Forgot your password?
typodupeerror
Crime Security

How Do I Fight Russian Site Cloners? 208

Posted by kdawson
from the cloned-and-pwned dept.
An anonymous reader writes "I used to run a small web design service, the domain for which I allowed to expire after years of non-use. A few weeks ago, I noticed that my old site was back online at the old domain. The site-cloners are now using my old email addresses to gain access to old third-party web services accounts (invoicing tools, etc.) and are fraudulently billing my clients for years of services. I've contacted the Russian site host, PayPal, and the invoicing service. What more can I do? Can I fight back?"
This discussion has been archived. No new comments can be posted.

How Do I Fight Russian Site Cloners?

Comments Filter:
  • contact your clients (Score:5, Informative)

    by Pinhedd (1661735) on Friday April 16, 2010 @10:44AM (#31871880)
    If you have a summary of your clients (and you should) you should send out a mass email and let them know what's going on
  • by Anonymous Coward on Friday April 16, 2010 @10:48AM (#31871932)

    You MIGHT be able to at least force their registrar to shut down their DNS registration, thus removing both the site and the email addresses from the web.
    I don't know how it works for fraudulent sites, but for Spam pointing at a clearly "spam-vertized" site I found this tool useful:
    http://spamtrackers.eu/wiki/index.php/Complainterator
    It helps you look up the responsible registrars for a domain and gives you their contact information, so you can ask them to remove their DNS entries.
    Not sure how likely they are to help, especially if the registrar is in Russia or China (I read some horror stories about the lack of cooperation from some registrars in those countries), but you never know...

  • by Cassini2 (956052) on Friday April 16, 2010 @10:57AM (#31872080)

    Check that the problem is not closer to home. The problem could be either technical like a corrupt ISP or some spyware, or it could be an insider running the scam.

    To make this scam work, the third party needs a great deal of inside information. That points to an insider. For instance, the third party would need access to invoicing forms to make everything look official.

  • Phishing filters (Score:5, Informative)

    by ISurfTooMuch (1010305) on Friday April 16, 2010 @10:57AM (#31872086)

    Just an off-the-wall idea here, but check to see how to report this site to Mozilla and Microsoft to get it into their blacklist of phishing/scam sites. If I got something from a site, and, upon trying to visit it, my browser's filter warned me about it, I might suspect something fishy is going on.

    Doing this is by no means a complete solution, but it could get you part of the way there.

  • ICANN (Score:5, Informative)

    by carp3_noct3m (1185697) <slashdot@warrio[ ... t ['rs-' in gap]> on Friday April 16, 2010 @10:58AM (#31872100)
    Check out Uniform Domain Name Dispute [internic.net] Resolution. It is often overturned in court, and isn't always effective, but taking back control of the domain in whatever way possible is more than likely the only way you will fully recover from this. Otherwise you are simply on a damage mitigation mission.
  • Didn't you notice? (Score:1, Informative)

    by leighjam (1790848) on Friday April 16, 2010 @11:06AM (#31872202)
    How come you didn't notice your website and email were down?

    I used to work at a registrar and it's not like one day you wake up and BOOM the domain is gone. All give warnings weeks if not months ahead of time. Most give a couple days of leeway before turning off the domain. After they turn it off (i.e. no email, web or anything can use the domain) you have about 30 days before it goes into redemption, once in redemption it's a crap shoot if you can get it back but you still can.

    If it was your business, then the domain is a valuable asset and should be treated as such. Much like a brick and mortar office. If you don't pay the rent, leave valuable customer information in file cabinets and are kicked out (after getting an eviction notice), don't complain if someone comes in and uses the space for a crack den and the customer info for their own nefarious purposes.

    A few recommendations,

    • Use a reliable third party email account(i.e. yahoo, msn,gmail) for your contact info and NOT the domain in question
    • Make sure you check it all the time!!!!
    • Don't think your registrar is ALWAYS spamming you.
    • Renew domains for Christmas or another holiday, if you renew early the time just gets tacked on the end you don't looks anything
    • Renew domains for multiple years
  • by John Hasler (414242) on Friday April 16, 2010 @11:11AM (#31872264) Homepage

    Many sites do not allow accounts to be closed. Try to close your Slashdot account, for example.

  • by Archon-X (264195) on Friday April 16, 2010 @11:19AM (#31872360)

    There's a problem with these automated tools - and that is that they're the shotgun approach.

    We run some mainstream sites, and we also allow affiliate promotion.
    We have a zero-tolerance spam / mailing policy, but that doesn't stop people trying.

    If or when complaints come through (SpamCop, SpamHaus, etc) - we deal with them, and nuke the affiliates - we're just as anti-spam & fraud as the BL guys.

    The problem, however, is that with the use of this / these tools, when DNS, upstream and network providers are scatter-bombed with complaints, over, and over, you end up getting blacklisted. Even if you're not in the wrong, you get blacklisted.

    If you've ever been on the end of a SpamCop / SpamHaus complaint, as much as they may have intended to setup a good service, their 'service' is incredibly partial.

