How to Prevent Hijackers from Ripping Off Your Website
Imagine all of your hard work being ripped off by someone half way around the world. My first thought was always, “Ah, that’ll never happen to me. What are the chances?” Imagine my surprise when I found out my freelance website (HTML, CSS, graphics, design-down-to-the-last-detail) was hijacked by an Indonesian company.
I found out about this hijack through my Google Analytics results. I saw that I’d been getting about 28 hits a day from an Indonesian website as well as Google Search hits from keyword phrases such as “Terminal” and “Terminal Pulsa.” Thankfully, I’m curious by nature and investigated this odd behavior.
My first thought was, “How dare them! I worked hard on this site! Why would someone think this is okay to do?!” Quickly followed by, “Oh great, this place is overseas and surely they do not hold to the same legal standards as the United States. What do I do now?”
Please note that I am NOT a lawyer (thank God), but the following information should really help you out if you ever have this happen to you!
Crap, I was hijacked. What do I do now?
1. Chill out. This is obviously easier said than done as I always thought when someone copied my work I’d be flattered. Sadly, I wasn’t.
2. Find their contact information. Use IP Tools or your favorite WHOIS tool to find out who the heck owns your website’s evil twin. I had some trouble finding mine because it didn’t have a “.com” address; my hijacked website contained a “.co.cc”. If you have one of these oddities, you can check the WHOIS at this website.
Along with finding contact information, you can also find out who their web host is. Once you find out this information, you can send a ‘Cease and Desist’ letter to them as well as contact their hosting provider if you are so inclined.
3. Send a ‘Cease and Desist’ letter. Once you have the appropriate contact information you can send a Cease and Desist letter. There are lots of Cease and Desist templates out there, so have a look around for one that fits your needs.
The purpose of a letter like this is to establish professionalism rather than the very vocal ‘take-my-website-down-now-you-jerk’ kind of email (which would probably not prompt an intelligent response anyway). The Cease and Desist letter also uses legal jargon as well as a perceived valued fine, both which will probably scare the bejesus out of your website hijacker.
4. Ask for help! This article is only one of hundreds of resources available online. When I was hacked, I reached out to my Twitter friends and my amazing friend Angie. Everyone was super helpful.
Oh no! The hijackers didn’t listen to me! Now what can I do?!
Tell all the search engines how much of a big jerk they are (aka REPORT THEM!) You must try a Cease and Desist letter first. I repeat: try a Cease and Desist letter first! This usually fixes the problem within 24 hours, and it’s a heck of a lot easier than contacting search engines one by one by one. If this doesn’t work, then you can report them.
As we all know, copyright laws in India, China, or even the UK are not the same as the laws in the United States. Thankfully, almost all search engines will recognize rip-offs and fakes equally. The only catch is that you have to provide proof, but that should be pretty darn easy.
The downside is that Google doesn’t make it easy (or quick) to report this type of activity. This was disheartening to me, considering almost all my keyword search traffic comes from Google. Almost all the other search engines allow you to report these cases via email. However, Google forces you go through a third-party company, which makes you either fax (that’s so 1990) or snail mail your claim to them. Yes. Really.
But I’m Still Really Mad!
Don’t be stupid! It’s alright to be mad, but beyond calling attention to this matter in your personal blog (as I did) do not go plastering the hijacking all over the internet. Oddly enough, you can get sued for slander. Weird, right? So be careful!
Prevention
Hide that code! If being hijacked has left a nasty taste in your mouth or if you are scared of this happening to you, there are things you can do to try to prevent this from happening. One thing you can do is encrypt your code. Have a look at this website for more information on code protection.
Leave a Comment
I recently found out that an illustration of mine was the top google image search result for the word “perfectionist”… on somebody else’s website. Without permission. And it was direct linked from my site.
I probably should have been mad, but frankly, since it’s direct linked, it actually drives a decent amount of traffic to my fledgling site. Mixed feelings, to say the least.
I also found the same illustration being used on a website in… I think it was also Indonesia, actually. That thing gets around.
It seems like my blogs are being scraped more and more these days. I get pingbacks and when I go to the site, there’s nooooooooooo contact information to be found. It’s aggravating. I mean, why don’t these folks just use their own imaginations – or hire someone who has one? Seriously. I hate that you had to go through that, but I love that you used your experience as a tool for others. Thank you for sharing this with us!
