[HN Gopher] Ask HN: What to do when someone clones your site?
___________________________________________________________________
Ask HN: What to do when someone clones your site?
Our B2B SaaS had its entire website cloned at another domain. The
cloner then took the time to create a new logo and change a few
colors. We reached out to the hosting provider, and the registrar,
neither care. The cloned website is hosted in Europe (Germany),
with a small hosting provider. Domain registration appears to be
hostinger.com. Our concerns: Search engine trouble, potential
customer confusion, lost sales. We found the clone when ahrefs
started reporting a new domain linking to one of our sites, because
they'd helpfully cloned our entire footer. Thanks for all your
advice!
Author : preinheimer
Score : 78 points
Date : 2023-01-31 15:30 UTC (7 hours ago)
| dewey wrote:
| Focus on your product, there will always be competition and
| they'll lose interest quicker than you.
| bloak wrote:
| Is it possible that the site owner is an inexperienced business
| person who was conned by a "web designer" and doesn't know that
| the site was copied? (It doesn't really sound like it but it's a
| possibility to consider.)
| blitzar wrote:
| Imitation is the sincerest form of flattery
| tchock23 wrote:
| Just curious - was this a result of your team 'building in
| public' (i.e., sharing regular updates publicly on Twitter or
| other communities as you build)?
|
| I've seen more and more cases of this happening when founders
| build in public, especially if they share revenue numbers.
|
| Regardless, sorry to hear about this happening to you...
| dqpb wrote:
| Controversial opinion: DDOS them
| preinheimer wrote:
| I feel like in a race to the bottom we have the most to lose.
| Both reputationally, and as like a real company with assets
| worth suing for.
| notakio wrote:
| Via a link posted here, perhaps. A "soft" DDOS, if you will.
| ChrisMarshallNY wrote:
| I once worked with a chap that did that.
|
| The miscreants DDOSed right back, X100, and he lost his entire
| site.
|
| I'd gently suggest against bear-poking.
| [deleted]
| runjake wrote:
| You should talk to a lawyer if you want real advice or want to
| pursue this.
|
| You should also consider the outcome if someone in an unreachable
| country (eg. Russia) cloned your website. If this is a grave
| issue, then you need to re-evaluate your business plan.
| Joel_Mckay wrote:
| Do you have a valid trademark in the domain registrars/hosting
| country?
|
| No? Than as annoying as it is there are few options. However,
| "About Us" pictures of people at your company do have implicit
| copyright, and image misuse is 100% enforceable with take-down
| strikes.
|
| Mostly endured the problem by posting our fiscal mistakes like a
| running joke, and proudly presenting them for others to "clone".
| Some folks are even brazen enough to try to sell trademarked
| squatter-domains. The good news is the .com and country suffix
| usually ranks higher in searches than most domains by default.
|
| The truth is if you can be cloned with ease, than the product
| likely falls squarely in the low-hanging-fruit category. Thus, as
| a business model it is unsustainable.
| sithlord wrote:
| >The truth is if you can be cloned with ease, than the product
| likely falls squarely in the low-hanging-fruit category. Thus,
| as a business model it is unsustainable.
|
| if its a SaaS, they are likely talking about the marketing site
| - not the logged in experience.
| Joel_Mckay wrote:
| Than they did not setup incentivized service deals, partner
| profit-sharing arrangements, or licensing agreements.
|
| Thus, a castle without a moat you can fill with legal
| alligators. Note, a service company is actually easier to
| handle than shipped product firms.
|
| Cheers ;)
| snickerbockers wrote:
| And what exactly is a "clone" in this context? Did they merely
| make a similar site or does it include your IP?
|
| If it's the former then i can't imagine you can do anything about
| it because they haven't done anything wrong. If it's the latter
| then you need a lawyer because it's not the host's responsibility
| to enforce your IP rights, especially since from their
| perspective you could be a competitor trying to use illegitimate
| tactics to sabotage their customer.
| boplicity wrote:
| It is indeed the host's responsibility to remove any content
| that is violating IP rights -- at least when there is a DMCA
| request filed. No need to get a lawyer involved, unless the
| host is not following the required procedures.
| preinheimer wrote:
| They've copied 100% of the text, images, styling, etc on the
| public version of our site. They have changed a few colours in
| some select images to better match their theme.
|
| I'd guess that they have 0% of our product copied.
| suprjami wrote:
| Make sure your SEO is better, otherwise do business as usual.
|
| Is your business a website, or is your business your excellent
| customer service and providing a better experience than your
| competitors?
