Have your say in Community Polls: What was/is your greatest motivation to start your own business?

Re: Entire Shopify Store Stolen and Duplicated - Please Help!

Entire Shopify Store Stolen and Duplicated - Please Help!

Charp
Excursionist
39 1 9

Our entire product catalogue on our Shopify store was stolen and duplicated to a domain we don't hold.  We're drmower.ca.  Everyone of our 6000+ products, descriptions, images, and categories has been taken from our site and copied to drmower.shop - a website domain we don't own.  The contact info on the site is for a legit US company - motorhelmets.com.  It appears to have been taken by a company called FAMVIBE, which looks like a complete scamming site.

 

So - what do we do?  How can someone take our entire Shopify Store?  There is no indication of any kind of security breach and our real store is running as normal.  Please help!

Replies 28 (28)

biznazz101
Shopify Partner
494 50 94

You don't need to worry on the security breach idea, highly unlikely. It is pretty easy to scrape all the code and information from a store unless there is code preventing the theme files from being accessed. (google: right click inspect)

As for what you can do about it, you have a few options:

1) Contact Shopify. If it is truly a replica of your site they may remove it from the platform. (I'd hope they would)

2) Contact a lawyer. If they are infringing on copyright, trademarks, intellectual property, it may be cause for legal action.


3) Contact the people running the replica website directly, via a cease and desist notice.

4) I don't know if this would work, but maybe even contacting the domain registrar if it's not Shopify and make them aware of what it is being used for.

Realistically, if they are scammers, or not based in the same country as you it will be difficult to find success with options 2 or 3. Unfortunately, this happens more than one would think, although usually just the overall design, not products text etc. Based on the domain, I would guess it is a scam to fool potential customers, orthey plan on dropshipping your stores items. Either way it probably will not be up for very long.

Going forward you should add Javascript code to prevent right click in your store. This will somewhat protect your content. Sorry to hear this happened. Good luck!


Edit: I checked both URLs I don't know that shopif'y would remove it, the design is different enough that I don't see them doing it even if it is created with them. Also, the descriptions are different on the few products I checked. So don't see a lawyer being able to do anything either since the products are mostly created and sold by major companies. Even if they were using your unique images, descriptions, design it would be difficult and probably expensive to do anything anyways. I know that is frustrating but that is my opinion.

Don't hesitate to reach out for more help with your store.
SEE OUR TASK STORE or check us out via our profile! FREE STORE AUDIT
Charp
Excursionist
39 1 9

Thanks for the response.  I updated my journey and the steps taken to-date but am talking with my Shopify Experts on how we can avoid this in the future.  

Charp
Excursionist
39 1 9

Update - after emailing and reporting the site everywhere I could think of, I believe we will successfully have it removed in the next few hours.

 

Everyone I spoke with indicates this type of scam is not that unusual.  I wrongly assumed that my product data would have some security attached to it in our Shopify store.  We had recently upgraded to one of their new templates and had a Shopify Expert assist with the upgrade.  That was clearly not the case but I'm hoping to get that fixed in future.

 

This is what I did:

1. Contacted the people listed on the scam site.  This was motorhelmuts.com in California, who I believe is also a victim in that they seem a legitimate company who had no knowledge their info was on the scam site.

2. Contacted GoDaddy, with whom I purchased all my domains.  They gave me good info on next steps and I purchased their domain broker services to try to buy this domain back.

3. Ran a Whosis report to obtain the current domain registrar and server

4. Notified Shopify (useless as the scam site is not a Shopify site). Checked and updated security for our store

5. Contacted 99ecommerceexperts.com, the company who had helped with my recent upgrade. They gave me some good info.  

6. Emailed the Registrar's abuse email address (from the Whosis report) - this is ultimately the solution

7. Emailed ICANN and submitted an abuse form online

8. Submitted an abuse report to Cloudflare, the server listed on the Whosis report.  I received an email with a link to report the abuse but when I attempted to use it, received the message that this domain is not active on Cloudflare. This one is still outstanding.

9. Reported to Canadian Centre for Cyber Security - useless, received notification they couldn't help

10. Reported to the IC3 of the FBI

11. Tried to report to RCMP and  Canadian Anti-Fraud Centre but their website wouldn't work.  I was going to contact them today but will wait to see if this gets resolved

12. Reported a fraudulent site to Google and Microsoft

13. Am working with GoDaddy's domain broker to purchase this domain back.

14. Asked 99ecommerceexperts.com to insert the java script in my shopify store as suggested by Bizznazz101.

15. Sent out an email via Shopify to all my subscribed customers

16. Posted on our socials

17. Wrote a blog post on our website

18. Added a header on our website warning about the scam site

19. Keeping my fingers crossed as I received this email today:

Counterfeit Complaint - drmower.shop - Case #: ########(removed)

 

PublicDomainRegistry.com <abuse@publicdomainregistry.com>

8:46AM (2 hours ago)

 
 

 

 

 

 

 

 

Hello Char,

Thank you for bringing this to our notice. We have suspended the domain name ‘drmower[.]shop’. It shall reflect in 4 to 6 hours.

Feel free to let us know if you have any concerns.    

 

Regards,

Abuse Mitigation Team
PublicDomainRegistry

 

 

biznazz101
Shopify Partner
494 50 94

Glad you got it figured out! To prevent future issues you can add this JS to your global.js theme file at the bottom, it will disable right clicking:

<!-- ADD TO GLOBAL.JS OR THEME.JS FILE AT BOTTOM TO DISABLE RIGHT CLICKING IN YOUR STORE- BIZNAZZ101 -->


document.addEventListener('contextmenu', function(e) {
  e.preventDefault();
  alert('Right-click is disabled on this site.');
});



Don't hesitate to reach out for more help with your store.
SEE OUR TASK STORE or check us out via our profile! FREE STORE AUDIT
kickstart_engin
Tourist
5 0 1

Hi Biznazz101, can the above literally be copied and pasted at the bottom of the assests/theme.js page of my Shopify store? i.e. there is a } on line 9676, can I paste on line 9677?

Is there anything I need to be careful of, I'm not very IT savvy 😞

 

Thanks in advance, Mark

yumii
Shopify Partner
5 0 4

This is to prevent copy / paste actions? This is not how the websites are cloned - no one is copy/pasting each section a page at a time and besides even if it was it is trivial to get round it. I have seen some techniques that poison any site that isn't the legitimate one so makes it harder to clone but disabling right click just annoys your own users.

 

Rachel_Zylstra
Tourist
11 0 2

How did you find the registrar to email from the Whosis report?  The same thing just happened to our site, and I'm trying to figure out what to do.  I did run the report and filed a report with Cloudflare, and I'm in the queue to talk to GoDaddy support right now.  Ugh, so frustrating!  Any advice you can offer would be great!  Were you successful in getting the other site down?  Thanks!

tiptophomedecor
Visitor
3 0 0

Hi Rachel,

 

We are in the same boat. All my content from my website has been copied in a fake fraud website. My website is tiptophomedecor.com and they use tiptophomedecor.shop

Any tips on solving this would help!!!

biznazz101
Shopify Partner
494 50 94

Add the code from my comment above to your store to prevent further copying of code and content from your store.

In terms of what can be done, the list another user wrote above is a good starting point, I would also contact Wordpress maybe they can help as it is being run off their platform and they are copying images, descriptions, etc EXACTLY as they appear in your store.

 

This is the domain registrar information:

Domain Information
Domain:
tiptophomedecor.shop
Registrar:
Web Commerce Communication Ltd.
Registered On:
2023-09-18
Expires On:
2024-09-18
Updated On:
2023-10-11
Status:
ok
Name Servers:
stella.ns.cloudflare.com
norman.ns.cloudflare.com
Registrant Contact
State:
Wilayah Persekutuan
Country:
MY
Raw Whois Data

Domain Name: TIPTOPHOMEDECOR.SHOP
Registry Domain ID: DO8783577-GMO
Registrar WHOIS Server: iwhois.webnic.cc
Registrar URL: https://www.webnic.cc/
Updated Date: 2023-10-11T10:06:17.0Z
Creation Date: 2023-09-18T06:02:02.0Z
Registry Expiry Date: 2024-09-18T23:59:59.0Z
Registrar: Web Commerce Communication Ltd.
Registrar IANA ID: 460
Registrar Abuse Contact Email: email@webnic.cc
Registrar Abuse Contact Phone: +603.89966788
Domain Status: ok https://icann.org/epp#ok
Registrant State/Province: Wilayah Persekutuan
Registrant Country: MY
Registrant Email:
Admin Email:
Tech Email:
Name Server: STELLA.NS.CLOUDFLARE.COM
Name Server: NORMAN.NS.CLOUDFLARE.COM
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of WHOIS database: 2023-11-13T18:34:40.0Z <<<



Hope things work out for you!
@biznazz101 

Don't hesitate to reach out for more help with your store.
SEE OUR TASK STORE or check us out via our profile! FREE STORE AUDIT
kickstart_engin
Tourist
5 0 1

So I'm not the first, just the latest.

My entire inventory complete with pictures and descriptions have been copied by some scumbag.

