Slashdot Mirror
How Do I Fight Russian Site Cloners?
An anonymous reader writes "I used to run a small web design service, the domain for which I allowed to expire after years of non-use. A few weeks ago, I noticed that my old site was back online at the old domain. The site-cloners are now using my old email addresses to gain access to old third-party web services accounts (invoicing tools, etc.) and are fraudulently billing my clients for years of services. I've contacted the Russian site host, PayPal, and the invoicing service. What more can I do? Can I fight back?"
If you have a summary of your clients (and you should) you should send out a mass email and let them know what's going on
You sound like you've taken care of most of what you can... so...
Get a bunch of hackers together and tell them to do their best to DDOS your old site!
"Take off and nuke 'em from orbit. It's the only way to be sure."
Oh wait, they're in post-soviet Russia...
(Sirens wailing)
That probably wasn't a very good--
[NO CARRIER]
The Future of Human Evolution: Autonomy
Good thing your site is hosted in Russia. That makes things a whole lot easier.
check the dns domain registrar of theirs and report domain abuse.
that's what whois information is about too.
You MIGHT be able to at least force their registrar to shut down their DNS registration, thus removing both the site and the email addresses from the web.
I don't know how it works for fraudulent sites, but for Spam pointing at a clearly "spam-vertized" site I found this tool useful:
http://spamtrackers.eu/wiki/index.php/Complainterator
It helps you look up the responsible registrars for a domain and gives you their contact information, so you can ask them to remove their DNS entries.
Not sure how likely they are to help, especially if the registrar is in Russia or China (I read some horror stories about the lack of cooperation from some registrars in those countries), but you never know...
How do they know which third-party web services you used to use, unless it's one of your old clients?
Find all the ratings and informational sites you can, and explain as prominently as possible what's happened. Show some evidence by explaining how to find the history of a domain's registration so people can see the ownership changed completely.
I assume you've been in contact with previous clients to learn they're being billed, so tell them they can report false billings on that type of site.
Wouldn't it just be cheaper/easier to just never let even remotely valuable/vulnerable domains expire since it costs so little to keep renewing them?
From readings on here, I've discovered that for a couple thousand dollars ICANN can take domain names from squatters and pass them off to you. Granted if it was some other business who wanted the domain name I'd say don't worry, but this is a clear case of fraud. So would Icann be able to help in this matter?
The only way to deal with the Russians is with the Italians or the Irish.
So either:
"Say hello to my little friend"
or
"This guy takes a blunt object, fuckin', waah! Hits the guy with the bandages around his head, right? Why? 'Cause he's smart. He knows the guy with the bandages around his ass, he ain't goin' nowhere. He's goin' fuckin' nowhere. "
Why not go after them for copyright infringement?
I assume this is a form of wire fraud, international at that.
To ease your conscience, pull together your old contact list and let your former clients know that you've not been running the business (or charging for services) for years. Advise them of the current scam, and hope they get your message before they pay the bad guys.
While I have your attention, shame on you for letting your business go dark without tying up the loose ends (e.g., informing your customers). I feel for your customers.
I use irony whenever I can, but my shirts are still wrinkled...
Of how Russian Free Enterprise works, I would suggest either hiring hitmen to brazenly gun-down whoever cloned your site, if it is a relatively small operation, or insinuate that the cloner is an enemy of the state, and have him jailed on trumped-up tax evasion charges, if it is a large operation.
If neither of these options suits, I hear that Polonium is the new Earl Grey...
You should know some inside intelligence in dealing with your clients? Seriously: 1) Contact anyone you did any business through the site and explain the situation to them. 2) Contact their DNS registrar and complain 3) If they have an SSL cert - contact the issuing authority and complain 4) Buy a zombie army (computers or people) and attack!
Just an off-the-wall idea here, but check to see how to report this site to Mozilla and Microsoft to get it into their blacklist of phishing/scam sites. If I got something from a site, and, upon trying to visit it, my browser's filter warned me about it, I might suspect something fishy is going on.
Doing this is by no means a complete solution, but it could get you part of the way there.