|
| Considering you've been in business 10 years, it's already the
| latter. Double down on the best customer experience you can
| provide. People with money and loyalty aren't going to jump ship
| because another site has similar look.
| jjgreen wrote:
| Clone theirs! ... oh wait ...
| e_i_pi_2 wrote:
| I think I agree with others here - this isn't a real concern. If
| the only value you're adding to a market is your site design
| which anyone can legally view and copy then you aren't adding
| anything. If your product has true value then that will win out -
| if others can easily copy and make a better version then that's
| still better for everyone overall because you're business model
| isn't as good as theirs
| amelius wrote:
| "Good artists copy, great artists steal" ...
|
| Without people blatantly copying stuff, we wouldn't have the
| iPhone.
| Towaway69 wrote:
| Apparently in Chinese culture, copying is seen as a complement.
| iguana_lawyer wrote:
| Yes. In college I always saw the students from China
| complementing each other's assignments.
| dopeboy wrote:
| If they copied your site and beat you, they deserve to win.
| Ignore and keep building. Your superior product and eventual
| superior brand are not cloneable.
| joecool1029 wrote:
| German hosting companies typically respond to DMCA takedown
| requests even though they probably aren't legally required to.
| It's an easy/valid thing to do for a scraped site.
| sublinear wrote:
| In theory isn't this what EV certs are for? I know users don't
| really notice though.
| preinheimer wrote:
| We actually bought an EV cert years ago!
|
| Modern browsers don't actually give them any special display
| features these days, so it doesn't seem worth it.
| LinuxBender wrote:
| _Disclaimer: I am not a lawyer_
|
| In my opinion you should first get technical people to document
| as much "discovery" in both technical and simple layman's terms,
| then get lawyers to review your findings and determine if a legal
| case and if there are financial or brand damages can be built.
| They can take it from there.
| logicalmonster wrote:
| After the fact might be too late for this, but there are
| defensive programming techniques you can use to make a cloner's
| job a bit tougher. In some industries, this is more important
| than others.
|
| > Obfuscate and compress your frontend code - It's harder to
| clone a big pile of random code that's not pretty.
|
| > Put subtle watermarks in your site images - Makes their job
| harder and very easy to slip up.
|
| > Use absolute rather than relative links so your own URLs appear
| everywhere in the site - It's easy for them to slip up and miss
| one.
|
| > Use some of that obfuscated JS and frontend code to check what
| URL you're at and consider your options for redirecting, popping
| up a warning message, or rewriting the URLs in the body - it's a
| nightmare to try and figure out what a pile of crazy compressed
| JS actually does.
|
| > Have your site rely on your own API in some fashion - hard for
| them to clone if they have to rely on you for the data.
|
| > Put some hidden messages in your source code that might slide
| by a casual cloning job, but might be enough to verify ownership
| of the original code.
| andai wrote:
| Brilliant. I'd add to this that the domain name shouldn't just
| be a constant at the top, because then they can just change it.
| My first guess is, make a few functions that "generate" it,
| kind of like what some people have on their websites for their
| email address.
| jackweirdy wrote:
| Going to plug my own blog from a few years ago to illustrate
| how you can generate strings and even functions from non-
| alpha code characters:
| https://www.jackwearden.co.uk/blog/bending-javascript-
| type-c...
| ActorNightly wrote:
| >Obfuscate and compress your frontend code
|
| Even more so, while slightly advanced, you can set up a OTP
| verification on the front end before rendering things. JS code
| calls your backend which receives a OTP code (generated through
| some private key), and verifies this using public key. If
| obfuscated/minified properly, it would take some effort to
| reverse engineer properly.
|
| Additionally you can do sneaky things like make a request to
| your backend trigger on some random large time interval, where
| the Origin header is passed, so you can see which domain the
| client site got rendered from, and then return some displayed
| warnings about using a fake copied website.
| bobkazamakis wrote:
| >If obfuscated/minified properly, it would take some effort
| to reverse engineer properly.
|
| ah, this strange network request fails with this base64 and
| it stops loading, whatever could it be!
| moneywoes wrote:
| Is next js SSG good here?
| [deleted]
| ltbarcly3 wrote:
| Do you have people clamoring to pay you for your service? Ignore
| the clone site, you have found a viable market and need to focus
| on on boarding customers and not stumbling.
|
| Still have nothing like a lot of people wanting to pay you to use
| your service? Ignore the clone site, they haven't stolen anything
| of any value.