I'm trying to work through it but I'm not hugely IT literate. I am worried that I might paste the code onto the wrong page, or miss out correct IT terms, symbols } ( ) or spacing and make a big problem for myself 

I found a page called assets/theme.js which I assume is right - sorry to be such a noob with IT

Charp
Excursionist
39 1 9

This may not be helpful to you, but our site is too large and our theme has been modified too many times for me to start playing around with code.  I hire Shopify experts to do these tasks.  Stephen's World has been our latest expert and has been great.

 

However, no matter what code is added, it keeps happening - 3 times in the last 12 months for us.  As soon as we see it, we pretty much can get it taken down following the above instructions - getting a  Whosis report and contacting the registrar.  Twice it's been the same person/company out of Malaysia. I guess we have to take it as a compliment we're big enough to try to scam?  IDK, but despite reporting to Shopify every time, there is nothing they can or will do.  I do think they should be looking at making our sites safer - we pay enough in monthly fees to make safety a feature of our stores - both for the merchants and customers.  

kickstart_engin
Tourist
5 0 1

Hi Charp, I really appreciate your time in replying

I only have a small business, and I'm a sole trader with very little IT skills. I think I'll give the Shopify experts a try, and you're absolutely right, Shopify could make everything much safer with a wave of their hand I'm sure.

My infringers are the same people it seems, all the info is identical

I'll carry on with this tomorrow, thanks again!

Charp
Excursionist
39 1 9

Best of luck!

kickstart_engin
Tourist
5 0 1

Morning all, I have had a result.

After searching the fraudulent domain name on WHOIS, I got this:

 

WHOIS search results

Domain Name: LEPETITTAMBOURCHEAP.SHOP
Registry Domain ID: DO11940794-GMO
Registrar WHOIS Server: iwhois.webnic.cc
Registrar URL: https://www.webnic.cc/
Updated Date: 2024-09-30T09:27:56.0Z
Creation Date: 2024-09-27T18:27:35.0Z
Registry Expiry Date: 2025-09-27T23:59:59.0Z
Registrar: Web Commerce Communication Ltd.
Registrar IANA ID: 460
Registrar Abuse Contact Email: compliance_abuse@webnic.cc
Registrar Abuse Contact Phone: +603.89966788
Domain Status: ok https://icann.org/epp#ok
Registrant State/Province: Wilayah Persekutuan
Registrant Country: MY
Registrant Email:
Admin Email:
Tech Email:
Name Server: NORAH.NS.CLOUDFLARE.COM
Name Server: LELAND.NS.CLOUDFLARE.COM
 
So  I emailed 'compliance_abuse@webnic.cc' with the following plea:
 
"Hi, I hope you can help. 
My websites whole inventory has been copied by an unauthorised website. 
I wish to serve a host request for DCMA, and have found that you are the registrar for their domain.
And they have copied the entire product list from my website https://a2restrictors.com/
Can you please help?"
 
Less than 12 hours later I woke up to find this in my inbox:
 
"Dear Team,
Greetings.
Kindly be informed that domain(s) were no longer in use.
Please check after 24-48 hours.
If the reported content still exist, kindly provide us the relevant screen capture with latest date & time with domain name shown in the screen capture for our further checking.
Should you need further assistance, please feel free to contact us.
Thank you.
Warm Regards,
Support
WebNIC"
 
I'm a very happy chap this morning, will be very vigilant in the future.
kickstart_engin
Tourist
5 0 1

.... and I've already found another fraudulent site, this time appearing as Russian ... sigh ...

Sam_Mac
Excursionist
21 0 10

This isn't a unique to Shopify problem though. Any place you have a website these scammers can scrape a site and upload all the products to one of their fakes. IMO the .shop domain people need to act and so does google. The scam sites would be worthless if they couldn't be found in google. As for the .shop domain people, I reported each of the sites there and they didn't even reply. The whole reputation of the .shop TLD is basically going to be scamming.

Charp
Excursionist
39 1 9

That's my point exactly.  No matter who I reported the 4 scraping scam sites to, (including Google and their domain provider, as well as my own domain provider, Go Daddy), nothing has changed.  Shopify, the big merchants, and the domain providers have to be the ones to push for reform for us as the individual merchants hold no power.  Our safety should be their top priority or what are we paying for?

 

Don't get me wrong - we've grown astronomically in the last 4 years with Shopify. But they've done nothing to help us deal with a systemic problem.

Rachel_Zylstra
Tourist
11 0 2

I went through a lot of the steps listed above, and had success with the same solution - I was able to look up the domain in GoDaddy and find out it was through PublicDomainRegistry.com. I contacted their support and reported the site and they had it taken down withn 24 hours.  I then added an entry to our FAQ stating that the site was not affiliated with us, and that anyone who had tried to place an order should check their credit card for fraud. Since the site doesn't actually have any products to sell, they must be trying to get people's info via the check out form.