File a UDRP complaint and get the domain name back. Won't fix matters, they'll still have access to your customers it sounds like but at least it will help.
it's the only way to be sure
Knowledge is power. Knowledge shared is power lost.
Check out Uniform Domain Name Dispute Resolution. It is often overturned in court, and isn't always effective, but taking back control of the domain in whatever way possible is more than likely the only way you will fully recover from this. Otherwise you are simply on a damage mitigation mission.
"It's ok, I'm completely secure as long as my iron is off"
Why didn't you close your third party accounts when you were shutting down your old site?
Always proofread carefully to see if you any words out.
I used to work at a registrar and it's not like one day you wake up and BOOM the domain is gone. All give warnings weeks if not months ahead of time. Most give a couple days of leeway before turning off the domain. After they turn it off (i.e. no email, web or anything can use the domain) you have about 30 days before it goes into redemption, once in redemption it's a crap shoot if you can get it back but you still can.
If it was your business, then the domain is a valuable asset and should be treated as such. Much like a brick and mortar office. If you don't pay the rent, leave valuable customer information in file cabinets and are kicked out (after getting an eviction notice), don't complain if someone comes in and uses the space for a crack den and the customer info for their own nefarious purposes.
A few recommendations,
Create a GUI interface using Visual Basic to track their IP address.
Done.
Insightful? The new site owners are scamming his old customers by billing FRAUDULENTLY. If this were just them doing more work maybe the above post would not be a troll.
and ally yourself with a "Trade Federation".... then use hordes of mechanical robots to fight a "Clone War".
You might not win, but some asshole may make a few shitty movies about it anyway...
Clones are people two.
In (non-)Soviet Russia, sites clone YOU
agreed. it sounds like to me that he stopped working on a website, stopped offering a service, and let everything expired. That leaves a great business plan for someone to start where you left off. If the people are paying for a service they aren't receiving, that's their fault. If the Russian "cloners" are actually providing the same service you did, then good for the Russians.
The only other issue I can see here is copyright / stolen corporate identity, which if you don't know what to do already (contact a lawyer and file an international law suit?) then there's nothing you can do.
... the client account data? I should think that the answer to that question would define your options for legal recourse. Ultimately, liability may befall your former ISP, the usurpers, or yourself, depending on that answer.
It's not good practice to use your domain email as a email for any domain registered tools. If your domain was down for whatever reason you have no recourse to reset any passwords etc, and as we can see this issue can crop up.
Unfortunately for the OP and I hope that his former customers would understand, he could be held liable, but I hope those impacted will just take it on the chin.
While I have your attention, shame on you for letting your business go dark without tying up the loose ends (e.g., informing your customers). I feel for your customers.
Bingo! The OP deserves every heartache he gets for leaving his old business in such a state. I hope he does get sued and serves as a lesson to others.
Give them nothing, but take from them everything!!!
While I have your attention, shame on you for letting your business go dark without tying up the loose ends (e.g., informing your customers).
Who's to say he didn't? He could very well have tied up loose ends, but that doesn't stop the scammers from invoicing the former customers anyway.
- RG>
Hey pal, this isn't a pleasantforest, so don't waste my time with pleasantries!
"help, I left a hundred dollars sitting on the restaurant table yesterday, how can I force the restaurant to give it back?"
In mother Russia, site clones you.
Is there a Doctor House in the?
How the hell is this modded informative? The guy didn't leak any financial data. This is the equivalent of moving out of a leased storefront and the next tenant contact Visa and saying, "Hey, I'm still here, could you pretty please send me a copy of all the records again?" and them doing it just because the address is the same.
Slashdot needs a "-1, Wrong" moderation option.
The Urban Hippie
I would suggest a pre-emptive strike, but as you may know the Russkies have that big ass Doomsday Device, so please don't.
In Soviet Russia websites clone YOU!
Exactly! If you accept the benefits of cheap 3rd-world labor, you have to also be ready to accept the ugly downsides. In Soviet Russia, the cake eats you too.
Table-ized A.I.