|
| It sounds glib, but tons of startups are arguing about roles and
| responsibilities of employees and their vacation policy while the
| bank account runs down to 0 and nobody notices because they have
| no costumers.
| devwastaken wrote:
| If the clone is a copy paste of your frontend code, and you have
| snapshots to prove it, then you can spend a hundred grand on a
| lawsuit. It won't matter in the end though. Making tech is easy,
| the business not so much. Same reason why reddit clones never
| work out.
| boplicity wrote:
| Definitely file an official DMCA complaint with the hosting
| provider. They are required to respond. If they don't follow the
| required DMCA process, the hosting provider may be liable.
| Though, I have filed many, many DMCA requests and have had a 100%
| success rate.
| preinheimer wrote:
| Are non-US companies required to care about the DMCA at all?
| welly wrote:
| Essentially yes. I guess in a similar way US companies are
| required to care about GDPR, if they want to operate in other
| regions.
|
| There's a bit more info here:
| https://www.copyrighted.com/blog/dmca-guide
| a_c wrote:
| Agree with others here. Just ignore. For a bit of fun, change the
| content of the link the copy cat is using. Maximum fun if the
| link is a script
| r1ch wrote:
| There's a few things that can help:
|
| - DMCA takedowns (domain registrar, ISP, IP space owner)
|
| - Report the fake site as phishing in Google Safebrowsing and
| similar
|
| - If they're hotlinking any assets, replace them with broken /
| nasty ones
| lopkeny12ko wrote:
| Do nothing. This is precisely the intent of an open and free-as-
| in-freedom web.
|
| If the success of your business depends on the secrecy of your
| web source code, consider reevaluating your business model.
| nicbou wrote:
| If it's hosted in Germany, send the host an Abmahnung by
| registered mail. It's a cease and desist letter, German style.
| Copyright law in Germany leaves no doubt about this being very
| illegal. I'm surprised that they didn't react.
|
| At the same time, file a DMCA notice with search engines. This
| could get them delisted.
|
| Don't forget to document everything, as you will need it to do
| the above.
|
| My website (see profile) has a list of English-speaking lawyers
| in Berlin.
| mtmail wrote:
| > My website (see profile)
|
| The value of the 'email' field is hidden to other HN users.
| Only the text in 'about' is visible to others.
| codetrotter wrote:
| I'm gonna go out on a limb and guess that nicbou may have
| been refering to
| https://news.ycombinator.com/submitted?id=nicbou
|
| That list of submissions include many from his personal
| domain and another site he has, namely
| https://allaboutberlin.com/
|
| List of English-speaking lawyers in Berlin
|
| https://allaboutberlin.com/guides/english-speaking-
| lawyers-b...
| avree wrote:
| I don't think they will have much luck, in Germany.
| https://www.wired.co.uk/article/inside-the-clone-factory
| bar000n wrote:
| 2012 story from Wired
| tarotuser wrote:
| You have a few options.
|
| Any requests coming from that server network should be goatse-d
| on all images.
|
| Or, since they're hosting from Germany, make sure to throw in
| some pro-nazi stuff and "holocaust didnt happen" stuff, and then
| turn them in to their government.
|
| Basically, you can either just use normal troll defacement, or
| you can poison them with illegal to their location content. Your
| choice.
| kube-system wrote:
| If you're actually worried about customers confusing the sites,
| this might not work out well.
| dingosity wrote:
| I solve this by making my site completely uninteresting to search
| engines. So if my content shows up in google, I know someone's
| copied it.
|
| (This is actually a joke about how bad I am at SEO.)
| snide wrote:
| Controversial opinion: ignore it and keep building.
|
| This happened to me years ago when a Russian website copied a
| website I was running. We had an API that helped them get not
| just the design, but the data.
|
| Google is pretty smart (sometimes) about figuring out content of
| origin. If you already have an established site with links
| pointing in your should be fine. If you're new and you're entire
| business can be copied that quickly, you have likely larger
| problems than SEO at this point.
| preinheimer wrote:
| Thanks.
|
| They haven't cloned the actual product, just the marketing copy
| on the public site. We've been around for ~10 years, so we have
| plenty of history with search engines, and a reasonable amount
| of organic links spread around the internet.
| cunningfatalist wrote:
| We've also been copied in the past. At first, it was a little
| concerning. But it turned out that people cannot be ahead of
| you if they're busy copying your features.
| gmiller123456 wrote:
| Get a lawyer. If you're not willing to pay for a lawyer, then it
| doesn't matter, because that's the only way you'd actually
| enforce anything.