*smiles*
Michele
You are missing a link to the “code protection” website, otherwise great article!
Thanks Jason — I’ll try and track it down.
In the last two sentences you mention,
“One thing you can do is encrypt your code. Have a look at this website for more information on code protection.”
Maybe I’m missing the obvious, do you mean Freelance Switch’s website, or was there supposed to be a link with another site about code encryption. Please let me know, that’d be great.
Nice Set of Tips Renee !! However you can not hide all the code as it’s just a additional work which is very messy in nature. Also most of the time site got updated daily in that case it’s really hard to encrypt the code every single time. Thanks for the info though!
“Have a look at this website for more information on code protection.”
…. WHAT website???
You can use CSS to slow people down when it comes to downloading and stealing your images. A lot of photography sites do this.
Take a look at A Savvy Approach to Copyright Messaging to see how Derek Powazek prevents people from ripping off his images. Another thing you can do is change the .htaccess file for your image directories. This will prevent people from linking to your images and stealing your bandwidth in the process.
Can you tell me the site address? I’m Indonesian and this hijacking (especially by Indonesian) makes me sad (and angry at the same time). Maybe I can help by contacting the site owner with our language and spread the info with some other fellows. It’s just embarrassing for us, Indonesian folks.
Just quick comment about the end of your article where you state that “Oddly enough, you can get sued for slander.”
Slander is spoken word, libel is written. So if you published something written on the internet, you’d be sued for libel, not slander. Also, it’s only libel if you’re lying. If you’re telling the absolute truth (no bending the rules or exaggeration or half-truths) then you can shout it from the rooftops without consequence.
We have it easy in Australia. It’s simply referred to as “defamation” in all situations.
Thanks for all the positive comments. I was actually able to resolve my issue by sending a cease and desist letter, so everything is a-ok now! I sent the link for Joel to fix, but I’ll add it in the comments as well.
To learn more about encrypting your code, check out this website: http://socialcmsbuzz.com/how-to-protect-your-website-template-and-css-files-from-theft-27072008/
there is no way you can protect your site, if some one is determined to copy it, at the end he will succeed
What an interesting article with helpful tips. Thanks Renee.
The line between flattery and offense looks like this: $.
On the other side of the bridge, i own a development studio in Thailand (just near the beach), I problem I’ve had is staff over reaching for design ‘inspiration’ and just designing a whole new site totally based on another site. Which if i notice it I’ll get them to rectify, what’s harder to deal with is clients ripping off other people’s content and getting us to use it (without us knowing its been ripped off)…
And no, we’re not cheap and we don’t deal with cheap clients, we cater to the higher end of the market.
“…there are things you can do to try to prevent this from happening.” But you only list *one* thing.
I’m not sure if it was you or FS that came up with the article title but you only have two sentences about preventing hijackers. And the one thing you list is an experimental PHP tweak, which no one but a web programmer would know how to implement.
Hope I sound constructive and not rude…
Just in case, if your website is really fu**ed up or you want to prevent this thing take a look at “total server solutions”, these guys rocks
Regarding this CSS protection. There is no such thing
This is my comment I have posted on Social Buzz:
Don’t You understand that You have to send CSS content to browser anyway? And when it’s in browser user can do whatever he want – for example save and reuse (steal).
So this cumbersome hack will not show CSS code when You fetch file directly from webserver. But Firebug will have all CSS stored in HTTP responses. Or You can use some debugging proxy like Fiddler or Charles, or even network sniffer to get whole CSS file.
If You want to prevent from direct linking CSS files and other assets You can use just .httpaccess and scan HTTP_REFERER. As result Your site will work for clients with cookies disabled – PHP session requires cookies to be enabled, so with them disabled user won’t get CSS.
Do you know what it is most annoying? IP hijack! They didnt copy you content, but pointed their domain to your site using free dns services. So what you have to do? Change your host! Yes. Or change you IP with your hosting provider. There is no other way.
@Rogers
Rewrite rule in webserver based on HTTP_REFERER – all assets (CSS/images) won’t be served if not called from Your page. So redirecting domain will display content but without any styling.
Or use HTTP 301 (or JavaScript) to redirect to proper URL if content is not served from right domain.
