Hacker cloned my store.

Mohammad_Imranu
Visitor
2 0 0

Hello,

I have an ecommerce shopify store. I created it one year ago. I found my store in another domain. Someone bought a domain last week and 100% cloned my store. He hosted the store in a Virtual private server. He also synced my store with his store. When I add product to my original store then it is automatically add to the fake store. And same for the delete. I submited a DMCA Takedown notice here : https://www.shopify.ca/legal/dmca . Now how can I removed the sync ?

Replies 69 (69)

Dallas
Shopify Staff (Retired)
916 61 211

Hi, Mohammad. 

Dallas here from Shopify Social Care. 

For this issue, I am going to have to send it over to a specific team. I have sent you an email to the email address attached to this forum account. If you could reply back from the account owner email on file that will be great. 

I will list the other things that I need to be sent over in that email as well. Please keep an eye out for it. 

If you don't see it in the next 24 hours please check your Spam folder.

Best,
Dallas

To learn more visit the Shopify Help Center or the Community Blog.

Mohammad_Imranu
Visitor
2 0 0

Hey Dallas,

I replied from my account owner email 2 days ago, but still I did n't get any solutions.

Thanks Imranul.

 

Dallas
Shopify Staff (Retired)
916 61 211

Hi, Imranul,

I have sent you an email. If you don't see it in your inbox please let me know!

 

Best,

Dallas

To learn more visit the Shopify Help Center or the Community Blog.

Pitterz
New Member
4 0 0

Help, this happened to me too in the last 30days.

 

I've reported it to their domain registrar and submitted a copyright claim to Shopify but what else do I need to do? Why are they doing this?

 

Thanks

WerkingForce
Tourist
7 0 2

Hey, I was wondering if this is messing up your SEO?

Pitterz
New Member
4 0 0

No it isn't but it's recent and all my existing content was already indexed with canonicals. I'm not interested in the SEO side of things, it's getting this cloned site taken down so it doesn't harm the brand or worse that's the concern.

Pitterz
New Member
4 0 0

Shopify responded to me and said, very bluntly, that they won't do anything because they don't host the domain! 

 

The rogue site is hosted with DigitalOcean, LLC and registrar for the domain is Namecheap so submitted abuse reports with both of these two but heard nothing back yet.

 

The rogue site looks like a mirror.

 

Any other advice or anyone else at Shopify other than their unhelpful legal department that might be able to help with this?

MediaMonk
Tourist
5 0 1

My site was just cloned and hosted at Digital Ocean too. Did you get a resolution from them? If so can you please share how?

macgom
Tourist
5 0 1

I went through reporting to DMCA and google. 

You need to prove how your website is being cloned by other website. 

I also implemented a script code to stop from other website to mirror ours, which I cannot find the script I used at the moment but you can search for it on this forum. 

Splodge1
Excursionist
15 0 3

Hi Macgom, we have the same issue of our site being cloned. Is the script you used ths same one as in this thread: https://community.shopify.com/c/shopify-discussions/hacker-cloned-my-store/m-p/463581 ? Or is there another script in a different thread?. Thanks

WerkingForce
Tourist
7 0 2

Taking it down would probably be the best idea!

Pitterz
New Member
4 0 0

Taking what down? I'm obviously not going to take my site down and have no control over their site? I've flagged the issue with their registrar, their host, trading standards and still awaiting a response from all those parties. I tried with Shopify but they weren't helpful despite everyone saying Shopify will help you get it taken down, so posted on here to let others know that they won't unless it's hosted with themselves.

Iva1
Visitor
2 0 0

I think I have the exact problem. The malicious website has similar name as our brand and is registered in Chinese registrar. Our website appears mirrored on that domain address with the exception of their homepage which opens shady looking lottery in Chinese language. It definitely hurts the SEO of the website as well. It appears in search results close to my website. I have contacted shopify support about this and I hope to get it resolved as soon as possible.

Zoes
Tourist
6 0 2

Hi,

We are experiencing the same problem right now. 

We submitted DMCA with both shopify and their domain registrar as soon as we found out, but they have all come back saying they can't take them down. I've also tried to look for their hosting provider, but it's hiding behind Cloudflare. We've filed DMCA with google as well, but not sure if it will help or not.

Have any one found any solution at the end? It's so frustrating not knowing what can be done to take them down, or how to prevent it in future. 

Thank you

David_Sullivan
Shopify Partner
7 0 7

This recently happened to a shop I work on. Here's what I added to theme.liquid to prevent the theme from working on other domains:

Add this to your theme.liquid inside the <head> tag:

<script>
if (window.location.hostname.replaceAll('.','') !== "wwwexamplecom") { // remove all dots from your domain name here
  if (window.location.hostname == "{{ shop.permanent_domain }}") {
    console.log("{{ shop.permanent_domain }}"); // this prevents redirect if using the permanent_domain
  } else {
    window.location.replace('https://www.exampleshop.com');
  }
};
</script>

I used .replaceAll to remove the . character because the cloned shopify domain was replacing all occurrences of our domain with their domain before the script was being run in the browser. This causes the site to be stuck in a reloading loop if not using the correct domain.

Kimberley_Strip
Tourist
3 0 2

Hi David, 

 

We tried to use your code as the same thing is happening to us, would you mind telling me if the below is correct? 

 

<script> if (window.location.hostname.replaceAll('.','') !== "wwwohelloclothingcom") { // remove all dots from your domain name here if (window.location.hostname == "{{ shop.permanent_domain }}") { console.log("{{ shop.permanent_domain }}"); // this prevents redirect if using the permanent_domain } else { window.location.replace('https://www.ohelloclothing.com'); } }; </script>

David_Sullivan
Shopify Partner
7 0 7

Yes, that looks correct. You might need to test with and without the 'www' in your domain. Add the code to your theme, then visit the offending clone domain and you should see the page continuously reloading.

AoPShop
Tourist
3 0 1

David, Thank you for your post. You're super helpful. I put this on my Theme, and it did work, as it blocked the duplicate site from loading. but it also caused my site to go in a loop and didn't load until I removed the script. 

AoPShop
Tourist
3 0 1

actually instead of wwwdomaincom I did domaincom instead it seems to work. i'll do some more testing. Overall, excellent suggestion. thank you 

GlasgowMerchant
Visitor
1 0 0

Thanks for this, David. Worked perfectly.

 

Someone cloned our entire store - including the checkout. I'm not sure if the checkout was actually functional or not, and I wasn't going to try and see if it was. 

 

Neither the domains registrar (where the scammer's domain was purchased from), Google, or Shopify support could offer a quick fix to the issue.

 

 

DesignerJoe55
Explorer
45 0 22

 


@David_Sullivan wrote:

This recently happened to a shop I work on. Here's what I added to theme.liquid to prevent the theme from working on other domains:

Add this to your theme.liquid inside the <head> tag:

 


@David_Sullivan This is genius! Excellent work! Thank you for putting that together. 

DesignerJoe55
Explorer
45 0 22

@David_Sullivan wrote:

This recently happened to a shop I work on. Here's what I added to theme.liquid to prevent the theme from working on other domains:

Add this to your theme.liquid inside the <head> tag:

 

<script>
if (window.location.hostname.replaceAll('.','') !== "wwwexamplecom") { // remove all dots from your domain name here
  if (window.location.hostname == "{{ shop.permanent_domain }}") {
    console.log("{{ shop.permanent_domain }}"); // this prevents redirect if using the permanent_domain
  } else {
    window.location.replace('https://www.exampleshop.com');
  }
};
</script>

 

I used .replaceAll to remove the . character because the cloned shopify domain was replacing all occurrences of our domain with their domain before the script was being run in the browser. This causes the site to be stuck in a reloading loop if not using the correct domain.


@David_Sullivan This is an excellent script, but it doesn't seem to be working for me in regards to the domains that are cloning our website. Here is my script:

 

<script>
if (window.location.hostname.replaceAll('.','') !== "pnwjourneycom" || "pnwlifecom")
  if (window.location.hostname == "{{ mystore.myshopify.com }}") {
    console.log("{{ mystore.myshopify.com }}");
  } else {
    window.location.replace('https://pnwlife.com/');
  }
};
</script>

 

*I changed the permanent domain for this post

 

I added an 'OR' operator because we have two live domains right now as we're getting ready to transition to a new name. I tried it without the 'OR' operator and it worked to redirect our second domain, so I know the code works. But when I checked the fraudulent cloned domains, they don't do anything. The script still shows in the code, but it's being ignored for some reason. 

 

Here is one of the cloned domains: circlehfishing.com

 

Any ideas?

David_Sullivan
Shopify Partner
7 0 7

I think you're just missing an opening bracket in the first if statement.

if (window.location.hostname.replaceAll('.','') !== "pnwjourneycom" || "pnwlifecom")

should be:

if (window.location.hostname.replaceAll('.','') !== "pnwjourneycom" || "pnwlifecom") {
JustOneGuy
Tourist
3 0 2

I’ve not tried this, but just looking at the code the test seems wrong to me. I would think that it should read:

 

 

if (window.location.hostname.replaceAll('.','') !== "pnwjourneycom" && window.location.hostname.replaceAll('.','') !== "pnwlifecom") {

 

 

 

As written, I would think that ORing with a non-empty string would make the test always true, which definitely isn’t what is wanted. Also, since the hostname can never be both of the domains, one of the tests will always be true, so the OR would once again always be true. What you’re wanting to check is if it’s not your first domain AND it’s not your second domain, so it should be an AND here instead of an OR.

DesignerJoe55
Explorer
45 0 22

You're right, it probably needs an "AND" operator. The script does work after I added in the bracket that was needed. But the "OR" operator sends it into a loop. I decided to just have it all redirect to our new name and get rid of the operator all together. 

DesignerJoe55
Explorer
45 0 22

@David_Sullivan You are right! I added the bracket and It works now to redirect all of the cloned domains.

 

Unfortunately, now it doesn't allow the permanent domain to work. In the theme editor, it just locks up at about 10% page loaded.

JustOneGuy
Tourist
3 0 2

DesignerJoe55--

 

Looking back at the original code that you posted, I noticed that you changed both occurrences of

 

"{{ shop.permanent_domain }}"

 

 with

 

"{{ mystore.myshopify.com }}"

 

 

The double brackets cause Liquid to substitute the value of the variable into the output stream. The "shop.permanent_domain" variable contains your shop's myshopify.com URL, but there is no value in a variable named "mystore.myshopify.com", so having the double brackets around that causes it to evaluate to an empty string. In that case, it would do the redirect.

 

You might want to try it again with either the "shop.permanent_domain" value, or without the double brackets and spaces around the "mystore.myshopify.com" and see if that makes a difference for your permanent domain.

DesignerJoe55
Explorer
45 0 22

@JustOneGuy Thank you for that. What you're saying makes sense. I may be misinterpreting the implementation, though, as I tried both options but it still locks up. 

 

Would you be able to modify this (same code as above) to what you are suggesting? 

<!-- Domain Check -->
<script>
if (window.location.hostname.replaceAll('.','') !== "pnwlifecom") {
  if (window.location.hostname == "{{ mystore.myshopify.com }}") {
    console.log("{{ mystore.myshopify.com }}");
  } else {
    window.location.replace('https://pnwlife.com/');
  }
};
</script>

 

 

Emmalu1111
Tourist
10 0 0

Hi David,

When I first launched my Shopify store in August I received a lot of email proposals from different developers offering SEO Booster. I was wondering how they got my contact and thought it was Shopify sales persons so I didn't bother much. I evaluated some of them and even had a phone call with one, they all were charging me a lot to boost my SEO but none convinced me so I refused their offer.

I saw many visitors entered my store but didn't buy so I started to investigate by myself and got a message that my store was been redirected to another url or store when I tried to checkout after making a purchase. A message populated and told me to edit my theme liquid but since I didn't know how to do it, I decided to call Shopify for help. I told Katrina and she said that it's not possible I spoke to another guy from Shopify support and he told me to change my theme I did so and is now using Sense. I setup my payment method again and was able to place an order myself just to test the store. But am worried because I have not made any sales yet. Everyday I check the replay of customer visits I see people reach the checkout but don't buy the recording ends right there so am just confused. They are targeting me on Instagram just to get access to the backend of my store but am not that stupid. 