|
| But, if your service can be cloned in a mechanical manner, it's
| doubtful it's that valuable anyway. And, if there's money to be
| had, you'll likely see legitimate competitors that make this
| cloning incident seem like a drop in the bucket.
| preinheimer wrote:
| It's incredibly unlikely they've cloned our actual service
| (which would require hundreds of proxy servers around the
| world). They've cloned the marketing part of our site.
| ipaddr wrote:
| Why does it matter then
| johnwheeler wrote:
| I think they're worried about the seo which is valid
| concern
| marmetio wrote:
| If they copied anything you can see with "view source" and
| you haven't licensed it in that way, a lawyer could help you.
| If they copied the layout by writing their own code and
| creating their own assets, then I'm not sure.
| supernikita wrote:
| Lawyers in Germany are cheap (compared to US lawyers). Normally
| they charge a percentage of the value of stake which is quite
| small since its regulated by the law and not negotiated. Also,
| in Germany, loser pays all, i.e. own lawyer, court costs, your
| lawyer.
| scarface74 wrote:
| For context, I've mostly worked for smaller SaaS companies that
| went after "whales" in a specialized vertical and that informs my
| opinion.
|
| Is your only "unfair advantage" that you hope to rank high in
| organic search? How do you acquire customers - conferences,
| targeted ads, a sales team? None of those efforts would be
| affected by a cloned site.
| josefresco wrote:
| Website cloning story: I make websites for small businesses. We
| had a client go out of business and let their domain expire.
| Someone re-registered the domain, and put the old website back
| up. Nothing we can do, no motive detected, the contact form
| doesn't even work. Why? SEO? Phishing?
| ghostbrainalpha wrote:
| SEO. Backlinks for old domains are valuable.
| jFriedensreich wrote:
| i start many projects by cloning the site of the closest
| competitor to what i want to achieve then start swapping out
| logos and copy and experiment / iterate. Of course that does not
| mean this will launch until there is a USP and all original code
| is replaced. Most of these projects look very different by that
| time or are just learnings that go into the next phase. Are you
| sure this is not a similar pre launch thing? Its good to have an
| eye on what links you get in but obsessing over these kind of
| things can be more hurtful than what you fear. also any reason to
| not share a link? these things are always super interesting to
| see. also if someone would contact my hoster without reaching out
| to me first i would be upset, i hope you tried that first? just
| one last anecdote: once i discovered the work to replicate the
| backend was far too high and i could not add enough value to
| justify a complete new product so i wrote up all my improvements
| and biz dev results for the company and just sent it to them to
| use as they wish, they liked it so much they implemented nearly
| everything. this is probably a rare case but example that not
| every cloning means evil intent. this is kind of what web
| development is about.
| [deleted]
| brandon272 wrote:
| I would ignore and focus on your product. There's not a lot that
| can be done to prevent this from happening and money, time and
| resources spent on lawyers with no certain outcome is probably
| not as beneficial as directing that money, time and resources
| towards improving your product.
|
| The people who do this tend to be lazy and uninterested in the
| actual business. (If they had a real passion for it, they
| wouldn't just clone your public facing website) Thus, they will
| probably vanish on their own sooner than later anyway.
| idopmstuff wrote:
| For some types of businesses, this could matter. For B2B SaaS, if
| you're running your business right it absolutely should not. You
| should have a sales team generating leads and making sales. As
| you continue to grow, your reputation in the space will start to
| bring in more leads.
|
| At the end of the day, they're cloning your website, not your
| product, and that means they're not going to be taking any
| business from you.
| Animats wrote:
| Are they linking to any images on your site? Ones you can change?
| StratusBen wrote:
| 1) Generally ignore, it doesn't matter. If you're prioritizing
| your customers and they're prioritizing copying you, they'll
| always be second to you.
|
| 2) Despite the above, call them out publicly. A YC company ripped
| us off blatantly and we decided to call them out. It will hamper
| their image and make people aware of what they're doing.
| Evidence: https://twitter.com/Bensign/status/1512110156275986433
| baggsie wrote:
| Generic design system looks generic shocker!
| welly wrote:
| Nice try, Cloudthread.
|
| Yes, the design is fairly generic but if you can't see that
| someone ripped off someone here then you must be trying a bit
| too hard to not see it.
| ipaddr wrote:
| I'm trying but both looks like countless other soul-less
| corporate sites.
| mynameisvlad wrote:
| This. There's only so many ways you can design a graph,
| table, and rule editor. The icons just seem to be from two
| packs, so they likely picked out the most appropriate icon
| for the action, and when you have limited icon packs you'll
| likely converge on similar icons.
