What are these? My sites but not my domains

[porn-update]

What are these? My sites but not my domains

In my webmaster tools in "link to your site" I found these:
http://www.emwnsweden.cf
http://tjuvlyssnabt.gq
http://cm-forldonsteknik.tk
http://globenshkopping.tk
(Just a few examples, but there are others too)

You see my sites with some text added or changed, but those are not my domains...

What are they? What do they mean?

[Barry-xlovecam]

your site has been cloned and your cpu spikes are the pirates requesting your cached content?

view-source:Girl sex in car

in the encrypted JavaScript at the bottom?

[magneto664]

I try fight with it few years ago, good luck in google spam report, do it from your own connected to webmaster tools account and some random google accounts with you can get access, you have 50/50 chance to report it and get those domain banned. But do not worry, they will be new.

[porn-update]

Thank you
I try to report an abuse to CloudFlare and the hosting company, let's see if they want to give me a hand.

Quote:

Originally Posted by Barry-xlovecam

your cpu spikes are the pirates requesting your cached content?

I opened the site just to ask you if things could be connected

How can I understand that? Can I lock them something? Maybe via UFW?

The codes in the bottom are my codes clickadu and popads, for this initially I did not understand what I was these sites, I do not understand the sense of cloning my site leaving my advertising codes and links to my sites, these idiots have only added some text and Modified a couple of links per page.

They are poor morons, I do a few visits, I do not imagine how many can do them, all this serves only to annoy and create mess in search engines, but I do not understand why someone should want to annoy am me, I am no one in this world, if Just you have to clone a website clones xhamster or XVideo.

Stupid jerks

[Barry-xlovecam]

You would have to sort it out from you access.log files -- good luck there.
But what IP? They may be using any IP.

You could deny access to the cloudflare ips if you do not need to use them or connect with them somehow.

Read this thread: https://gfy.com/fucking-around-and-pr...via-proxy.html

[porn-update]

Ha Ha Ha... I can block cloudflare... I do not use it, I do not need, when I tried to use it, he slowed my sites...

I used it to do some sort of CDN for the images, but at this point better the weight of the images that the resources stolen by these jerks.

I have blocked CloudFlare via IPs, but I do not have very clear one thing...
Now the clone completely dies??

[thommy]

Quote:

Originally Posted by porn-update

Ha Ha Ha... I can block cloudflare... I do not use it, I do not need, when I tried to use it, he slowed my sites...

I used it to do some sort of CDN for the images, but at this point better the weight of the images that the resources stolen by these jerks.

I have blocked CloudFlare via IPs, but I do not have very clear one thing...
Now the clone completely dies??

no they do not die.

you have to go the way mentioned here and make a complaint to google.

sometimes it will take a while (2 or 3 weeks) sometimes you have to complain again but they will kick this sites.

[xxx6live]

Quote:

Originally Posted by porn-update

Ha Ha Ha... I can block cloudflare... I do not use it, I do not need, when I tried to use it, he slowed my sites...

I used it to do some sort of CDN for the images, but at this point better the weight of the images that the resources stolen by these jerks.

I have blocked CloudFlare via IPs, but I do not have very clear one thing...
Now the clone completely dies??

Yeah what happens when you try to open the clones now? I get an 502 error from cloudflare, maybe you fixed it.

[Barry-xlovecam]

go to their office or house with a baseball bat wrapped in barbed wire. j/k welcome to the internet ...

[porn-update]

Maybe something has already changed...


I also made request for DMCA removal for copyright infringement

Let's see what happens...

Quote:

go to their office or house with a baseball bat wrapped in barbed wire

You don't know how glad I would...

[plsureking]

i just caught a bunch of these on our network. multiple domains.

blocking the IPs seems to stop them quick.

i haven't found where they are posting the proxy sites tho. anyone seen listings?

#porncms

[celandina]

Never heard about this kind of theivery..just noting this for updates.

[bns666]

fuck it....

[porn-update]

It really annoys me...

For a couple of days now I just think about how to slaughter these motherfuckers...

The clones seem to be about a couple of months ago, but maybe they will return to update the contents, or maybe copy to me some other site...

I trawled all the code looking for a link that pointed to my JavaScript or my file on my sites to be able to change it to break his balls, but "something" changed all the links of the site copied with their, but not the other links...



So now I'm thinking of adding to all my sites a file on an external domain that verifies the address of the site and if it does not match my, redirect somewhere, maybe where it hurts...

A site of some police or maybe the twitter account of a susceptible president
(maybe he will pissed and launches an atomic bomb on the server of these motherfuckers)

From what I understand preventing cloning is really difficult, if not nearly impossible, without putting the site offline or disturbing the search engines or server resources.

Those cloned are now cloned, but I would try to prevent it in the future somehow, perhaps trying to save the situation after the site has been cloned.

But maybe there is already a better way than what I'm thinking?

Any technique note that I do not know?

[plsureking]

Quote:

Originally Posted by porn-update

It really annoys me...

For a couple of days now I just think about how to slaughter these motherfuckers...

hey man are you sure they are pulling data and content from your site/server? or is it a complete rip hosted elsewhere?

what cms/software are you running? there might be an exploit?

#porncms

[thommy]

Quote:

Originally Posted by porn-update

It really annoys me...

For a couple of days now I just think about how to slaughter these motherfuckers...

The clones seem to be about a couple of months ago, but maybe they will return to update the contents, or maybe copy to me some other site...

I trawled all the code looking for a link that pointed to my JavaScript or my file on my sites to be able to change it to break his balls, but "something" changed all the links of the site copied with their, but not the other links...



So now I'm thinking of adding to all my sites a file on an external domain that verifies the address of the site and if it does not match my, redirect somewhere, maybe where it hurts...

A site of some police or maybe the twitter account of a susceptible president
(maybe he will pissed and launches an atomic bomb on the server of these motherfuckers)

From what I understand preventing cloning is really difficult, if not nearly impossible, without putting the site offline or disturbing the search engines or server resources.

Those cloned are now cloned, but I would try to prevent it in the future somehow, perhaps trying to save the situation after the site has been cloned.

But maybe there is already a better way than what I'm thinking?

Any technique note that I do not know?

these scripts are already around since 6 or 7 years - wonder why nobody here have experience with it.

the way they are working is very different.

1. way is to deliver your content in realtime from your server.
the folders on the server of the fraudster looks like local but they are
in fact just a mirror what are linking your content with mod rewrite rules
2. way is to pull all your content 1 or 2 times per day.

the first way is quite easy to detect because it is mostly a fixed IP what is grabbing it from your server. as they are using in most cases cludflair it does not help to block this IP because cloudflair have many of them and as soon one can´t connect they will use another one.

there are different ways to go against that but it must be done from a good coder and someone who knows to handle server settings.

the most important to find out is how this script is connecting to your site - i.e. with always the same IP or a dedectable header or even a dedectable sequence.

as son as you have that you can write a mod redeirect rule to your own server and deliver something complete different to him.

if the stealer is loading your content to his server it is nice to send him some few terrabite big files - in most cases his server is already crashed before he got all.

you can also send him the content of malware sites or even CP.
the last case is the hardest but you can be sure that you do not have to take any action against this clown anymore - the police will do it.

in some cases you can even send redirect javascripts or a coinminer what would be only on the copy and not at the original site.

the MOST effective way would be to find out with who they make money and publish them when they don´t take action on a complaint.

unfortunately their are some ad- and affiliate networks around who do not care the methods to get traffic. if they would not do that it would not make sense to copy sites.

[celandina]

FYI my web site and the content are on different servers and it is VOD only.... will that make a difference to these thieves ??

[thommy]

Quote:

Originally Posted by celandina

FYI my web site and the content are on different servers and it is VOD only.... will that make a difference to these thieves ??

all what a user can see (without making a payment or a log in) they can steel.

[porn-update]

Tools like File2ban can help in these cases?

[porn-update]

So in the meantime I created the JavaScript script that checks if the site is on my domain and otherwise redirect to Google (for now). The script is on a different domain, so it should not be overwritten.

I am testing it on this site Alternative Girls Hard Pics | Alternative girls, Emo girls, Punk
Can someone do some tests and check if everything works or if maybe redirect you away from the site?

Thanks in advance

One last thing, for now redirect on Google, but where can I send redirects to be as bad as possible without creating problems for me?

[plsureking]

i had a js load script open so i made a quick load checker. it just checks if its possible to load a url into a div using 'load'. i get cross-origin notices for most domains. you can switch to https to test one of those.

porn-update js load check

(i tested with Yukis Vault - PornCMS Bonus Site Updates)

if you think they're using iframes, that's pretty easy to check.

Free iframe checker | TinyWebGallery Blog

if its something else, post what you need and someone can offer a possible solution.

#porncms

[porn-update]

Quote:

Originally Posted by plsureking

i made a quick load checker

Sorry, maybe I did not understand something... I have tested some URLs, but I always see a white page... I do not understand something?


This is the script I created:

Code:

var mysites = 'site1.com,site2.com,site3.com';
sitehost = window.location.hostname;
sitehost = sitehost.replace('www.', '');
if(mysites.indexOf(sitehost) <= 0){
    window.location = 'http://google.com';
}

[plsureking]

Quote:

Originally Posted by porn-update

Sorry, maybe I did not understand something... I have tested some URLs, but I always see a white page... I do not understand something?


This is the script I created:

Code:

var mysites = 'site1.com,site2.com,site3.com';
sitehost = window.location.hostname;
sitehost = sitehost.replace('www.', '');
if(mysites.indexOf(sitehost) <= 0){
    window.location = 'http://google.com';
}

yea it seems like they're not using js to load your pages. that js load thing i built will only allow page parts, not headers etc. i could pull in rss feeds no problem. content tables too.

i think maybe they are doing a full iframe type of action or completely ripping the site and hosting elsewhere?

how else can you pull a page into another page?

*edit - file_get_contents maybe?

#porncms

[wankawonk]

My sites get cloned all the time. What I do is leave them alone until they start getting google traffic (most never do).

Then I check what IP address they're scraping me with, and block that IP.

I like to think that somewhere in russia some pasty-ass greasy skeevy motherfucker is getting all excited about his clone that isn't getting blocked and is starting to make money, only to have his success snatched from him the moment it starts to mean something.

Very satisfying.

[porn-update]

HA HA HA HA

Quote:

In accordance with the Digital Millennium Copyright Act, we have finished examining your breach notification. The following URLs will be removed from Google search results within a few hours:

Free online farm porn
Money talk sex videos
Top teen girl websites

A couple are dead blocking CloudFlare, others removed from DMCA.

Probably this bastard does not clone only my sites, if someone else had similar problems, this is the IP of the bastard I found in my server 93.105.187.11.

Blocking this IP everything is back normal, and now my server is happy.

I'm going to have some other clone, because I found him while copying other contents of my server, I wait a few days then check the incoming links in my sites.

Anyway, for how it started, this is a great result.

[porn-update]

This 109.254.192.23 is another IP that in recent days tries to continually enter my server and sends the load to 20-30-40 etc.

Maybe the same idiot trying with another IP

[CamsEtc]

Ukrainian in Donetsk area currently overrun by Russian tourist soldiers