Being ripped is never pleasant, may it be for bloggers, photographers or designers, in fact, anyone who creates original work.
To keep an eye on who might be using your work without your permission, we recommend you use copyscape for your writings or TinEye for your images. TinEye is quite brilliant.
Once you have found that someone has ripped your work, the process can be a little intimidating, complicated and time-consuming for many designers and bloggers.
We’ve been through that and thought that they should be an easier way to handle this situation.
So, watch out for the launch of a unique copyright protection app created by a designer and active member of the freelanceswitch forums for his fellow designers.
Thanks for sharing your experience Renée. It’s amusing that many pirates get caught by being too lazy to remove the analytics code !
Decide first if you really care or not. The first time it happened to me, I just instinctively felt that I had to do something, without really thinking why.
I had one guy’s site taken down, then on another occasion I had some fun swapping out some template images on my server which messed up another girls blog, but on both occasions it didn’t make me feel any better afterwards.
My last site was ripped a number of times, but they we’re all parred down versions, with none of the server side features.
Sorry to hear that your website was hijacked, Renee!
It can be good to know that there are international copyright agreements, such as the Universal Copyright Convention (UCC), adopted at Geneva in 1952, and the Berne Convention first established in 1886. The World Intellectual Property Organization Copyright Treaty was adopted in 1996 to address the issues raised by information technology and the internet, which weren’t addressed by the Berne Convention.
Around the world there are also artist’s organizations that work to protect the rights of their members. It can definitely be well worth the fee to be a member of an association like this as they offer help and advice in difficult situations – like if your art work is ripped off. These associations offer a ton of support, such as courses, legal advice, tax advice, templates for estimates, contracts and other paperwork. They can answer questions about fees or rates, or if a publisher is known to be fair to illustrators and so on.
The internet is a great place, as it makes publishing almost free and basically anyone can publish their own materials in minutes. The trouble is, that there is no real way of preventing people from stealing your material. Once it’s out there, it can be stolen.
There is a whole culture of freebies and people expecting things for free on the internet.
I think there is also a lack of knowledge sometimes too. Most people wouldn’t dream of tearing out a few pages from a published book and claiming that they wrote them, but there are more people that feel morally okay about copy pasting text from the internet and pasting it into their homework! I think partly, people need to be educated about copyright, and posting a notice on your site about copyright might help some.
Thanks for the information. I am taking a new version of my site live soon, and this will come in handy.
I’m so glad your situation was resolved, and grateful for the tutorial. I had never considered these issues as I don’t yet have a website.
Good info to know. Thanks for the good feedback in the comments too!
Was reading something like that on Themeforest just yesterday. Is there any examples of good cease-and-desist letters that you would recommend?
@Witold Rugowski
I actually personally like modifying my site so it links to a new css file, then going and modifying the old css version (that was stolen) to look like some demented crap website style, with “really bad” images all around, making the person who is stealing my css file look like an idiot. It’s just so more pleasing that way.
But ya, rewrite rules are your friend!
Thanks – both the article and the comments over some very interesting ideas about how to fix this problem. I would love to see another article on avoiding/dealing with bandwith theft (of images).
@dmk – Email me at info[at]ribbonsofred.com and I’ll send you the one that I used. It worked great!
@NatalieMac – Hence why I said I wasn’t a lawyer.
Either way, bad mouthing someone has never gotten anyone anywhere. I prefer to take the high road, and I absolutely believe if you bad mouth (even when true) to the point of annoyance, you’ll probably get a nice letter in the mail from a higher power asking you to stop. Wouldn’t be the first time (or last) that something like that has happened.
Brilliant advice and timely as well! My website was hijacked recently and lucikly a cease and desist worked. Thank you for this information!
Cheers,
Margot
I meant luckily!
“Google forces you go through a third-party company, which makes you either fax (that’s so 1990) or snail mail your claim to them. Yes. Really.”
I’m not sure why you think Google requires you to go through a third-party company by faxing something, or sending a letter?!
Google has a full online form that is dedicated to letting people report spam in their index, duplicate websites, doorway pages, etc…..
I have used it many times to report websites that are using black hat seo tactics and Google usually penalizes the site after that.
Hey, thanks for that post! Was helpful
Such a touchy subject! Thanks!
The more popular a website, the more vulnerable to hi-jackers and rippers.
The solution: Don’t make the internet (or anything in this world, even money and popularity) run your life.
Yeah I’ve had my site ripped off a few times in the last few months, one guy took it down as soon as I confronted him on msn:
ripoff: “hey who’s this?”
me: “oh hey! I’m the guy that designed your website! I’d like you to take it down”
riffoff: “omg, I’m sorry, I’ll take it down right now”
Which he did, sadly the second guy seems to be ignoring my emails.
Because Indonesia is mentioned in here, could someone post their site urls so I can start to black-campaigned this hi-jacker’s site in any forum I join in Indonesia. Thx for the info’s.
More point of views from indonesian freelancers : http://www.ruangfreelance.com/2009/02/diskusi-indonesia-pembajak/
first i want to say that its a very nice article indeed,
but i don’t agree that you use “was hijacked by an Indonesian company.”.
its sounds like generalization, its better if you put the company name directly
so there wouldn’t be any misunderstanding, and wouldn’t ruin other company credibility
in some specific region. not all of indonesian are hijacker
thank you. but still its a very nice article
@Brian Yerkes – Someone at Google actually told me through email they would not help me unless I sent a certified letter. So my information came directly from someone who works there.
Ibnu, it’s very much relevant and it doesn’t generalize or slander all Indonesians. The fact of the matter is that the laws in South-East Asia are different to the laws in the Western world; often enough they are much looser. If the hijacker lived in America or Australia there would be a variety of direct methods to deal with the infringer. When the hijacker lives in another country such as Indonesia, it can be hard to get sorted and this article deals with that. Doesn’t mean that all Indonesians are hijackers and nobody is going to take that from the article. Just means the law is different there.
@ Renee, I guess you HAVE TO ANSWER Ibnu’s question why you have to write “Indonesia”, Like or dislike you already give stigma to creative industry in Indonesia generally. A lot of Indonesian creative deal with international people and company, not only web designer, but also another design field. Where’s your concern with them who doesn’t even know about your situation? (Or you even don’t have any) I really wait for your responsibility about what you’ve already wrote.. So please answer it..
@ Mr Joel I appreciate what you’ve said that not all Indonesian are hijacker.. But.. How about other people think about Indonesian Creative or I can say Indonesian (un-guilty) creative? A lot of stigma already taken by Indonesia because of International generalization.. In this case, this generalization really need to explained by its writer..
How do you steal html and css? Get over yourselves people. View source is how we all learn.
Hey Guys,
This is self promoting and I make no apologies as our service is designed to assist any creator who has their work stolen. With digiprove you can establish whose idea it was first which any IP or copyright expert will tell you is the first step…
Check out http://www.digiprove.com/news.aspx and read about how we helped a photographer in Ireland when his creation turned up in sweden.
Regards
Mark Elliott
@Chips – Its not the stealing of the html and css, its that specific use of it, and also the design of the website that could be infringing Intellectual Property and possibly Copyright.
Everyone uses the same tools, but not everyone produces something unique – that’s when you have theft and plagiarism of a design, piece or art or website.
The idea of View Source is not only to aid web developer’s with their own websites, but there is the opportunity to investigate a particular style, item, trick, and incorporate it into your own design, not just lazily copy a whole website.
Not sure if it is hijacking but some posts from my blog pop up as posts on other sites. It IS my site post that comes up when they are clicked on but the “offending site” isn’t a blog directory … I do allow anyone to use my material subject to some considerations and restrictions … however, it would at least be good to be contacted to be told this was being done (or even asked …)
To Reene, please be more specific and leave the site URL so they – the indonesian people will have it removed,
We don want this topic to be a sarcasm from people who disagree/get offended to your article
@Ben and @Ibnu – I am not generalizing or “slandering Indonesia”. No where in the article did I speak poorly of the country as a whole. The facts are that ONE Indonesian company ripped off my website, NOT the whole country. The name of the company in question is not important for the purposes of this article, and the company is no longer actively on the web. The point of this article was to learn what options of you have if someone (anywhere) takes your hard work. You both HUGELY (and sadly) misinterpreted my post.
I’ve actually seen an Indian company rip off a friend’s blog content word for word. It’s crap
Great tips for what to do in this situation.
I’d have a hard time not writing the “vocal” letter rather than the professional one.
Knock on wood I won’t have to.