I was part of a LAN gaming group. It was pretty much dieing anyway since more and more people were getting broadband then. Anyhow, we lost contact with the guy that had the domain, so we were not able to renew it when it expired several years ago. A few months ago, I was going through some old bookmarks, and lo and behold, the site was up and running. The forums weren't functional as they were based on custom code that they didn't manage to get. Other than that, it looked the same. The new domain contact info resolved back to some Russian place. BTW, there was no commercial value to the site, but it was a cool blast from the past to see it up again.
"He's lost in a 'floyd hole"
Publish the link to the site on Slashdot (and don't forget to mention it has some free pr0n). The site will die within minutes, after the first 10 million slashdotters visit it.
Kill them.
The site-cloners are now using my old email addresses to gain access to old third-party web services accounts (invoicing tools, etc.) and are fraudulently billing my clients for years of services.
Assuming your domain's e-mail has been bouncing for *years*, how in the hell did perfect strangers a world away(?) dig up your data? This sounds like something that happens after an unshredded trash rummage.
1. How do they know what all your internal e-mail addresses were?
2. How do they know what your web services were?
3. How do they know who your clients were?
4. How do your clients believe you're still doing work for them after years of silence?
5. How are these web services still holding your account data after years of inactivity? Invoice tools ain't free.
Hard to believe we're getting the whole story here. I think Ask Slashdot just got phished.
Global Thermonuclear War. That'll take care of those pesky Russians!
I can think of no better way to develop the sort of relationship you want with these people than to give them some assistance. A new web site offering credit card numbers, pr0n of various disgusting kinds and passwords to similar sites, "secrets of hacking [x]'s government sites", an enormous list of movies and such available for download, an international banking concern planned to assist others in recovering funds from dead relatives' accounts, and as many similar offering as you can imagine, is just what's needed. Of course the contact information should be theirs (even if it had been yours previously). Advertising it on usenet should help spread the word. Whatever you can do to send them /.'ing levels of traffic of all kinds will help make your point. Also, publicizing their contact info on multilevel marketing sites/newsgroups and Chinese manufacturer/wholesalers sites will get them more offers than it would take to please any such assholes. Devote some thought and time to it and I'll bet you can cause them far more trouble than they've caused you. And your old clients? Let them know that as the new owners of your old service, they'd be glad to service pets and farm animals on webcam and/or DVDs sent free for the asking. Currency exchange by email at 1:1,000 rates. Sex tour vacations for $200 including airfare. Official funds collection point for unspecified non-governmental armed freedom fighter organizations world wide. Recovered/liberated fissionables, pure plant extracts direct from South American mountains and middle eastern flower fields, all for pennies a day!
And of course if any of these attract enough public attention and appear to be illegal, law enforcement at the cloner's location as well as elsewhere would almost certainly want to know.
"I may be synthetic, but I'm not stupid." -- Bishop 341-B
Russian mafia.... blink and you're dead... the joke went completely over the moderators heads, a.k.a. ''woosh''.
Mmm yes because once a domain is registered in one place it can never be registered elsewhere.
What third-party web hostings apps were you using? And why did you leave your customers' data in them when you closed up shop? This whole thing reeks of incompetence on your part and possible stupidity on your former customers' part (if someone I used to do business with sent me an invoice for services after not sending any for months/years, I'd at least contact them to see if it was valid, possibly just delete it and see if they send another one).
At this point, you have a responsibility to contact your former customers and let them know it's not you sending out new invoices. Whether they end up paying them or not is their problem, but you created this mess by not acting responsibly. Don't be surprised if some of them expect you to reimburse them for paying the Russians.
God invented whiskey so the Irish would not rule the world.
In Soviet Russia, site cloners fight you!
You cannot win against mother Russia.
Technically, you're not part of the dispute, even though they used your old stuff, the dispute is between the scammers and the scammed companies. Unless the scammed companies can prove criminal negligence on your part, there is no way you can legally fight back, other than reporting the crime to the FBI, which I assume you already did.
While I have your attention, shame on you for letting your business go dark without tying up the loose ends (e.g., informing your customers). I feel for your customers.
To be fair, he didn't say the customers are paying. It's entirely possible that he did tidy up loose ends, and now former customers are contacting him directly and saying, "Uh, what's going on? We stopped doing business years ago..."
Clearly the modder misread and thought it said Inciteful when he made his choice.
Register a ton of old expired domains. Set up catch-all email accounts. See what legit services send you marketing emails implying you had a prior relationship. If you don't find any, cancel the domain registration. If you do, pay for it, reset passwords, and start harvesting.
Ugh.
There's this great invention discovered just this millennium most commonly referred to as the password. If the interloper is circumventing them, you should simply send an email to your client mailing list(assuming such an entity exists) informing them not to pay anything to your old I assume now defunct company. I would recommend that you send the same email to your previous vendors. At least then you've fulfilled your care of duty. Outside of this you can panic and run around in curlicues until hitting the nearest brick wall, which will hopefully have a calming effect. If you freak out the terrorists win...
Yes. Go on 4chan and tell them they hurt a cat.
Caffeine is my anti-drug!
Duranin - A NWN2 Roleplaying Persistent World
The site cloners are in Russia. He's not living in Russia. Even if he were, going vigilante on a bunch of gangsters would only get him killed. At best he'd be like the people who fly to Nigeria to get their money back from 419 scammers.
yeah bla bal bla abl bla a jasdhajdhasjd lol k
!
Insightful? The new site owners are scamming his old customers by billing FRAUDULENTLY. If this were just them doing more work maybe the above post would not be a troll.
So, what exactly is the problem for this guy? These scammers aren't preventing him from making a living from this domain/web site since he admits he stopped using it for financial gain years ago.
It sucks for his ex customers and I don't condone this kind of activity, but really, where's the problem for him? His ex customers should take action to protect themselves, but it's not for him to do.
If they are still his customers in some other venture, then sure, he may have difficulty explaining why he's fraudulently billing them. Wait, let me think about it for just half a second - NO, HE WON'T. He knows, and they know that he doesn't run that business or web site anymore. Everybody concerned knows it's not him.
It seems to me that the real issue is that he got burned because he did nothing to protect the clients he claims to be so concerned about when he stopped doing business with them, and indeed, most likely he did nothing to protect them when he still was doing business with them.
He brought it on himself, he screwed a lot of people because of his incompetence/laziness/greed, and now he wants Slashdot to fix it for him. Well guess what Bub? That aint gonna happen.
We always advise clients these days if they want to dump a domain simply pay for an extra 5 years of registration and send the domain nowhere for those 5 years. Cheap insurance.
In Soviet Russia, site clones YOU!
"Flyin' in just a sweet place,
Never been known to fail..."
This is the fundamental thing to take away from this incident, and, while it may be obvious, it deserves stating plainly:
Domain control / email address control is an authentication tool.
We've brushed by the concept in prior conversations about validating new user sign-ups.
Implications include, as in this scenario, human verification by looking at a web page of a familiar domain, human verification by email correspondence with a familiar email address, and password resetting when in control of an email address; SSL certificate-based identity (if the decrypted certificate can also be acquired), URL -referenced data validity (executables for download), and probably a number of other authentication/control mechanisms reliant on domain/address -- your ideas are solicited.
DNS hijacking, then, should be a serious concern. DJB warned about cache poisoning via brute-force source port + transaction ID spoofing in 1999. A long time went by before the issue got enough publicity (in 2008) to force the major DNS software purveyors to clean up their acts. This guy needs to be taken seriously.
it seems weed even grows on the internet.
Did anyone ever think that since this was given by an anonymous reader, that they are actually thinking of doing this and are looking to see if they will be caught or not. Hmmmm....
5 years ago, I got my current job as they fired their freelancer who worked for us 3 days including 1 onsite. Over time he had quietly shifted websites host, Advice was offered that this was ok. Later discovered, that included domain names to his own registrar and began billing clients directly. Other minor things such as the main webadmin account forwarded to his personal email.
Moving forward to now....we had job interviews. My boss gave a no nonsense directive; Reject any CV's where the applicant is a FreeLancer, Including any Part-Time employed listing FreeLancing as the other balance. In interviews any mention of doing Freelancing from the applicant was a death sentence(job wise). It was interesting to observe. This being my first involvement in the hiring process. One could debate the rights and wrongs of my bosses attitude, but that was what is was, and the perception itself is all that matters.
