How Do I Fight Russian Site Cloners?

An anonymous reader writes "I used to run a small web design service, the domain for which I allowed to expire after years of non-use. A few weeks ago, I noticed that my old site was back online at the old domain. The site-cloners are now using my old email addresses to gain access to old third-party web services accounts (invoicing tools, etc.) and are fraudulently billing my clients for years of services. I've contacted the Russian site host, PayPal, and the invoicing service. What more can I do? Can I fight back?"

contact your clients

[Pinhedd]

If you have a summary of your clients (and you should) you should send out a mass email and let them know what's going on

Re:contact your clients

[Cassini2]

Check that the problem is not closer to home. The problem could be either technical like a corrupt ISP or some spyware, or it could be an insider running the scam.

To make this scam work, the third party needs a great deal of inside information. That points to an insider. For instance, the third party would need access to invoicing forms to make everything look official.

Re:contact your clients

[wvmarle]

I didn't immediately think "insider" but now you mention it... it makes total sense of a very unbelievable story.

Oh well yet another story that doesn't pass a reality check, and in good kdawson fashion no supporting links or so. Here we go:

The fraudsters copied the web site (that was presumably off-line for a long time). Trivial if it is all static pages, not trivial to impossible if it includes a lot of server-side scripting and you do not have access to the server directly. And quite unlikely that a web site is copied and kept archived by would-be fraudsters hoping that in the future the owner lets the domain expire so they can bring it back on-line? No. It just doesn't happen.

Then they need to know which third-party services you used. And that you were so trusting that you use a third-party web service for invoicing in the first place.

Then they know your clients (potentially through the third-party invoice service).

Then they have your passwords (I may assume password protection).

And how come your old accounts at those invoicing services are still accessible in the first place? From the fact that you let your domain expire after "years of non-use" I take it your business has closed years ago too. Third-party web services usually require payment, especially specialised stuff like invoicing. Not likely they keep that active without it being paid for.

So Russian hackers? No. Insider job? That's where you should look first indeed. Start with former employees I'd say.

Re:

[omnichad]

archive.org - just has to look alike, doesn't have to act alike

password resets via email, though PayPal is quite a stretch.

You seem to make good points on the rest.

SOVIET RUSSIA

[Jeremiah Cornelius]

In Soviet Russia, site clones YOU!

Re:contact your clients

[ottothecow]

I am not sure they would have to replicate the pages exactly. Just take whatever shows up on archive.org and and slap a current date on it.

The cloners are not trying to recreate your business--they just have to make it look like the business still has an active website. Then they use the emails that they now control to get back into old accounts.

As for knowing which third-party services were used, there may be some indication on the archived site or there may be something available with enough googling--maybe they find a former client from a "site design by..." tag and social engineer some answers out of them (they don't have to be an insider or client themselves...they just use your old email address and ask a former client). There can't be that many providers of some of these services that were active when the business was running and are still active now...just start using lost password forms.

They might have to reinstate your old payments, but a few months of invoicing service is a drop in the bucket compared to what they could then invoice your clients for (and bigger corporate customers might not ask questions before cutting a check to a company already in the system).

Re:

[teg]

(and bigger corporate customers might not ask questions before cutting a check to a company already in the system).

Bigger companies would have routines in place that would make this very hard... if you send an invoice, they'd better have a current PO number (or equivalent) or they'd be out of luck. Big companies have routines, and dedicated people to carry them out. This wouldn't be the first scam they'd see...

A better target would be a small company, with just enough people that not everyone knows eve

Re:

[account_deleted]

Comment removed based on user account deletion

Re:contact your clients

[mikael]

You would just have to send an "oops, I've forgotten my passpord" to the third-party service. With any such service, they will always send out regular circulars and notifications to whatever E-mail accounts are registered with them.

So all a web-site cloner has to do, is find a defunct web-page that is no-longer in use, get hold of the E-mail address, and wait to see what arrives. Maybe they got hold of an old server with disk drives that weren't erased properly.

put this in bold

[Onymous Coward]

This is the fundamental thing to take away from this incident, and, while it may be obvious, it deserves stating plainly:

Domain control / email address control is an authentication tool.

We've brushed by the concept in prior conversations about validating new user sign-ups.

Implications include, as in this scenario, human verification by looking at a web page of a familiar domain, human verification by email correspondence with a familiar email address, and password resetting when in control of an email address; SSL certificate-based identity (if the decrypted certificate can also be acquired), URL -referenced data validity (executables for download), and probably a number of other authentication/control mechanisms reliant on domain/address -- your ideas are solicited.

DNS hijacking, then, should be a serious concern. DJB warned about cache poisoning via brute-force source port + transaction ID spoofing in 1999. A long time went by before the issue got enough publicity (in 2008) to force the major DNS software purveyors to clean up their acts. This guy needs to be taken seriously.

Re:

[Yvanhoe]

And explain to them how email is not a way to do business on the web if they are not cryptographically signed. Sorry, I may sound like an asshole, but this is a flaw in the email protocol that everyone accepts and deals with. This is the kind of things that will more and more happen until people ask for something more robust.

Re:

[Lumpy]

you forgot another one...

He also needs to take a baseball bat and beat himself in the head. Leaving LIVE billing accounts anywhere is pure stupid. you CLOSE those accounts when you close up shop. Even pay-pal will allow you to close up shop and shut down an account.

That's just criminally sloppy.

Re:contact your clients

[Chris Pimlott]

The problem with this is that the scammers can send just out another mail calling him the scammer and 'reassuring' the customers that everything is okay and keep the money flowing. Who are they going to believe, originalguy@gmail.com or admin@originaldomain.com?

He needs some way of proving who he is. He may have to resort to calling each customer directly to convince them, perhaps by referencing details of their relationship and past transactions that the scammers shouldn't know.

Re:contact your clients

[EdelFactor19]

what are you talking about?

His clients aren't going to the site, the cloners are using the access to third party information obtained through the sites email fraudulently bill them. When old clients (some might not be any more) all of the sudden see themselves being billed for years of service that they never recieved/paid for or got, who do you think they are going to believe?

Someone telling them there is a scam going on, which would explain the behavior?
Or someone telling them ignore him, everything is fine we are just billing you for no real reason?

What happens when they pick up the phone to follow up with a complain?

He doesn't need a way to prove who is to the customers, he has proof that he paid for the site domain originally and needs to contact the third party service providers to get that account cut off and redirected to him

Shame on you for not updating contact information when you let the domain expire. forget the open customer accounts within your 'profile' I'd be willing to bet that all of the transactions and everything else are tied to an account of his OWN with the 3rd parties, and various bad bits of information that have now been stolen the biggest problem is that the third party services are treating the activity as legit.

Re:

[rickb928]

Oh, and have them contact their bank if any of them paid and start the process of following up on where the money went.

I'm assuming they are contacting their local police. And sharing info. If this is what it looks like, it becomes international eventually, and getting back to the perps would be nice. Unrealistic, perhaps, but nice.

What a scam. sheesh.

Re:

[centuren]

If you have a summary of your clients (and you should) you should send out a mass email and let them know what's going on

Talk to a lawyer, too. You sound pretty liable in all this, as it all sounds like it stems from business negligence / lack of due diligence. A domain name should not be the key to any third-party web services accounts, among other things.

Re:contact your clients

[sopssa]

The money has to get to these people somehow. Follow it, and you find the crook.

Exactly, good advice!

Like girlintraining states, you only need to hack to the Visa merchant account to know what bank account it belongs to, then hack the bank to know who is the owner of that account and get his bank statements to know what is being done with it. After you furiously raid the persons home you discover the old lady is a money mule and has wired the money overseas. Now you only need to take a flight to Kazakhstan and go talk with the local banks about it, just to find out that some alcoholic cashed it out for $10 and gave it to some man he doesn't remember.

As always, great tip, girlintraining.

Re:

[Quantumplation]

<sarcastic troll> They did it on CSI... </sarcastic troll>

Re:

[hrimhari]

Or it may just be a black hat wannabe that isn't really part of the Russian mafia.

As always, great tip, girlintraining.

You know her that well or you just wish you did?

Re:

[sorak]

I have an idea. Email an MP3 version of Metallica's "St Anger" to them, and let the RIAA do it for you.

Re:

[onyxruby]

The principal of what girlintraining said stands, if you want to solve the problem you have to follow the money. The fact that this would likely require international police cooperation to resolve is moot. Police agencies work together on this kind of crime on a routine basis, it's just a question of where the jurisdiction falls.

I used to work large balance fraud for a living, I could research a case, find the victim, find the perp, find all the aliases and their addresses, determine what was real, gain col

There's only one thing you can do

[FreeUser]

"Take off and nuke 'em from orbit. It's the only way to be sure."

