My Entire Forum Got Stolen!

by brettb
26 replies
Hi all,

I was checking my referal traffic in Google Analytics this morning and I discovered referals from an unfamiliar URL.

On checking the URL I found...

A copy of my entire phpBB forum!

Only the header had been changed, to include a banner for an affiliate in my niche. Funnily enough, they'd left in my own affiliate ads elsewhere on the site.

I've filed a DCMA takedown notice with Google and the host.

I've never heard of this happening with forums before, but correct me if you've seen similar.

Presumably this incident is related to a warning I got from Hostgator last month about high CPU usage on my account. I found an IP address from the Philippines was mass downloading my forum. That was pretty serious as I nearly got my account closed . I solved it by blocking the particular IP in .htaccess (you can do this through cPanel).

Anyway, if there are any PHP programmers reading this, then I'd love to know how to block crawlers. Maybe you could keep a log of how many requests you're getting from a specific IP address in an hour and block high users. I know how to do this in ASP.NET, but don't know enough PHP to be able to make a phpBB mod for it.
#entire #forum #stolen
  • Profile picture of the author Adie
    phpBB is the weakest forum script then and now. you should've used SMF if you couldn't afford Vbulletin. Anyway, no time for blaming and I feel sorry for you. No, they can't steal it because you are still in control of your domain. You need an very good programmer to fix this quickly and inform your host to change the password if you can't login..
    Signature



    Moderator's Note: You're only allowed to put your own products or sites in your signature.

    Signature edited.
    {{ DiscussionBoard.errors[9334819].message }}
    • Profile picture of the author Alexa Smith
      Banned
      Originally Posted by Adie View Post

      inform your host to change the password if you can't login..
      It's not about that, Adie (nor is it really about forum-hacking, per se): Brett's whole site has been cloned on a different url.

      Sorry to hear it, Brett. It's good that you served a DMCA site take-down notice on the hosting company and sent a copy to Google (did you also send a copy to the miscreant's domain-name registrar, and to the things like "admin" and "info" (at) theirdomain.com?).

      Good luck!

      There are people in internet marketing forums, including in this one (albeit not openly), selling the software that does this.
      {{ DiscussionBoard.errors[9335040].message }}
  • Profile picture of the author wikidzdotinfo
    Originally Posted by brettb View Post

    Hi all,

    I was checking my referal traffic in Google Analytics this morning and I discovered referals from an unfamiliar URL.

    On checking the URL I found...

    A copy of my entire phpBB forum!

    Only the header had been changed, to include a banner for an affiliate in my niche. Funnily enough, they'd left in my own affiliate ads elsewhere on the site.

    I've filed a DCMA takedown notice with Google and the host.

    I've never heard of this happening with forums before, but correct me if you've seen similar.

    Presumably this incident is related to a warning I got from Hostgator last month about high CPU usage on my account. I found an IP address from the Philippines was mass downloading my forum. That was pretty serious as I nearly got my account closed . I solved it by blocking the particular IP in .htaccess (you can do this through cPanel).

    Anyway, if there are any PHP programmers reading this, then I'd love to know how to block crawlers. Maybe you could keep a log of how many requests you're getting from a specific IP address in an hour and block high users. I know how to do this in ASP.NET, but don't know enough PHP to be able to make a phpBB mod for it.
    There are actually site copying PROGRAMS available, and it makes my blood boil. Especially when its someone's blood, sweat and tears that have gone into it. I hope you catch whoever did it!
    Signature
    Hello Aloe UK - Free Yourself
    {{ DiscussionBoard.errors[9334846].message }}
  • Profile picture of the author newbieleoling
    Search for some security add on or software for your website to lower the chances of being clone or hack. Many IM always like to save money on things related security which is shouldn't be the way.

