Recently, I fell victim to copyright theft. This blog was cloned, along with those of my friends Cathy Winston and Gretta Schifano. It appears that the same person or company cloned all three of our blogs, along with hundreds of other travel, lifestyle and food blogs from the UK, USA and Germany.
Blog cloning is an ongoing problem, so it’s important to be vigilant. If it happens to you, here are some steps you can take.
What is a cloned blog or website?
Unlike many of the recent cyber attacks, if your blog has been cloned, that doesn’t mean it’s been hacked or that your site is insecure. The person who clones a blog simply plugs your RSS feed into their website and copies all your posts over to their site, including all the images.
The cloned site will be given a new name and URL, but the name will bear some similarity to the content of the original blog. So if, for instance, your blog shows recipes for healthy family meals, the cloner might replace your original blog name with something like ‘FamilyEatsHealthy’.
The cloned blog might look remarkably similar to your own, just with a logo that’s tweaked to reflect the new name. And they might change your details and give you a new name on the blog. Cathy, Gretta and I were all given fake names.
Why clone a blog?
My first question was, why on earth would someone do this? Why set up a system to steal people’s copyrighted work, and risk being caught in this illegal activitity?
The answer, unsurprisingly, is to make money. My own cloned blog had a sidebar ad. Although this ad alone was unlikely to make much money, if each of the hundreds of other sites cloned by this person made a small bit of money, the total would mount up. The person who cloned our blogs used different methods to dupe advertisers into giving them money, including affiliate links.
If your blog is cloned, it can have a harmful effect on your blog’s SEO (Search Engine Optimisation). Put simply, Google doesn’t like duplicate content. So if it spots that words and images on your blog are replicated elsewhere on the internet, your own blog pages may, over time, show up less and less in search results. There have even been cases of a clone’s page ranking above the original, when someone did a Google search for the topic in question.
How to spot a cloned blog
Cathy, Gretta I were lucky. The blogging community is very communicative, and we were told about our cloned blogs by other bloggers who’d spotted them, or by scouring through lists of cloned blogs obtained through detective work, and posted in online forums that we belong to. If you notice that your blog is consistently getting traffic from a website you don’t recognise, it’s worth checking that website. It might be a clone of your own, with the internal links still pointing to the original – ie, yours. That wasn’t the case with my own clone, though. All my links had been completely removed, including the links to my social media accounts.
What to do next
If you find out that your blog has been cloned, there are several steps you can take. They’re not fool-proof, but they can be effective in helping to address the problem.
- File a takedown notice with Google at https://www.google.com/webmasters/tools/dmca-dashboard. This is a quick and easy step, but you need to do it straight away, as it’s likely Google will take a long time to respond. We waited a week before they got back to us with the results of their investigation. If you’re not sure whether Google has received your takedown notice, it will show up at some stage on the Copyright Removal Dashboard: https://www.google.com/webmasters/tools/dmca-dashboard
- Change all your website’s passwords.
- Take screenshots of the cloned blog: the home page, and any relevant pages, like the ‘about me’ page. The ‘about me’ page on my cloned site had a picture of me and my family, with a fake name next to it. This was identity theft, clear and simple. You should also type the name of your cloned blog into Google, and take screenshots of the results. You might need all these screenshots as evidence later on. When Google came back to us, after a week of waiting, they said they couldn’t find the content in question. We checked, and our cloned blogs were down. But the next morning, presumably after Google had closed the investigation, Cathy and Gretta’s clones were back up. The perpetrator might have got wind of the Google investigation, and temporarily hidden the content. If you find yourself in a similar situation, a message back to Google with screenshots of the illegally copied material, and the search results, might prompt them into investigating further.
- Run a WHOis search to find out where the clone’s domain is hosted: https://www.whois.net/. If you type in the URL, you will see a results box. The host is the ‘Registrar’, and you should see their website listed. Cloudflare
- Report the clone to their host. There should be an online form somewhere on the host’s website for abuse claims, or a contact email address.
- Contact your own host, to let them know that your blog has been cloned.
- We were advised to email the cloned website, using the contact details they provided on the site. I did this, saying they had illegally copied my copyrighted work, and telling them to take it down. Unsurprisingly, they didn’t reply.
- If you are based in the UK, you can contact the UK ActionFraud and Cyber Crime unit, to report the theft of your copyrighted material, and any identity theft that has happened as a result of the cloning. They can be found at http://www.actionfraud.police.uk/report_fraud. It’s likely that the fraudster is living in a different country, but it’s important that the police are alerted to these crimes.
- Try to find out the ISP (Internet Service Provider) address of your cloned blog. This might be difficult if – as was the case with us – the cloned blog is concealed behind a cloaking server like Cloudflare, which hides ISP addresses. There are ways around this. Typing ‘how to find the ISP of a website hosted through Cloudflare’ into Google came up with a website called Crimeflare. This site claimed to be able to source the ISP addresses of sites hiding behind Cloudflare. I did manage to find an ISP address for my clone this way, although I had no guarantee that it was correct. **UPDATE FOR 2019**: another blogging friend, Kirstie, was able to successfully contact Cloudflare via a Cloudflare abuse form. They gave her the name of the host of her own cloned blog, along with a link to that host’s abuse form.
- Block access to your RSS feed for websites with the ISP address of your clone. You can do this through security plugins like Wordfence, and/or directly via the .htaccess file in your site’s control panel. If you choose to do the latter, you just need to put ‘deny from XXXXXX (ie the ISP address)’ into the .htaccess file. Your host should be able to give you some help with locating the .htaccess file – if in doubt, just ask them. I blocked access to the ISP that I found via Crimeflare, both through Wordfence and my .htaccess file. I still don’t know if this was effective, as the cloned blog was taken down before I had a chance to test whether it was picking up new posts.
- Contact any advertisers that you spot on the cloned site. I sent several messages to the company advertised on the sidebar of the clone of my blog, telling them they were advertising on an illegally cloned site. Unfortunately, they never replied. Cathy had a better response from Skimlinks. They replied promptly to say that they had suspended the account of the person using her cloned site to make money. Even though her cloned site was still up and running, it was gratifying to know they couldn’t make any money from her stolen work.
These are just some of the steps that you can take. If you have any more tips for people whose blogs or websites have been cloned, please leave them in the comments below.
Pin for later: