What to Do if Someone Clones Your Store!
This is a guide on how to respond if someone duplicates your Shopify, Wix, or Koi.app store. One of our valued merchants discovered that his Shopify store had been copied by a scammer after receiving an email alert from a customer who posed the following question:
To our merchant's dismay, someone had duplicated his store!
Step 1 - Preserve as much evidence as you can by creating a copy of the problematic website.
I prefer to use SiteSucker for swiftly downloading websites that I need to archive. You can find SiteSucker on the Mac App Store at an affordable price.
Thanks to our alert customer, we've identified the problematic domain as "shopuprooted.shop." To archive the site, all we have to do is input that URL into SiteSucker's designated field, and it will download and create a copy for us.
A domain is the address or the name that identifies a website on the Internet. It's a part of the URL (Uniform Resource Locator) that you enter into a web browser to visit a particular website. For example, in the URL "https://www.example.com", "example.com" is the domain name.
Domains are hierarchical, with the top-level domain (TLD) at the end — like ".com," ".org," or ".au" — and the second-level domain (SLD) in front of it, which is often the name of the company, organisation, or subject matter of the website. Combined, the SLD and TLD form the full domain name (e.g., "example.com").
Domains serve to make web addresses easier to remember and type, as opposed to using IP addresses, which are a series of numbers. They are registered through a variety of domain registrars and need to be renewed periodically to maintain ownership.
We can glean some information just from the URLs of the files being downloaded. For instance, the presence of "wp-content" in the URLs indicates that the site is hosted on WordPress. Additionally, the filenames of the images are identical to those used on our merchant's website.
WordPress is a popular content management system (CMS) used to create and manage websites. It's known for its user-friendly interface, making it accessible for people who may not have extensive technical skills. WordPress allows users to easily create, edit, and publish web pages, blog posts, and multimedia content.
Step 2 - Determine the hosting provider of the website.
We can learn more about the owner of a website's domain by using the 'whois' command in the terminal.
At times, this method reveals much of the information we're seeking, but unfortunately, it didn't in this instance.
whois shopuprooted.shop
% IANA WHOIS server
% for more information on IANA, visit http://www.iana.org
% This query returned 1 object
refer: whois.nic.shop
domain: SHOP
organisation: GMO Registry, Inc.
address: 26-1 Sakuragaoka-cho
address: Shibuya-ku Tokyo
address: Japan
contact: administrative
name: Representative Director and CEO
organisation: GMO Registry, Inc.
address: Cerulean Tower
address: 26-1 Sakuragaoka-cho
address: Shibuya-ku Tokyo 150-8512
address: Japan
phone: +81354561601
fax-no: +81337805239
e-mail: newgtld@gmoregistry.com
contact: technical
name: Director
organisation: GMO Registry, Inc.
address: Cerulean Tower
address: 26-1 Sakuragaoka-cho
address: Shibuya-ku Tokyo 150-8512
address: Japan
phone: +81354561601
fax-no: +81337805239
e-mail: newgtld@gmoregistry.com
nserver: A.GMOREGISTRY.NET 2001:dcd:1:0:0:0:0:4 37.209.192.4
nserver: B.GMOREGISTRY.NET 2001:dcd:2:0:0:0:0:4 37.209.194.4
nserver: K.GMOREGISTRY.NET 37.209.196.4
nserver: L.GMOREGISTRY.NET 2001:dcd:4:0:0:0:0:4 37.209.198.4
ds-rdata: 50701 8 2 30f44f9e79f1119aebed349d3ec34f7aedd83a58f1e706d8303c3bbfe83bc7ec
whois: whois.nic.shop
status: ACTIVE
remarks: Registration information: http://www.gmoregistry.com/en/
created: 2016-05-05
changed: 2019-08-20
source: IANA
# whois.nic.shop
Server is busy now, please try again later.
IHowever, it does give us details about the domain's registrar, which we can use to issue a DMCA takedown notice or file an abuse complaint. From this, we can determine that the domain is registered with GMO Registry.
The first result on Google directs us to GMO's Abuse Page, which provides information on where to send emails to address abusive use of their systems.
Since GMO is a Japanese company, I anticipate they will take this matter seriously and deactivate the domain.
It's worth noting that the domain name and the hosting provider are not the same thing. We can usually determine where a website is hosted by using the 'ping' command to obtain the IP address, and then using the 'whois' command once more.
ping shopuprooted.shop
By executing the aforementioned 'ping' command, we can identify that the IP address is 104.21.80.60.
We can employ the 'whois' command once more to determine the owner of the IP address.
whois 104.21.80.60
This time, we find that the IP address is owned by Cloudflare Inc, who also provide a useful URL for filing an abuse complaint.
https://www.cloudflare.com/abuse
Step 3 - Submit an abuse complaint to Cloudflare and GMO Registry
Submitting an abuse complaint with Cloudflare
Visiting the Cloudflare abuse page directs us to a page featuring a prominent, user-friendly button labelled "Click here to submit an abuse report."
Clicking on the button takes us to a subsequent page where we need to specify the type of abuse occurring. In our case, the merchant is experiencing copyright infringement, which constitutes a DMCA violation.
A DMCA violation refers to the infringement of copyright under the Digital Millennium Copyright Act (DMCA), a United States copyright law. The DMCA criminalises the production and dissemination of technology, devices, or services that are designed to circumvent digital rights management (DRM) controls and measures. It also criminalises the act of circumventing an access control, whether or not actual copyright infringement is involved. Furthermore, the DMCA outlines the procedures for copyright holders to request the removal of their copyrighted content from websites and online services.
Since Cloudflare is a U.S. company, they take DMCA violations seriously.
All our merchant needed to do was complete their details and submit the abuse report.
Emailing an abuse complaint to GMO Registry
We told our merchant to send the following email to GMO:
Subject: Urgent: Unauthorized Use of Registered Australian Trademark and Copyright Infringement on Domain shopuprooted.shop
Dear GMO Registry Team,
I hope this email finds you well. I am writing to bring to your attention a severe violation involving one of the domains registered through your service, specifically shopuprooted.shop.
I am the owner of uprooted.com.au, a website legally operating under Australian law. Our content is copyrighted, and our name "uprooted" is a Registered and Protected Australian Trade Mark under registration number 2141979. We have invested significant time, effort, and resources into building our brand and earning the trust of our customers.
We have recently discovered that shopuprooted.shop is hosting an exact duplicate of our website, which is a blatant infringement of our copyright and trademark rights. Not only is this causing confusion among our customers, but it is also being used to mislead them into a credit card scam.
We kindly request you to take immediate action against this violation. According to the domain's WHOIS information, the registrar is GMO Registry. Given the severity of the issue, we strongly urge you to suspend the domain shopuprooted.shop as soon as possible and investigate the matter further.
We retain all evidence relating to this unauthorized use and are prepared to take legal action if necessary. However, we believe that your prompt attention to this matter could resolve it more efficiently.
Please acknowledge receipt of this complaint and inform us of the actions you plan to take.
Thank you for your immediate attention to this urgent matter.
Sincerely,
[Your Name]
[Your Position]
[Contact Information]
[Trademark Registration Number]
[Company Name]
cc: Legal Department