Takedown to their hosting provider.
Hopefully, they give up once they see you’re actually making an effort.
@Eli
This. If you have a mailing list, I’d also consult a lawyer and draft an email to everyone on that list warning them of the situation and stating (in no specific terms) that you’re trying to do something about it. Document everything.
This is a common acronym in the US.
I’m so sorry they all downvoted you for not being North American.
Step 1. Report it where you can:
Step 2. If you believe you are suffering losses from a legal standpoint, consult with a legal firm / look into DMCA.
Look up and contact the site’s:
That’s the fastest and most effective way to deal with this. I’ve found that unless you’re a big company, the legal channels (like DCMA) aren’t very fast.
Justice said:
@Noah
got the registrar already, not sure about the dns provider or host
Check the whois. It will give you the nameservers, which are the DNS providers.
You can get the host by finding the IP of the website, and then do an IP whois on that.
Justice said:
@Noah
got the registrar already, not sure about the dns provider or host
Check the network tab as the website loads.
@Noah
I’ve found Cloudflare to be amazing for this. They have an abuse form that you can fill out if there’s a site they’re proxying which is phishing, hosting CSAM, etc.
The site will have a warning shown to visitors within minutes of being reported, and will be blocked by Cloudflare in less than an hour if the report is legitimate.
@Noah
With sympathy for OP’s plight, I really hope no host, DNS provider or registrar is taking down a domain or site based on some other random person’s story with no legal backing…
Zion said:
@Noah
With sympathy for OP’s plight, I really hope no host, DNS provider or registrar is taking down a domain or site based on some other random person’s story with no legal backing…
They do, but it’s fairly easy to determine if a site is a scam or not. This isn’t just a copyright claim.
On top of the advice from others, you could look into how they might have cloned it. Are they pulling from some API? Any API keys? Crawlers?
If they’re making requests to your site in any way, blocking those requests might break their clone.
Other than that, to repeat what else has been said and add to it, you could report the site as fraud to Google’s safe browsing. You could contact the registrar and ask them to shut the domain down. If there is anything trademarked you could take that route as you’d have a difficult time via copyright. Look up and report the fraud to any credit card gateway/service and get that shut down. If the payment doesn’t submit and they just steal CC details, inform any payment processor they’re trying to imitate as they’d want to put pressure to help take down the fraudulent site as well.
Quade said:
@Jael
Although CORS can be an issue, a headless browser can be used as somewhat of a parser.
You could still check the UA string, IP address, maybe referrer. Find anything suspicious in logs and consider blocking such requests. For such things, I kind of prefer responding with HTTP 418 codes.
Sooooo… By “this is the first time I’ve been on this side of things”… do you mean that usually you are the one duplicating someone’s site and scamming?
Tait said:
Sooooo… By “this is the first time I’ve been on this side of things”… do you mean that usually you are the one duplicating someone’s site and scamming?
lol no
I just got scammed by a fake site buying the Great Deku Tree Lego set like a month ago.
Did they register a domain name similar to yours? Humans can be easily fooled.
Consider registering other similar domain names (common misspellings, typo variants, other TLDs, etc.) to thwart future scammers. It’s pretty cheap insurance.
This does nothing to stop the current scammers, of course, but you don’t want to fall victim again if you can help it.