    This world is full of copy here and there, no matter which industries you are in. But how you differentiate from other is the key.
    {{ DiscussionBoard.errors[9335071].message }}
  • Profile picture of the author mrgoe
    If he still has your affiliate linkad let it slide for a week or two. Maybe he`s got better marketing campaigns and you earn better with his help )
    Signature
    I Use SiteGround For Hosting
    And SpinRewriter For Unlimited, Unique Content.
    Try Them
    {{ DiscussionBoard.errors[9335075].message }}
  • Profile picture of the author sbucciarel
    Banned
    How do they get the database of the forum? Pretty wicked software, whatever they are using.
    {{ DiscussionBoard.errors[9335095].message }}
  • Profile picture of the author JulieWhite
    First time I am hearing about a forum being stolen!
    {{ DiscussionBoard.errors[9335101].message }}
  • Profile picture of the author brettb
    OK guys, here's an update:

    I emailed the abuse email address at the hosting company (Enzu) but they washed their hands of it. They forwarded my complaint to the domain owner, but that's about it. I take it that hosting companies aren't responsible for content on their servers, so there's nothing I can do.

    Google have been stupid on my DCMA request as well - they are asking me for specific examples of copyright infringement, I do wish Google and EBay etc. would employ people with brains.

    Anyway, the cloned forum is still online and it's showing my updated posts AND new user registrations. I don't know if they have hacked the site and have database access or they're just crawling the site for new content. Clever stuff, and please let us know if you know anything about how this is done. I haven't found a single useful link about this happening before.

    My main concern is that Google et al aren't smart enough to figure out that my forum is the original one. Given the dumb response I got from Google, this is a big worry.
    Signature
    ÖŽ FindABlog: Find blogs to comment on, guest posting opportunities and more ÖŽ




    {{ DiscussionBoard.errors[9350725].message }}
    • Profile picture of the author sbucciarel
      Banned
      Originally Posted by brettb View Post

      OK guys, here's an update:

      I emailed the abuse email address at the hosting company (Enzu) but they washed their hands of it. They forwarded my complaint to the domain owner, but that's about it. I take it that hosting companies aren't responsible for content on their servers, so there's nothing I can do.

      Google have been stupid on my DCMA request as well - they are asking me for specific examples of copyright infringement, I do wish Google and EBay etc. would employ people with brains.

      Anyway, the cloned forum is still online and it's showing my updated posts AND new user registrations. I don't know if they have hacked the site and have database access or they're just crawling the site for new content. Clever stuff, and please let us know if you know anything about how this is done. I haven't found a single useful link about this happening before.

      My main concern is that Google et al aren't smart enough to figure out that my forum is the original one. Given the dumb response I got from Google, this is a big worry.

      Then you didn't submit a proper DMCA both to Google and the host. They can't ignore a proper DMCA. There's only one way to do it right. Google DMCA template.
      {{ DiscussionBoard.errors[9350749].message }}
    • Profile picture of the author Stefan Vee
      Originally Posted by brettb View Post

      Anyway, the cloned forum is still online and it's showing my updated posts AND new user registrations. I don't know if they have hacked the site and have database access or they're just crawling the site for new content.
      I don't want to offend you, but are you sure they didn't just put your URL in an iframe?
      That would explain why they only "changed" the top banner.
      {{ DiscussionBoard.errors[9358045].message }}
      • Profile picture of the author herman12
        Originally Posted by Stefan Vee View Post

        I don't want to offend you, but are you sure they didn't just put your URL in an iframe?
        That would explain why they only "changed" the top banner.
        +1. This is not impossible.
        {{ DiscussionBoard.errors[9358074].message }}
  • Profile picture of the author Samuel Adams
    Maybe you could hire an attorney to serve the host company a cease and desist order, since obviously this site owner is on their property. They have no legal right to wash their hands of the matter as if they are not responsible. This person is committing copyright infringement on their property, of course they are responsible for taking down the site.
    Signature

    Would you like to learn how I make $2000/month from a super easy listbuilding system?

    Click here to get my listbuilding report for FREE!

    {{ DiscussionBoard.errors[9356532].message }}
    • Profile picture of the author sbucciarel
      Banned
      Originally Posted by Samuel Adams View Post

      Maybe you could hire an attorney to serve the host company a cease and desist order, since obviously this site owner is on their property. They have no legal right to wash their hands of the matter as if they are not responsible. This person is committing copyright infringement on their property, of course they are responsible for taking down the site.
      There's no need to spend money on a lawyer. All US hosts and Google honors a properly filled out DMCA notice (emphasis on properly filled out).

      The OP didn't say who the host is. In my experience, many offshore hosts also honor a DMCA, but they most certainly do not have to comply with US laws.
      {{ DiscussionBoard.errors[9356615].message }}
      • Profile picture of the author Entrecon
        The OP didn't say who the host is. In my experience, many offshore hosts also honor a DMCA, but they most certainly do not have to comply with US laws.
        The OP did mention it, but it was buried in the post. It looks like they are registered in Henderson, NV, but that is most likely just where they incorporated.

        enzu.com/about-contact.php

        Their DNS is showing
        SCALABLEDNS.COM
        Signature

        Visit My website http://kipferguson.com

        {{ DiscussionBoard.errors[9358187].message }}
  • Profile picture of the author Ron Killian
    Welcome to the internet. Sadly, this happens more and more each day. It's happened to me a number if times. And yep, many hosts won't do crap, very frustrating.

    Don't think this will fit for your situation, but best thing I found was to cut off the money, like getting pay pal accounts closed. But don't think it would help you.

    Another thing many people don't realize is that hackers can get into your home computer and get your passwords. Then they have easy access to your website, databases, ect. I don't keep any passwords on my computer any more, learned the hard way.

    But sorry to hear what happened. Know all to well what it's like.
    Signature
    PLR Affiliate Program Has Launched! Easily Promote Over 5,000 PLR and MRR Products.

    Largest Selection of PLR Articles on the Planet! PLR Ebooks, PLR Video, PLR Websites and more with Private Label Rights
    {{ DiscussionBoard.errors[9357342].message }}
    • Profile picture of the author nicheblogger75
      Originally Posted by Ron Killian View Post

      Welcome to the internet. Sadly, this happens more and more each day. It's happened to me a number if times. And yep, many hosts won't do crap, very frustrating.

      Don't think this will fit for your situation, but best thing I found was to cut off the money, like getting pay pal accounts closed. But don't think it would help you.

      Another thing many people don't realize is that hackers can get into your home computer and get your passwords. Then they have easy access to your website, databases, ect. I don't keep any passwords on my computer any more, learned the hard way.

      But sorry to hear what happened. Know all to well what it's like.
      Cutting off the money would certainly send a message, but how would he go about having the person's PayPal account closed? Is that even possible? Is there any other way to pinch him financially other than maybe filing a lawsuit? At any rate this type of thing is horrible and it takes a very low person with zero ethics to do something like this.
      {{ DiscussionBoard.errors[9358139].message }}
      • Profile picture of the author Ron Killian
        Originally Posted by nicheblogger75 View Post

        Cutting off the money would certainly send a message, but how would he go about having the person's PayPal account closed? Is that even possible? Is there any other way to pinch him financially other than maybe filing a lawsuit? At any rate this type of thing is horrible and it takes a very low person with zero ethics to do something like this.
        If you can show/prove they are trying to sell/profit from ill-gotten goods, PP is pretty good about it. Blatant site riff of makes it easier. You do need to fill out a Infringement report and fax it in. Also helps to get on the phone. It's some work and hassle but it can be done. I think it also helps to impress upon PP that they are defrauding PP customers.

        But in this case, it's probably not helpful. Unless the site collects money for some reason.

        Doubt filling a lawsuit would be worth it, most of these folks are oversea's, foreign lands, non-US, so there is not alot you can do. You'd probably just be wasting your money.

        But if get enough of their PP accounts closed, it "seems" to help.
        Signature
        PLR Affiliate Program Has Launched! Easily Promote Over 5,000 PLR and MRR Products.