Charp
Excursionist
39 1 9

Glad it worked out.  We successfully got the drmower.shop scam site down, as l listed above.  We also wrote a blog post and did a brief email out to our active customers. We never did hear anything back from customers who bought from the scam site and didn't receive their parts, so hopefully all is good.  Char

Sam_Mac
Excursionist
21 0 10

Did it stay down? We've just found our site copied on at least two domains including one with this same registrar and another on the registrar shown below with another shopify store. I've reported it to the registrars, waiting to hear back.

Rachel_Zylstra
Tourist
11 0 2

We had ours removed almost a year ago, and it has stayed down, although someone still owns the domain.  I'm curious if anyone has had luck in buying the domain back. I figured the scammers would ask for a crazy amount of money for it, so we didn't even try.

Charp
Excursionist
39 1 9
We haven't had any problems since (fingers crossed). I did hire GoDaddy's
domain buyer to try to get the domain back, but no response. I keep
checking for it to come available and I have bought up all similar domains.

My developer says that there's really no way to stop scraping. We've added
the app Shop Protector but it is just for images.

I think Shopify should be addressing this issue as there's not much we can
do as shop owners.

mlcc
Visitor
1 0 0

Me too! What is Shopify doing for you? I reported it to Google, and they rejected it. Some images and products are original. They aren't sold anywhere else.

Sam_Mac
Excursionist
21 0 10
I never reported it to shopify as it isn’t really a shopify issue. This could happen to any store on any platform. I was lucky in that I got the company they registered the domain through to suspend the domain. Cloudflare never replied to a single DMCA notice and I could never find out who was hosting any of the sites.
Rachel_Zylstra
Tourist
11 0 2

When I talked to Shopify, they said they would take it down if it was another Shopify site, but since it wasn't, there wasn't really anything they could do. I went through a lot of the steps listed above, and had success with the same solution - I was able to look up the domain in GoDaddy and find out it was through PublicDomainRegistry.com. I contacted their support and reported the site and they had it taken down withn 24 hours.

ADAM_DAR
Tourist
9 0 2

Shopify is very much aware of the problem. They do not do anything about it. They can simply create the code so people can not replicate our sites. They merely dont do it, because all they care is about their pockets and how they can get you signed up for shopify plus. 

Shopify in the last 2 years, has taken away my shopify payments and forced me to go to paypal because they said i had many fradulent transactions ( I had 13 disputes since i opened my store in 2014 . 

I had my site replicated over 55 times, as I have fought these scammers tooth to nail. What shopify did about it? NOTHING! 

 

yumii
Shopify Partner
5 0 4

Thanks to all in this thread. We have the same problem and it is also with the same registrar - I searched the phone number that appears in the whois query and my top result was this thread also all the valid hits are all from forums asking about fraudulent websites - I find that a bit odd. Anyway I thought I'd make a test purchase from them to see what happens using a virtual card and got a request for a google wallet authorisation - this should never happen with a legitimate website the site is clearly harvesting cc numbers for later re-use. They are offering deep discounts on the listed products in hopes attracting your own customers and stealing their credit card data. Initially I thought it was some weird SEO scam and was just reporting them to google - didn't initially realise it was a much more basic scam.

yumii
Shopify Partner
5 0 4

I initially contacted the uk cyber security services - all I had from them was to contact police in Scotland. - I raised it to get a crime reference number but no action has been taken afaik.

Also contacted cloudflare as they are shown to be the ip address on the site. No response or action by them.

contacting the abuse email for webnic.cc however and a couple of screenshots of the two sites and our original one - about 30 hours later the sites were taken down.

We are also monitoring with a saved search on google for any other sites that re-appear so we can just repeat this.

I haven't contacted customers about this other than to say our products are not available on sale anywhere else. I'm thinking that saying watch out for fraudulent websites they are harvesting data is just going to make customers less likely to purchase from anywhere as it's just scaring them without clear solution. From the test I made anyway the sites don't initially charge anything anyway and won't be showing our brand name after it is used nefariously at a later date if at all.

While webnic.cc took down the dns registry details is very helpful the sites are actually still up behind cloudflare - though now to view them you need to make manual entries to the hosts file. Cloudflare is the only one that can actually disable and contact the webhosting platform to potentially ban the customer that is making this abuse. As it stands now it is trivial to just relaunch under a different url which will still contain our brand name and we would have to spot it to then have the registrar take it down again.

preemptively buying all possible variations to prevent anyone from buying it is futile - u'd end up spending millions on registrar fees and not get anywhere as there will be more possible combinations that you havent' thought of.