|
| Notably, in a reply where they're calling out the similar
| icons, only one is the same while the other two are
| different, the only similarity that one of them has a graph.
| digerata wrote:
| I have to disagree with both comments on this... That was
| my first thought as well. But looking at the screenshots in
| the Twitter post, it goes beyond design systems.
| Structurally, it's the same. Layout, it's the same.
| Purpose, it's the same.
| mynameisvlad wrote:
| I don't really buy it.
|
| There's only so many logical ways to layout a graph,
| breadcrumbs, and table. If the breadcrumbs perform an
| action, which they seem to do, then you'll want them
| center to emphasize that. That's just basic UX design.
|
| I could argue they copied the query builder from dozens
| of different sites because they all look identical. It's
| a query builder, there's only a few ways to design and
| implement one.
|
| The tables straight up are just standard design tables.
| They could've come from Bootstrap at how plain they look.
| The only thing they have in common in terms of the things
| they show is costs, which, I mean for two tools used to
| keep track of cloud spending, seems like a given.
|
| The copy is completely different even if the purpose is
| the same, and "slicing and dicing data" is a go to phrase
| in the industry. We used the phrase all the time when
| developing a graphing tool.
|
| Nothing in that Twitter post is unique. It's what I, and
| I'm sure many others would converge on for any sort of
| tool that interacts with graphed data. Especially for two
| tools in the same space, there's only so many ways to
| show people their cloud costs. If anything, both
| companies just have _extremely_ generic looking and
| feeling UIs.
| dingosity wrote:
| Um. Their marketing copy... the words used to describe
| things and the order in which they're laid out? You think
| that's _GENERIC_?
| ipaddr wrote:
| Pretty much generic nonsense text. The one of the left
| didn't optimize like the one on the right.
| mynameisvlad wrote:
| Please show me the exact marketing copy that is the same.
| They use different words to describe slicing and dicing
| data, which as I already said is an extremely common term
| in the industry. For two companies doing the same niche
| and relatively simple thing, I would certainly think that
| there would be a lot of similarities.
|
| As I have said like half a dozen times now, there's only
| so many ways you can show cloud costs. It's not like this
| is some innovative space, it's just showing costs over
| time on a graph and table. If I were to clean room design
| an interface for this problem, I would certainly have the
| same sort of design, layout and copy as these two.
|
| And yes, all of those things are generic, for the reasons
| I've given. Do you have any actual response other than
| being incredulous that someone has a different opinion
| than you?
| StratusBen wrote:
| ...actually the team openly admitted to copying the site
| directly after we called them out publicly.
|
| Here is the direct message of them apologizing:
| https://imgur.com/a/OlNJ5U4
| purpleblue wrote:
| I don't see the rip off. I think it's about 60% similar but
| your design isn't special at all and very generic. The idea
| that someone "ripped you off" is a huge stretch to me.
| bsuvc wrote:
| > it doesn't matter
|
| I've heard in the past that it can hurt your SEO, but I don't
| know that firsthand.
|
| Is there a risk that google considers your site to be spam if
| it detects mirrors of the same content?
| me_bx wrote:
| > Is there a risk that google considers your site to be spam
| if it detects mirrors of the same content?
|
| I read about this happening a while ago, as the content
| thieves set an earlier publication date in their cloned pages
| metadata...
| chomp wrote:
| Yes, it does affect SEO, assuming the other party duplicated
| content and URL structure, the OP was not clear on this
| matter. Just HTML duplication won't (shouldn't) do anything.
| Google's bots will see 2 pages with similar content and URL
| structure, and make a judgment call as to which one is
| canonical, and present that one in search results as the
| authoritative source. And no, the methods Google uses to
| determine the canonical source are not known, and in my
| experience, don't often make much sense to us humans.
| [deleted]
| geocrasher wrote:
| File a DMCA complaint and move on with your life.
|
| Reference: 24 years in the web hosting industry
| spiffytech wrote:
| When this happened to Marie Ng of Llama Life in August, Michele
| Hansen recorded a video sharing advice on copycats:
|
| https://twitter.com/mjwhansen/status/1562691010538311680
|
| Michele's podcast also did a 2-parter on competitive advantage
| and moats, which help protect you from copycats:
|
| https://softwaresocial.substack.com/p/talking-competitive-ad...
|
| https://softwaresocial.substack.com/p/competitive-advantage-...
___________________________________________________________________
(page generated 2023-01-31 23:02 UTC)