Oh wait, they're in post-soviet Russia...
(Sirens wailing)
That probably wasn't a very good--
[NO CARRIER]

Russian hosting

[blackraven14250]

Good thing your site is hosted in Russia. That makes things a whole lot easier.

Re:

[Grimbleton]

Mmm yes because once a domain is registered in one place it can never be registered elsewhere.

fight back

[toxygen01]

check the dns domain registrar of theirs and report domain abuse.
that's what whois information is about too.

Re:

[Matt Perry]

check the dns domain registrar of theirs and report domain abuse.

But it's not domain abuse. This guy says he let his domain expire. Someone else then registered it. No domain abuse involved.

More To It?

[s7uar7]

How do they know which third-party web services you used to use, unless it's one of your old clients?

Re:More To It?

[patSPLAT]

1. take over domain
2. setup catch all email account
3. wait for "we wish you were still our customer" email
4. take over old billing accounts
5. repost site from archive.org
6. start tracking down clients perhaps with search for 'site designed by xxxxxxx' and send bills

It's a pretty smart scam.

Re:

[Chrisq]

How many services have a "lost your password? enter email address here". If you abandon a domain name you really must make sure that you change the registered email address of any service registered using it. Its easy to forget if you are used to just accessing the site with username and password.

Re:More To It?

[Nadaka]

It probably wasn't even that hard. Once they own the domain, they can park a standard email server on it and capture email sent to the domain, they don't even need to implement the specific addresses.

Re:

[petermgreen]

And even if the addresses were a little unusual between looking at the old website on archive.org and watching which addresses still get spam in the mailserver logs it's probablly pretty easy to figure out what addresses used to be used on a domain.

Re:

[The MAZZTer]

It's even easier since you can set up a "catch all" inbox to catch any e-mails to the entire domain. At least cpanel lets you do this. I keep it off because it tends to catch mostly spam to randomly generated usernames@mydomain.

Business Ratings Sites

[lmnfrs]

Find all the ratings and informational sites you can, and explain as prominently as possible what's happened. Show some evidence by explaining how to find the history of a domain's registration so people can see the ownership changed completely.

I assume you've been in contact with previous clients to learn they're being billed, so tell them they can report false billings on that type of site.

Don't let valuable/vulnerable domains expire?

[Bourdain]

Wouldn't it just be cheaper/easier to just never let even remotely valuable/vulnerable domains expire since it costs so little to keep renewing them?

Re:Don't let valuable/vulnerable domains expire?

[uglyduckling]

Yes!! You've hit on the perfect answer. Hindsight and a time machine can solve any problem. Bravo!

Re:Don't let valuable/vulnerable domains expire?

[Bourdain]

I completely appreciate your response -- my suggestion is clearly inappropriate in the poster's question but...

Even though the poster claims this domain was not used, merely the ownership of it (at nominal cost might I add) protected his business which he only realized in retrospect. That, I believe is the take home to readers of this forum in this situation -- not what to do if you make this blunder.

As little as a single lost sale as a result of this gaffe on the poster's part, could far exceed the cost of renewing the domain for a decade.

Re:

[Short Circuit]

Your use of the word "nominal" reminds me of this [userfriendly.org]. The word "nominal" always left a foul taste in my mouth; it's like asking someone to give "only" some recurring amount. Aggregate that over a half-dozen someone's, and that recurring amount stacks up.

Let's say that the OP tries his hands at a few dozen businesses during his life. For every one of those domains, he's stuck with another recurring fee to manage. Even if the individual fee is low, it adds up.

Actually, kinda reminds me of the crap I cleaned off

Re:

[Bourdain]

I agree, small things, added together "add up". Even more strangely, large things "add up" faster. But the way to make such decisions is where one's judgment comes into play...

This is ultimately a judgment call for an individual to make, i.e. if you feel the sum of the small things is larger than the expected value of the value of the "large" things, you can make your decision. In your example, by actually supplying numbers, let's say someone decides to hold onto 6 domains for 10 years when he feels

Re:

[Short Circuit]

You're asking people to take a lifelong tax in order to start a business which may or may not last longer than a quarter, and that tax is cumulative with each business they attempt. Consider that the length of one's life is unknown (if it were known, insurance companies would be all over the guy handing out the "knowing"), and that seems like an awful lot to ask. Even a 30-year mortgage has an end date. Your suggested solution would be murderous on serial entrepreneurs.