        Largest Selection of PLR Articles on the Planet! PLR Ebooks, PLR Video, PLR Websites and more with Private Label Rights
        {{ DiscussionBoard.errors[9358677].message }}
    • Profile picture of the author roger h
      [QUOTE=Ron Killian;9357342 Another thing many people don't realize is that hackers can get into your home computer and get your passwords. Then they have easy access to your website, databases, ect. I don't keep any passwords on my computer any more, learned the hard way. ]




      hey Ron,

      could you PM me with your password storage solution..?

      regards,

      rh
      {{ DiscussionBoard.errors[9358223].message }}
      • Profile picture of the author Ron Killian
        Originally Posted by Ron Killian;9357342 Another thing many people don't realize is that hackers can get into your home computer and get your passwords. Then they have easy access to your website, databases, ect. I don't keep any passwords on my computer any more, learned the hard way.





        hey Ron,

        could you PM me with your password storage solution..?

        regards,

        rh
        If I told you that, then I'd have to, well....

        Naw, it's no secret, my storage solution is a $5 USB removable thumb drive. Well, two, one for backup. All passwords are kept on that and it's only plugged in when a pass is needed, then removed.
        Signature
        PLR Affiliate Program Has Launched! Easily Promote Over 5,000 PLR and MRR Products.

        Largest Selection of PLR Articles on the Planet! PLR Ebooks, PLR Video, PLR Websites and more with Private Label Rights
        {{ DiscussionBoard.errors[9358680].message }}
        • Profile picture of the author Walter Parrish
          sounds like you probably were hacked. don't keep any passwords on your computer. be careful of what you download, because some programs log keystrokes. use different passwords on each site and on each program. captcha I noticed is an option a lot of folks use for most software turning captcha on gives hackers something to work with.
          Signature
          Use Feeder Sites, Articles, And Social Media Sites To Generate Unstoppable Traffic, FREE! Click Here Now To Get It For FREE
          {{ DiscussionBoard.errors[9360354].message }}
  • Profile picture of the author Doughnuts
    This is messed up and unfortunate to hear. Hope you get things straightened out and secured tight!
    {{ DiscussionBoard.errors[9357420].message }}
  • Profile picture of the author ashabe
    Hey, that sux. Any news brettb?

    Some suggestions. Make part of the forum "private" or "have to register to see". That way, you may be able to control the bot access more effectivelly.
    {{ DiscussionBoard.errors[9358176].message }}
  • Profile picture of the author JagSEO
    Well you have to be careful and check your security, I'm glad it is fixed now.
    Signature
    Hooked To Success -Personal development For People Who Wants Success.
    {{ DiscussionBoard.errors[9358197].message }}
  • Profile picture of the author Sam Mann
    Here is a good DMCA Template from EBR.

    http://ebrianrose.com/get-those-****...hted-material/

    LOL... some words are blocked in this forum.

    Here is a shortened link : bit.ly/1qDh6zm
    Signature

    Still a struggling newbie? Click here to discover how to make money online.

    {{ DiscussionBoard.errors[9358456].message }}
  • Profile picture of the author Jeffery Moss
    More people will be sympathetic to the issue once it's happened to them. Because lets face it, this could happen to anyone here. I don't know what to suggest to do now as you have taken about all the steps you could. I wish you the best of luck with this situation. Hopefully Google will start being smart and protect the legitimate site owners, rather than shielding the criminals.
    {{ DiscussionBoard.errors[9366609].message }}
  • Profile picture of the author WPExpert
    I do it for a living so I know how hard it can be to think of all the issues when you're just starting out.

    The secret is to get someone who knows how to protect your site for you to avoid the issue in the first place.

    There's no way to avoid it. Sooner or later you will either have to learn how yourself, or find someone you can trust to do it for you.

    Terence.
    Signature
    Sales & Marketing Websites | QloudPressâ„¢ - When Your Website Is Mission-Critical
    {{ DiscussionBoard.errors[9366933].message }}

Trending Topics