In post Patriot Act America, the library books scan you.
You are to file an official complaint to the Ministry of Internal Affairs of Russian Federation www.mvd.ru , into the department "K" (Fight against Computer Crimes).
The website in Russian language, but I think it is not difficult to find someone who studied Russian in a school or know it natively. It may well work.
You are not the Russians trying to counter the counter measures?
I call B.S.
.... so why the sudden interest? Obviously you don't care about these clients anymore, you didn't keep in touch with them or continue working for them, why do you care if several years later someone approaches them pretending to be you and asks for money? Were you using these clients for reference? If so, why would you ever let your site expire?
Why does he care anymore?
By his own admission:
" I allowed to expire after years of non-use. A few weeks ago, I noticed that my old site was back online at the old domain. The site-cloners are now using my old email addresses to gain access to old third-party web services accounts (invoicing tools, etc.) and are fraudulently billing my clients for years of services."
Years of non-use
This whole story doesn't add up. I've had online businesses and allowed the domains to expire, if someone contacted my old customers to try and bill them I wouldn't care at all.
Simplest solution is usually correct: what sounds more likely is you have a disgruntled designer or programmer take over your site and complain to your clients and now you're mad and want your site back.
my karma will be here long after I'm gone
Hi HikingStick,
I'm the original poster. The site is http://www.fruition.ws/ if you want to take a look at the scam.
I shut down everything properly. All my former clients were well aware that I was no longer in business. Their sites and services were transferred to other companies. In fact, that's how I learned of the scam. One of my former clients tracked me down once she received a new email invoice (with PayPal Pay Now button) for YEARS of services—fraudulent, of course. The thing is that the invoice was exactly what I used to send folks, because they had gained access to my exact account through my old email address. Luckily, no one paid anything before I was able to shut down the invoicing account and alert PayPal.
In hindsight, I should have closed the invoicing account, but since it was free I figured I'd let it sit. That, apparently, was a bad decision.
Why are so many people on Slashdot so stupid? The Russians AREN'T providing a service; they're just FRAUDULENTLY billing his old customers for services NOT provided.
god help the woman who uses a female ID on slashdot
Which is the pure definition of "Catch All" email.
* Only to be activated when you got perfect SPAM defense..
--- I am known for the ones who want to find me on the net. Is that a privacy risk or a privilege? One might wonder..
1. Catch All addresses
2. By capturing all e-mails coming to the * (Catch All) address
3. There are enough tools on the web to find that one out; as you might know, privacy is not real on the public web
4. There are certain DNS registrars sending mail to billing contacts to pay up -to them- so they can transfer the domain and make you a customer. If those websites are still in the air, I can imagine there might be a customer believing the invoice was real.
5. They do .. and many keep nagging about it too..
5b. It's easy in many cases to find out which tools a business uses once you got in touch with it.
5c. Some of them send company/program updates, the second step is using the e-mail address to request a "lost password".
My question:
What I would not understand is, which customer would pay up to a russian bank account? Does the squatter own an american bank account to wire money?
In Europe, we use the IBAN system for international transfers.
That already makes it impossible for the squatter to continue such abuse on the financial platform once the victim files a complaint; as it is a closely watched and backlogged SWIFT system through entire Europe. I wonder how exactly this Russian masks himself to be having an American account, unless anyone without identity papers can get those?...
--- I am known for the ones who want to find me on the net. Is that a privacy risk or a privilege? One might wonder..
See subject line above, and get some real skills sopssa you forums troll. All you do is sit around slashdot all day and that only tells the rest of us you are nothing more than a welfare case.
I apologize for assuming you did not shut things down or inform your customers. Now, my sympathies extend to you as well. Too bad we don't have any real meaningful legislation to allow recourse in these types of issues.
My condolences.
I use irony whenever I can, but my shirts are still wrinkled...
From the reply I received, he did tie up most ends, so I apologized to him and extended my sympathies.
I use irony whenever I can, but my shirts are still wrinkled...