Consider further that the email accoun

Re:

[nedlohs]

Because only answers solely for the original poster should be accepted. Answers to help other people from having the same problem in the future should be avoided.

In fact why do we bother posting to a public web site, just email your answers to the poster.

Re:

[Short Circuit]

See a moderation called "Offtopic"

Also, if Bourdain's post wasn't directed at the OP, it should have started off with, "I don't know how to help you, but perhaps this should be a warning to..."

As it was, it read in a rather condescending tone.

Re:

[nedlohs]

It's a public forum, responses that aren't exactly to the questioners situation are no Off Topic. They are why a public forum is better than asking people for private answers.

Just because you read a tone doesn't mean the tone was there let alone intended to be there.

Re:

[Short Circuit]

Hey, I don't like it any better than you do. Take it up with Taco.

However, I think we've drifted offtopic...

Re:

[doubleu606]

network solutions sales rep, is that you?

Re:

[Rich0]

And what happens when you close your business?

Maybe he doesn't want that domain any longer. Why should he have to pay for it forever just so that nobody else uses it?

And what will DNS look like in 100 years when 95% of all domain names belong to companies that no longer exist but refuse to let anybody recycle it?

Re:

[Keruo]

> And what will DNS look like in 100 years when 95% of all domain names belong to companies that no longer exist but refuse to let anybody recycle it?

This is almost what I'm facing with one domain. It was previously used by another company during IT-bubble.

That company has been defunct for 15 years, and the domain expired.
The domain was grabbed by a company specializing in reselling domains, and they are asking 100x more than I'm willing to pay for the domain.

Re:

[Blakey Rat]

And what will DNS look like in 100 years when 95% of all domain names belong to companies that no longer exist but refuse to let anybody recycle it?

Yah! How are Russians scammers supposed to make money, then!?

Re:Didn't you notice?

[John Hasler]

> A few recommendations...

a) Read the article.

Re:

[Bourdain]

was there an article besides the several line initial post?

Re:

[dissy]

Read the article.

My bad. Something must be going on with my computer, as two different browsers show no links to any articles in this story summary.

But you got modded +5 insightful, so you and others are clearly seeing links.

Could you do me a huge favor and paste them in reply?
Thanks!

Re:

[qoncept]

If you don't pay the rent, leave valuable customer information in file cabinets and are kicked out (after getting an eviction notice), don't complain if someone comes in and uses the space for a crack den and the customer info for their own nefarious purposes.

I'll assume by "don't complain" what you actually meant was "do something about." (You know, since the OP wasn't "complaining", he was asking what to "do about.")

Now, you expect him to, what, just ignore this and let the havoc wreak? If you're a stupid 18 year old and end up with 20k in credit card debt, do you just move on and keep letting the penalties pile up? Probably, but that's obviously not what you should do.

Re:

[Angostura]

How come you didn't...

... read the first sentence of the summary?

If TV Has taught me anything...

[0100010001010011]

The only way to deal with the Russians is with the Italians or the Irish.

So either:

"Say hello to my little friend"

or

"This guy takes a blunt object, fuckin', waah! Hits the guy with the bandages around his head, right? Why? 'Cause he's smart. He knows the guy with the bandages around his ass, he ain't goin' nowhere. He's goin' fuckin' nowhere. "

Re:

[KDR_11k]

Forget the Italians, they know the rule: Never fight a land war in Asia.

Re:

[moranar]

"Say hello to my little friend" was Cuban.

Contact the FBI

[Orga]

I assume this is a form of wire fraud, international at that.

Not many options, but to ease your conscience...

[HikingStick]

To ease your conscience, pull together your old contact list and let your former clients know that you've not been running the business (or charging for services) for years. Advise them of the current scam, and hope they get your message before they pay the bad guys.

While I have your attention, shame on you for letting your business go dark without tying up the loose ends (e.g., informing your customers). I feel for your customers.

Re:

[macbeth66]

While I have your attention, shame on you for letting your business go dark without tying up the loose ends (e.g., informing your customers). I feel for your customers.

Bingo! The OP deserves every heartache he gets for leaving his old business in such a state. I hope he does get sued and serves as a lesson to others.

Re:

[thePowerOfGrayskull]

While I have your attention, shame on you for letting your business go dark without tying up the loose ends (e.g., informing your customers). I feel for your customers.

To be fair, he didn't say the customers are paying. It's entirely possible that he did tidy up loose ends, and now former customers are contacting him directly and saying, "Uh, what's going on? We stopped doing business years ago..."

Based on my understanding...

[fuzzyfuzzyfungus]

Of how Russian Free Enterprise works, I would suggest either hiring hitmen to brazenly gun-down whoever cloned your site, if it is a relatively small operation, or insinuate that the cloner is an enemy of the state, and have him jailed on trumped-up tax evasion charges, if it is a large operation.

If neither of these options suits, I hear that Polonium is the new Earl Grey...

Phishing filters

[ISurfTooMuch]

Just an off-the-wall idea here, but check to see how to report this site to Mozilla and Microsoft to get it into their blacklist of phishing/scam sites. If I got something from a site, and, upon trying to visit it, my browser's filter warned me about it, I might suspect something fishy is going on.

Doing this is by no means a complete solution, but it could get you part of the way there.

hmm

[nomadic]

File a UDRP complaint and get the domain name back. Won't fix matters, they'll still have access to your customers it sounds like but at least it will help.

ICANN

[carp3_noct3m]

Check out Uniform Domain Name Dispute [internic.net] Resolution. It is often overturned in court, and isn't always effective, but taking back control of the domain in whatever way possible is more than likely the only way you will fully recover from this. Otherwise you are simply on a damage mitigation mission.

Re:ICANN

[v1]

the problem I see with this though is it's not like the domain was stolen. He allowed it to lapse while having email addresses on that domain still recognized by clients. They legally registered it, and are now making life hard for him. He screwed up, and can't go running to the authorities for that alone. Now clearly they're being fraudulent WITH the domain, but they obtained it legally, so that makes it a lot harder to legally take away.

Re:ICANN

[Rich0]

Additionally, it doesn't sound like he even wants the domain back. He just wants people to stop using it to impersonate him.

Suppose I own a domain, and want to stop using it. No big deal - I let it lapse. I don't want to pay for it - I don't need it. However, if somebody were to register it expressly for the purpose of impersonating me, I'd certainly care about it!

The same thing can happen offline. Suppose I buy a home and phone number that used to be owned by Bill Gates simply so that I can impersonate him and clean out his bank accounts or whatever. Should Bill Gates need to dispute my purchase of the home? That isn't what is at issue.

The problem is fraud, not domain ownership in this case.

The real solution is to not tie identity to a domain. Sure, you can deliver based on a domain, but emails should be encrypted to a certificate, and signed by a certificate, and identity should be based on that.

For whatever reason it seems like we live in this fantasyland where security and authentication is an afterthought in almost all internet protocols...

Re:

[carp3_noct3m]

The problem is that yes, they are committing fraud, but since they are in Russia he has effectively nothing that he can do with regards to it. His only option is to find an alternative way to take control back, like I said, the best option being to somehow get the domain back. If they were doing this from the US, it would be much more simple.

Re:ICANN

[MobyDisk]

They are committing fraud.

If you sell your house, and I move in, that does not mean that I can legitimately use your credit card just because I have your mailing address.

Re:

[darkmeridian]

That's not the case. Someone who legally obtains a domain name may be forced to surrender it if they use it to trade on the goodwill on another or if there is no valid reason for using that domain. Like if I bought applecomputers.com and sold laptops on it, Apple will almost certainly win a UDRP proceeding against me. If he can prove that clients are being scammed and the scammers are using the site to pretend to be him (and trade on his reputation) he would have a good case.

Re:

[bazorg]

I don't know if that's insightful or scary. so you are saying that once you have been victim of identity fraud, you can't do anything to stop it from continuing?

Re:ICANN

[dissy]

the problem I see with this though is it's not like the domain was stolen ... Now clearly they're being fraudulent WITH the domain, but they obtained it legally, so that makes it a lot harder to legally take away.

You should read the ICANN domain agreement you clicked OK to when registering a domain (All registrars for .com are required to pass that agreement on)

Registering a domain name in bad faith, and/or for the use of fraud, is grounds for domain revocation.

Being legally purchased, and not being stolen, do not factor into ICANNs rules. Those are more legal issues a court would need to address, and only after that happens would it be ICANNs concern.

ICANN can revoke any .com domain on the grounds it is registered in bad faith or used for fraud.
They HAVE done this in the past too.