    For example, the latest email back from SH to our host, when we had banned a fraudulent affiliate:

    Let's talk about removing the customer instead of offering up yet another affiliate excuse.
    Regards,
    -- The Spamhaus Project (SR22) http://www.spamhaus.org/ [spamhaus.org]

    Their website 'evidence' archives are full of libel and blackmail - if you email SH with a fake complaint, and say that company X participates in money laundering, international fraud and spam - they'll publish it - without an ounce of fact checking.

    Somewhat off topic, but these issues burn - who watches the 'watchers' / internet 'police'

  • Re:More To It? (Score:5, Informative)

    by Nadaka (224565) on Friday April 16, 2010 @11:19AM (#31872372)

    It probably wasn't even that hard. Once they own the domain, they can park a standard email server on it and capture email sent to the domain, they don't even need to implement the specific addresses.

  • Re:ICANN (Score:3, Informative)

    by darkmeridian (119044) <`william.chuang' `at' `gmail.com'> on Friday April 16, 2010 @12:15PM (#31873048) Homepage

    That's not the case. Someone who legally obtains a domain name may be forced to surrender it if they use it to trade on the goodwill on another or if there is no valid reason for using that domain. Like if I bought applecomputers.com and sold laptops on it, Apple will almost certainly win a UDRP proceeding against me. If he can prove that clients are being scammed and the scammers are using the site to pretend to be him (and trade on his reputation) he would have a good case.

  • by Bourdain (683477) on Friday April 16, 2010 @12:16PM (#31873076)
    I completely appreciate your response -- my suggestion is clearly inappropriate in the poster's question but...

    Even though the poster claims this domain was not used, merely the ownership of it (at nominal cost might I add) protected his business which he only realized in retrospect. That, I believe is the take home to readers of this forum in this situation -- not what to do if you make this blunder.

    As little as a single lost sale as a result of this gaffe on the poster's part, could far exceed the cost of renewing the domain for a decade.
  • by mikael (484) on Friday April 16, 2010 @12:22PM (#31873168)

    You would just have to send an "oops, I've forgotten my passpord" to the third-party service. With any such service, they will always send out regular circulars and notifications to whatever E-mail accounts are registered with them.

    So all a web-site cloner has to do, is find a defunct web-page that is no-longer in use, get hold of the E-mail address, and wait to see what arrives. Maybe they got hold of an old server with disk drives that weren't erased properly.

  • by nedlohs (1335013) on Friday April 16, 2010 @12:41PM (#31873406)

    Because only answers solely for the original poster should be accepted. Answers to help other people from having the same problem in the future should be avoided.

    In fact why do we bother posting to a public web site, just email your answers to the poster.

  • Re:ICANN (Score:5, Informative)

    by dissy (172727) on Friday April 16, 2010 @12:58PM (#31873632)

    the problem I see with this though is it's not like the domain was stolen ... Now clearly they're being fraudulent WITH the domain, but they obtained it legally, so that makes it a lot harder to legally take away.

    You should read the ICANN domain agreement you clicked OK to when registering a domain (All registrars for .com are required to pass that agreement on)

    Registering a domain name in bad faith, and/or for the use of fraud, is grounds for domain revocation.

    Being legally purchased, and not being stolen, do not factor into ICANNs rules. Those are more legal issues a court would need to address, and only after that happens would it be ICANNs concern.

    ICANN can revoke any .com domain on the grounds it is registered in bad faith or used for fraud.
    They HAVE done this in the past too.

    If you register a domain that sounds similar to an existing business, and also use that website for business, odds are good they can have it revoked from you. If your business line is the same as the existing business, it is guaranteed to be revoked. Being local rules, that the end user agreed to, there is little recourse when ICANN chose to do so, even if they do abuse this vague rule.

    http://www.icann.org/en/dndr/udrp/policy.htm [icann.org]

    Section 4, subsection A, paragraph III

    4. Mandatory Administrative Proceeding.

    This Paragraph sets forth the type of disputes for which you are required to submit to a mandatory administrative proceeding. These proceedings will be conducted before one of the administrative-dispute-resolution service providers listed at www.icann.org/udrp/approved-providers.htm (each, a "Provider").

            a. Applicable Disputes. You are required to submit to a mandatory administrative proceeding in the event that a third party (a "complainant") asserts to the applicable Provider, in compliance with the Rules of Procedure, that

                    (i) your domain name is identical or confusingly similar to a trademark or service mark in which the complainant has rights; and

                    (ii) you have no rights or legitimate interests in respect of the domain name; and

                    (iii) your domain name has been registered and is being used in bad faith.

  • by moranar (632206) on Friday April 16, 2010 @01:04PM (#31873720) Homepage Journal

    "Say hello to my little friend" was Cuban.

  • Re:ICANN (Score:3, Informative)

    by blair1q (305137) on Friday April 16, 2010 @01:48PM (#31874330) Journal

    Correct. Legally, he's not the one with a complaint. It's his old customers who are being defrauded. This is neither his fault nor his fight.

"Catch a wave and you're sitting on top of the world." - The Beach Boys

Working...