Mobile app version of vmapp.org
Login or Join
Miguel251

: Defunct website taken over by spammer. How to stop them? A friend of mine used to publish a small literary fiction magazine, both in print and on the web. In 2011 she announced that she was

@Miguel251

Posted in: #Domains #Expires #Hijacked

A friend of mine used to publish a small literary fiction magazine, both in print and on the web. In 2011 she announced that she was quitting, put a note on the website, and carefully unwound the subscriptions. She continued hosting the site (with all the back-issues available for free) until the beginning of this year, when she let the hosting lapse and the domain name expire.

Today she discovered that some unknown person has purchased her former domain name and put up a modified version of her entire site. The design is different but all the content is the same, including all of the back-issues of the magazine (and the stories by diverse authors contained within), their cover art, news posts, and even her contact information. All the content would have been available from Archive.org, so it's no mystery how they got it.

The only thing noticeably changed is a column added to the front page titled "Favorite Videos", with around 35 links to Youtube videos. The links are named things like "Video (Worry)" and "Video (Squirting)" and the videos all feature a man named Leo giving dubious advice and promoting his life-coaching website. Here's one of the suspect videos. There does not appear to be any connection between the content of the videos and my friend or her magazine.

I also posted to the Security StackExchange to ask why someone would do this and what the security risks are to her. What I want to know here is, what can she do to stop them?

To be clear she doesn't want the domain name back. She just doesn't want her name and copyrighted material used deceptively.

Also, what (if anything) could she have done when shutting down her website to avoid this happening?

10.02% popularity Vote Up Vote Down


Login to follow query

More posts by @Miguel251

2 Comments

Sorted by latest first Latest Oldest Best

 

@Lee4591628

She continued hosting the site (with all the back-issues available for
free) until the beginning of this year, when she let the hosting lapse
and the domain name expire.


Was she aware that when it expires anyone can pick up that domain name for any reason? Some people don’t realize that an expired domain will be resold.


I also posted to the Security StackExchange to ask why someone would
do this and what the security risks are to her. What I want to know
here is, what can she do to stop them?


The only technical security risk I can think is perhaps someone impersonating your friend & using e-mail addresses connected to that domain to get into accounts.

Meaning, let’s say your friend has an account on PayPal directly connected to the e-mail address and she forgot to change the e-mail address on it when the domain expired. Well, guess what? The new owner of the domain can request a password reset via the domain they now own and there you go. But that is the only risk I can think of so ask your friend if she was 100% positive that any accounts to other services have no connection to the old domain name.

But most likely the worst damage would be damage to her reputation since the new domain owners can do whatever they want to pretend they are your friend. Which is not trivial, but in general your posting to Security StackExchange won’t result in any real answer. This is a social & copyright issue; not a technical security issue.


To be clear she doesn't want the domain name back. She just doesn't
want her name and copyrighted material used deceptively.


I bolded the important part of this. If your friend owns copyright on the content & can prove the site/content is fraudulent, then that is the most viable tool you can use to shut the scammers down. The best thing to do would be to contact the domain registrar & hosting company to make a copyright claim. Most providers will react right away and perhaps suspend the fraudulent account.

For domain name registration info, do a simple WHOIS search for the new domain registrar. I work as a Linux/Unix systems administrator so I would do the following via the command line on Mac OS X or an Ubuntu setup:

whois hijacked_domain.com


You’ll get a whole list of contact info. Do not use the technical or administrative contact info since those are connected to the scammers & most likely will not result in anything productive. But instead just go straight to the top and simply find out which company the domain is actually registered with. Contact customer service at that company and state your case.

For hosting, it can be trickier because a domain registrar is not necessarily the hosting company. In cases like this what I would recommend doing is to do a ping to the domain name like this:

ping hijacked_domain.com


You will get the full IP address of the web server running hijacked_domain.com. And let’s say that IP address is 123.456.78.90 for example. Now do a whois search on that IP address like this:

whois 123.456.78.90


The results of the whois search will tell you who the hosting provider is and will look like this.

#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: www.arin.net/whois_tou.html #
# If you see inaccuracies in the results, please report at
# www.arin.net/public/whoisinaccuracy/index.xhtml #

#
# Query terms are ambiguous. The query is assumed to be:
# "n 123.456.78.90"
#
# Use "?" to get help.
#

#
# The following results may also be obtained via:
# whois.arin.net/rest/nets;q=123.456.78.90?showDetails=true&showARIN=false&ext=netref2 #

Some-Hosting-Proivder, Inc. SOMEHOPRO-1ABD3 (NET-123-200-0-0-1) 123.200.0.0 - 123.500.255.255
Some Hosting Proivder, Inc. SOMEHOPRO-2FE4 (NET-123-192-0-0-1) 123.192.0.0 - 123.700.255.255

#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: www.arin.net/whois_tou.html #
# If you see inaccuracies in the results, please report at
# www.arin.net/public/whoisinaccuracy/index.xhtml #


So we now know the host of the server in this example is Some Hosting Proivder, Inc. So much like the domain registration stuff, contact customer service at Some Hosting Proivder, Inc. and state your case.

10% popularity Vote Up Vote Down


 

@Sarah324

The only thing your friend can do to protect themselves is to contact a lawyer trying to assert copyright on the published material.

10% popularity Vote Up Vote Down


Back to top | Use Dark Theme