Now if we could only do something about those damn domain squatters…..
Interesting and informative post.
I was looking out for a company that could provide customized and affordable SEO services and with whom I could touchbase on a daily basis. I was very impressed with the professionalism and quick response time of Seo Traffic Spider and hired their full time SEO services. Its interesting that they not only offer a customized optimization plan but also provide a superb discount on their SEO combinations.
I think this would be a helpful start for anyone looking out for highly professional seo services and who prioritize quick customer response time and chat availability. You can surely get it all here.
Just randomly came across this article. This happens to our site a lot as well. There seems to be three levels of web site “hijacking” going on from what we’ve noticed out there.
1. Site Leeching – Hot-linking of images.
2. Site Ripping – Basic design/structure rip, but with a fair amount of differences.
3. Site Spoofing – Almost verbatim copy of design and content. (Most likely an attempt to funnel customers, clients, users, etc to a fraudulent site in attempt to steal customers or even more maliciously, user data.)
Fortunately, the majority of search engines are smart enough to detect blatant duplicate content and the folks copying content are really just wasting their time.
You can read more about your online rights, including copyrights here: http://www.chillingeffects.org
Where did you get the photo of the man in the mask? Is it free or under copyright?
Thanks!
Michael, it is from iStockphoto, so you have to pay to use it.
Okay. Thanks!
Hi, I’ve just had an AMERICAN steal the code from my site, which I worked on for months, and now he’s got exactly the same design as me! I too found out through Google Analytics. My designer and I are now working on busting his butt. Worse, he touts himself as a designer. Good grief!
Thanks for the good advice. Let’s hope the cease and desist letter works.
Hello all, I know this is a little off topic, but what about screenshots or a web site. Recently screenshots of a site I own and develop showed up on a blog I don’t care for. Can I ask them to remove those images?
LG, your problem is the fault of the terrible bad services provided by Godaddy
What happens is that they do not clear IP addresses properly so they assign somebody the same ip address you use and the websites will end up with the same content as you created.
It’s a big headache and it took me about 4 months to figure it out and get all back to normal.
The best thing to do is to write to Godaddy, and explain the problem to them.
When you check your ip address online you will see that the other website is listed under the same address.
When the content is removed make sure it will return a 404 so the pages will be de-indexed by google.
And yet this post is about the handling after you have been ripped unlike the title promises the prevention of being ripped, which is a bit disappointing.
The big downside of encrypting the code is that it needs to be displayed after all, so in one way or another, even with simple tools it can easily be ripped.
A great way I have found to protect a website from ripping is by using a transparent gif with a link to a trap url (make sure robots.txt prevents search engines from going there) which adds everyone visiting the url to .htaccess deny.
Most rippers want everything and thus overide “follow robot.txt rules” and thus end up being blocked.
The downside fo it, that even google crawls over these pages now and then, so you have to take them off deny.
Another problem with encrypting your code is that every time you need to modify something or add a new feature you have to decrypt it and then re-crypt it.
I find that the vast majority of people ripping websites will have knowledge about decrypting but the Cease and Desist letters should work a treat.
This is happening to me right this very moment. I am furious. I am Googling how to resolve it and found this article. Thanks.
Site spoofing, thanks Steve. That is what it is.
Someone has made a complete copy of my site only with a new domain name. Even posing as me with photos of my daughter and I. It is a popular site receiving lots of traffic so obviously the idiots that have done this are trying to steal my traffic.
They have hidden their name with Domains By Proxy so I cant send a cease and desist letter. I have contacted the domain register, ICANN, the hosting company and Domains by Proxy – they cannot help me. I am at my wits end.
For a nominal amount DMCA say they can get the site taken down. Thoughts?
Any help, suggestions is appreciated
LG
Please go to Google webmaster forum and explain your problem
I’m currently having the exact problem and they are pointing to your IP through their DNS
It appears to be a problem caused by websites hosted at Godaddy
Changing webhost, adding canonical tags, should resolve it eventually
While looking over my google results for my URL I found some duplicate articles in Spanish. Great article give me at least some idea of what to do.
It’s happening everywhere every second. Some cheap crappy guys were ripping off my 9 year old .com blog, and running it in blogspot only for adsense. So pathetic.
There was nothing I could do, Internet really got a problem in here.