The curious case of the cloning of my website
I don’t check my analytics terribly often, but I did this week, and there was something strange in there: referrals from a domain I didn’t recognise that was using my website’s favicon. Curious, I went to the URL and saw something familiar—my design.
At least, it was my website design from the beginning of July before I made a few changes to improve the SEO and UX. The content was there, the images were copied, and the code was identical.
Whoever had cloned my website had used software to crawl it—even down to some of the deepest-level pages in my blog—and convert my CMS-driven pages to static .html files. At first, I thought this might be someone’s attempt to phish my customers or trick them into contacting a third party. However, even the links to my Calendly booking service and SendOwl commerce platform were intact, so this didn’t seem like an attempt to hijack my sales.
The clone of my website had to go.
Still, I wasn’t happy about the possibility of someone posing as me. I was even less enamoured with the situation when I realised that Google had indexed the cloned website.
I thought maybe the cloners did this because they wanted to learn from my code. That might be plausible, but why post the files to a live server? They possibly wanted to use my layouts as a basis for their design. It wouldn’t be the first time that had happened. Maybe there was an innocent explanation, but I wasn’t in the mood for being magnanimous. The clone of my website had to go.
The WhoIs records didn’t tell me who registered the clone’s domain as they’d been redacted, but another search told me the clone used Cloudflare. I fired off a DCMA cease and desist and waited to hear. To their credit, only a few hours later, I received an email from Cloudflare Trust & Safety letting me know the clone’s hosting provider, including their email address, for reporting abuse, so I sent them a DCMA cease and desist too.
Cloudflare offers network service solutions including pass-through security services, a content distribution network (CDN) and registrar services. Due to the pass-through nature of our services, our IP addresses appear in WHOIS and DNS records for websites using Cloudflare. Cloudflare cannot remove material from the Internet that is hosted by others.
Hosting Provider: Scalaxy B.V.
Abuse Contact: [email protected]
We have notified our customer of your report. We have forwarded your report on to the responsible hosting provider. You may also direct your report to:
–The provider where [redacted] is hosted (provided above);
Cloudflare Trust & Safety
–The owner listed in the WHOIS record for [redacted] and/or;
–The contact listed on the [redacted] site.
Meanwhile, I found a company or individual with the same name in Ohio. Their Facebook page offers “High quality, yet cheap web design, advertising, and social media services”, so I guessed I was on the right track.
The page had a phone number, and I called it hoping to speak with someone. I got redirected to voicemail, so I left my number and a terse message. I emailed the Gmail address listed on Facebook too:
You have cloned all branding, logo, images, code, and written copy from my website at stuffandnonsense.co.uk to your website at [redacted].top. You have 24 hours to permanently remove my copyrighted material from your website, or you will face immediate and punitive legal action.
I do not mess about.
Andy Clarke
Back on their Facebook page, I reposted my DCMA cease and desist letter and hoped that might prompt them into action.
24 hours later, I haven’t heard again from Cloudflare or the cloner’s hosting provider, but today, I checked their domain, and the copy of my website is gone. I’m glad it’s been deleted, but I’m still curious what the cloner was thinking when they set about copying me so deliberately.