If you register a domain that sounds similar to an existing business, and also use that website for business, odds are good they can have it revoked from you. If your business line is the same as the existing business, it is guaranteed to be revoked. Being local rules, that the end user agreed to, there is little recourse when ICANN chose to do so, even if they do abuse this vague rule.

http://www.icann.org/en/dndr/udrp/policy.htm [icann.org]

Section 4, subsection A, paragraph III

4. Mandatory Administrative Proceeding.

This Paragraph sets forth the type of disputes for which you are required to submit to a mandatory administrative proceeding. These proceedings will be conducted before one of the administrative-dispute-resolution service providers listed at www.icann.org/udrp/approved-providers.htm (each, a "Provider").

        a. Applicable Disputes. You are required to submit to a mandatory administrative proceeding in the event that a third party (a "complainant") asserts to the applicable Provider, in compliance with the Rules of Procedure, that

                (i) your domain name is identical or confusingly similar to a trademark or service mark in which the complainant has rights; and

                (ii) you have no rights or legitimate interests in respect of the domain name; and

                (iii) your domain name has been registered and is being used in bad faith.

Re:

[blair1q]

So the solution is simple. Call up Jon Pos---er, ICANN, and report the fraud.

Contact the former customers of the website and have any who've been hit-up for fake billings report it as well.

Much simpler than the Jack Bauer defense.

Re:

[laing]

ICANN has no power of its own. Good luck getting them to do anything for you. Pretty much every domain registrar does something to violate ICANN's terms. As an example, try letting a 3 letter dot com domain expire and see how long it takes to come up for open registration... Don't hold your breath!

Re:

[blair1q]

Correct. Legally, he's not the one with a complaint. It's his old customers who are being defrauded. This is neither his fault nor his fight.

Re:ICANN

[ISurfTooMuch]

Excellent idea! If you file the claim, the scammers have to file a reply, or they lose by default. Since people like this are bottom feeders who move from one scam to another, I seriously doubt they'll want to expose themselves by filing a response. Like cockroaches exposed to a light, they'll scurry away.

Close your accounts!

[iamapizza]

Why didn't you close your third party accounts when you were shutting down your old site?

Re:

[John Hasler]

Many sites do not allow accounts to be closed. Try to close your Slashdot account, for example.

Re:

[Anonymous Coward]

It worked!

Re:

[T Murphy]

...and now I've registered with your old username and will extort all your old friends for karma.

Re:Close your accounts!

[Chrisq]

Try to close your Slashdot account, for example.

Bastard. now I've got to re-register.

Re:

[Linker3000]

Some swine managed to grab my old /. account 'Anonymous Coward' and now posts over and over again using it - Grrr.

Re:

[malevo]

This would be funny if you posted as an Anonymous Coward.

Trace?

[Anonymous Coward]

Create a GUI interface using Visual Basic to track their IP address.

Done.

Always use a perm email

[Bruha]

It's not good practice to use your domain email as a email for any domain registered tools. If your domain was down for whatever reason you have no recourse to reset any passwords etc, and as we can see this issue can crop up.

Unfortunately for the OP and I hope that his former customers would understand, he could be held liable, but I hope those impacted will just take it on the chin.

Re:

[Chad Birch]

Where exactly do you get one of these "perm emails" that aren't tied to any sort of service that might go down or disappear in the future?

Re:

[Raffaello]

Ironically, me.com, formerly mac.com. (ironic because when the service first started Apple were generally considered to be going out of business any day now).

Similar happened to us

[Sporkinum]

I was part of a LAN gaming group. It was pretty much dieing anyway since more and more people were getting broadband then. Anyhow, we lost contact with the guy that had the domain, so we were not able to renew it when it expired several years ago. A few months ago, I was going through some old bookmarks, and lo and behold, the site was up and running. The forums weren't functional as they were based on custom code that they didn't manage to get. Other than that, it looked the same. The new domain contact in

Re:

[Raffaello]

The new domain contact info resolved back to some Russian place. BTW, there was no commercial value to the site.

1. resurrect deceased domain
2. drive-by malware
3. profit!!!

i.e., it may have had no commercial value when legitimately operated in the past, but it may well be a source of illegal revenue now.

Slashdot the site

[dmesg0]

Publish the link to the site on Slashdot (and don't forget to mention it has some free pr0n). The site will die within minutes, after the first 10 million slashdotters visit it.

Doesn't smell right...

[ArundelCastle]

The site-cloners are now using my old email addresses to gain access to old third-party web services accounts (invoicing tools, etc.) and are fraudulently billing my clients for years of services.