I contacted a developer who asked me to give him my store credentials to be able to see what I see I told him no that I will give him a code so that he can request access and I will only grant him the necessary access. I did grant him limited access but suspended it because I didn't trust him. I need help David how can I know if someone cloned my store?

Thscom
Visitor
1 0 0

Hi David 

Is it possible to help with this? Hacker Cloned My Store also and I need a solution to prevent this 

Splodge1
Excursionist
15 0 3

Hi David, We're trying to understand how the duplicates stores are exactly mirroring our legitimate stores. They are not just a snapshot of our stores they actively update then we make any changes.  Is this due to some malware in the liquid code?

David_Sullivan
Shopify Partner
7 0 7

I'm not really sure the technical details of how they are doing this. I don't think there are any malware files added to your site, it all happens on their servers. I think they are pointing their own domain name at your website and when a request is made to thier-aliased-domain.com, your site content is run through some sort of find and replace script on their server with your content. It's not a copy of your site, it is your site but served to the browser after being modified.

debmcl
Visitor
1 0 0

This happened to my store. We aren't sure how they did it. At first it appeared that they might've been serving up my website on their servers, which were on Cloudflare, Digital Ocean, AWS (Amazon web services), and Paknic (Pakistan). When I updated my website the copycat website updated in real time. They might've scraped the code but then there were the instant updates. They had my FB pixel firing from their domains, and my Hot Jar code. I caught them with my Hot Jar recordings. They had six different domain names and I was able to watch their traffic in my Hot Jar. They had a header covering my header on their site, and a fake checkout page. In some Hot Jar recordings there were little things I caught, like seeing my header, then theirs quickly covered it. I saw checkout errors, but then their fake checkout page covered it. They had the secured SSL lock on their domain. They changed my policy pages and footer contact info, etc., to their domain and fake name. They used recently expired domain names that had good standing with Google. I believe they used click farms, or bots, to drive traffic to their site to get their pages indexed. We saw a lot of foreign traffic in Hot Jar. We added code to my website that redirected their traffic back to my website and then we blocked all other countries from accessing my site. But that code didn't work 100% of the time. I used a service to implement the blocking of known bots and IP addresses. This slowed them down for a little bit but not for long. I had a pending trademark, copyrights, and an intellectual property attorney. At that time the attacks were mostly coming from Cloudflare servers. Cloudflare ignored us, even the attorney demand letters didn't help. Google also ignored our legal letters. I ran a malware scan on their domains with Quttera .com. They were loaded with malware. Be careful going on to the copycat sites! I had to buy a new computer after all of this mess. I reported the domains, with copies of the malware reports, to Norton, McAfee, and Google. Quttera flagged them as well. On a few of the Quttera reports I caught that the domains were coming from Columbia. Somehow, their Cloudflare glitched, and I was able to catch their exact location. Eventually, the domains were flagged as malicious. In the meantime, I hired a Cloudflare implementation expert, got a Cloudflare account, and we set up all of my firewall rules. I did this in the Spring and left the copycats with Christmas content. They finally all disappeared, but this may have been due to Google removing them, or they gave up because they could no longer update my content. I think Google owns Quttera and my malware reports might've gotten Google's attention. Cloudflare helped too, but we still had 1000's of bad bots a day accessing my site, including a few  DOS attacks. Shopify is on Cloudflare, so that limits the protection I can get on my own. In order for my website to have the best protection, I needed an enterprise level Cloudflare account, to get the "Orange to Orange" switched on. I haven't had any problems since, but Orange to Orange is for enterprise business, and it's expensive. You can try a small business account to see if that works for you. 

 

 

 

Splodge1
Excursionist
15 0 3

Thanks David, I'm currently waiting for updates from Digital Ocean, the webhost and namecheap the domain registrar and Google where we've sent a spam/takedown request. I'll keep you all updated.