Assuming your domain's e-mail has been bouncing for *years*, how in the hell did perfect strangers a world away(?) dig up your data? This sounds like something that happens after an unshredded trash rummage.
1. How do they know what all your internal e-mail addresses were?
2. How do they know what your web services were?
3. How do they know who your clients were?
4. How do your clients believe you're still doing work for them after years of silence?
5. How are these web services still holding your account data a

Don't Fight It, Help Out!

[DynaSoar]

I can think of no better way to develop the sort of relationship you want with these people than to give them some assistance. A new web site offering credit card numbers, pr0n of various disgusting kinds and passwords to similar sites, "secrets of hacking [x]'s government sites", an enormous list of movies and such available for download, an international banking concern planned to assist others in recovering funds from dead relatives' accounts, and as many similar offering as you can imagine, is just what

got to be more to the story

[corbettw]

What third-party web hostings apps were you using? And why did you leave your customers' data in them when you closed up shop? This whole thing reeks of incompetence on your part and possible stupidity on your former customers' part (if someone I used to do business with sent me an invoice for services after not sending any for months/years, I'd at least contact them to see if it was valid, possibly just delete it and see if they send another one).

At this point, you have a responsibility to contact your for

Possible trend?

[thePowerOfGrayskull]

I was first wondering how they knew this guy's domain would be profitable, but then I realized it could be done en masse. With "domain tasting" it coudl even be done without much financial risk.

Register a ton of old expired domains. Set up catch-all email accounts. See what legit services send you marketing emails implying you had a prior relationship. If you don't find any, cancel the domain registration. If you do, pay for it, reset passwords, and start harvesting.

Ugh.

Re: Can I fight back?

[Kirin Fenrir]

Yes. Go on 4chan and tell them they hurt a cat.

Re:A crazy Idea

[Anonymous Coward]

That's a rather dangerous and almost certainly illegal thing to do.

However, I was thinking about suggesting that he post the URL here so that people here in slashdot could take a look at the site and get some ideas about what to do about the ...
 
...oh, wait.

Re:

[WrongSizeGlass]

Get a bunch of hackers together and tell them to do their best to DDOS your old site!

I believe this kid [yimg.com] is available.

Re:

[flyingfsck]

You mean like, post the URL on Slashdot?

Re:Try to have the DNS entry removed

[Archon-X]

There's a problem with these automated tools - and that is that they're the shotgun approach.

We run some mainstream sites, and we also allow affiliate promotion.
We have a zero-tolerance spam / mailing policy, but that doesn't stop people trying.

If or when complaints come through (SpamCop, SpamHaus, etc) - we deal with them, and nuke the affiliates - we're just as anti-spam & fraud as the BL guys.

The problem, however, is that with the use of this / these tools, when DNS, upstream and network providers are scatter-bombed with complaints, over, and over, you end up getting blacklisted. Even if you're not in the wrong, you get blacklisted.

If you've ever been on the end of a SpamCop / SpamHaus complaint, as much as they may have intended to setup a good service, their 'service' is incredibly partial.

For example, the latest email back from SH to our host, when we had banned a fraudulent affiliate:

Let's talk about removing the customer instead of offering up yet another affiliate excuse.
Regards,
-- The Spamhaus Project (SR22) http://www.spamhaus.org/ [spamhaus.org]

Their website 'evidence' archives are full of libel and blackmail - if you email SH with a fake complaint, and say that company X participates in money laundering, international fraud and spam - they'll publish it - without an ounce of fact checking.

Somewhat off topic, but these issues burn - who watches the 'watchers' / internet 'police'

Re:

[spydabyte]

agreed. it sounds like to me that he stopped working on a website, stopped offering a service, and let everything expired. That leaves a great business plan for someone to start where you left off. If the people are paying for a service they aren't receiving, that's their fault. If the Russian "cloners" are actually providing the same service you did, then good for the Russians.

The only other issue I can see here is copyright / stolen corporate identity, which if you don't know what to do already (contact

Re:

[thePowerOfGrayskull]

Clearly the modder misread and thought it said Inciteful when he made his choice.

Re:

[Skreems]

How the hell is this modded informative? The guy didn't leak any financial data. This is the equivalent of moving out of a leased storefront and the next tenant contact Visa and saying, "Hey, I'm still here, could you pretty please send me a copy of all the records again?" and them doing it just because the address is the same.