Splodge1
Excursionist
15 0 3

Hi David,

 

The Fix works great but the clone site is not redirecting back to our website it seemed to be in a loop accessing files from the shopify server, so I changed the location replace line to redirect to Google.
window.location.replace('https://www.google.com');
I dont know if this is s a good idea or not but it seems to work.
The only other issue is that the theme preview doent seem to load, do you know if this could be an issue too?

Splodge1_0-1677150948473.png

Thanking you, John

 



Lisa_Honan
New Member
7 0 0

Hi David

 

I have tried this on in our header but is not working. Do you know if it is still current or there is an alternative version? I believe our site is being cloned using Iframes.

May3
Tourist
6 0 1

Thank you so much David!

I had the same thing happening to me. Adding this actually worked.

Bless you.

Madison09
Excursionist
22 0 5

Hi!

This really sounds stressful! Been through this a lot and I have invested money but ended up other stores are benefitting from it. I came across this UNIQUE app, and it is very cool. It detects other stores that use my brand's images and contents... It automatically sends a notification to me through email and it automatically deletes those photos.

Try it. they have a free trial.

https://apps.shopify.com/unique-anti-theft#reviews

Hope this helps.

Investor_life
Tourist
4 0 1

Unfortunately, hackers are a perennial problem. It's hard enough to get rid of them, and everyone who does any kind of activity on the Internet is bound to run into these guys. I'm speaking as someone who has already encountered them *sad*.

banned
DesignerJoe55
Explorer
45 0 22

@Investor_life wrote:

Unfortunately, hackers are a perennial problem. It's hard enough to get rid of them, and everyone who does any kind of activity on the Internet is bound to run into these guys. I'm speaking as someone who has already encountered them *sad*.


@Investor_life Yes, it's a super unfortunate thing that there are people in the world who thrive off of taking from others, instead of working and building for themselves. I'm sorry you had to go through it too. I wish there was some way to permanently delete these people. But you're right, they are a perennial problem and all we can really do is try and protect ourselves from them. 

Gamerseo
Pathfinder
149 3 14

this is a really serious problem. Because if a hacker is cheating, customers may lose confidence in your store

We help by creating professional SEO and marketing services for the gaming industry

Kimberley_Strip
Tourist
3 0 2

Hi Everyone, 

 

Just an update on what we did to stop these websites. 

We now have a Cloudflare firewall that will stop any bots or duplicate stores.

 

It does cost money, but it's much cheaper than DMCA and it actually stops them straight away.

 

 

 

 

DesignerJoe55
Explorer
45 0 22

@Kimberley_Strip wrote:

Hi Everyone, 

 

Just an update on what we did to stop these websites. 

We now have a Cloudflare firewall that will stop any bots or duplicate stores.

 

It does cost money, but it's much cheaper than DMCA and it actually stops them straight away.


@Kimberley_Strip That sounds great! How did you get it set up? Is it just an app?

Kimberley_Strip
Tourist
3 0 2
DesignerJoe55
Explorer
45 0 22

Thank you! I will look into that asap!

DEBMC
Tourist
4 0 1

I used a similar firewall with a CloudFlare competitor and it worked at first but my cloner found a way around it and they're back to cloning my site in real time again. I've had this done to me by 6 different domains in less than 3 months. 

DEBMC
Tourist
4 0 1

I didn't understand what Cloudflare was until after I posted my previous comment. I'm now using Cloudflare and it appears to be working. 

DesignerJoe55
Explorer
45 0 22

That's awesome! Cloudflare is a great service. It's not something we have the budget for right now as it is not cheap, but will likely use it in the future. 

macgom
Tourist
5 0 1

@DesignerJoe55 
This is happening to our store now and I found this page. 

Were you able to stop the mirroring by inserting the code? 

When I entered the code as you used, nothing happened. 

Here's the code I entered. 

Any help would be appreciated.

<script> if (window.location.hostname.replaceAll('.','') !== “mywebsitecom”) {

  if (window.location.hostname == "{{ mystorename.myshopify.com }}") {     console.log("{{ mystorename.myshopify.com }}");  } else {     window.location.replace('https://mywebsite.com');   } }; </script>