Discuss and resolve questions on Liquid, JavaScript, themes, sales channels, and site speed enhancements.
My store has been cloned / mirror proxied +25 times. Every page, product, blog, the cart, checkout, you name it.
Spoke with shopify, unfortunately they could not help. Have started reporting the sites but there are so many of them that I can't keep up. I also have tried the code everyone links to from Dave - it did not help in my case.
Every update I make to my site shows up immediately on the cloned/mirrored sites.
They are showing up in google searches for my store and sending soooooo much traffic to my site (upwards of 5500 a day & even visiting my site from theirs) All of this is really messing with my analytics / conversion rates, SEO, etc. Some days it looks like the traffic is coming from Canada, others it is from the US, and most shows it is coming from Facebook which does not even make sense.
Their checkout cart page does not seem to actually work - once I input a (fake) address and (fake (info) it opened to a 520 error page.
I attached screen grabs of my analytics to show some context of what is happening on my site.
Can anyone help?
TIA
my store: rebelpetal.com
the cloned/mirrored sites:
Hi @RebelPetal, I looked at a few links examples and assuming they use a reverse proxy, here are some ideas to help mitigate the issue.
Thank you for your reply @InfiniteCom
I have been slowly making my way through the fake sites and reporting them and have also reported them to google for phishing.
So far it looks like they aren't changing our text and everything seems to be a direct mirror of our site.
I can input code but I can not write code. Do you have any recommendations for a developer that could write the code for us to input into our site? We tried the code that has been suggested on other peoples post (with similar issues) and it did not work.
Thank you again.
Regarding the links above, they are hosted at Cloudflare. I recommend that you send the entire list to them using this page:
https://www.cloudflare.com/trust-hub/abuse-approach/
These are the IP addresses for all of them and I checked them, they are owned by Cloudflare
104.21.11.102, 104.21.11.87, 172.67.222.179, 172.67.158.130, 104.21.18.211, 104.21.19.78, 104.21.86.183, 172.67.203.65, 104.21.37.146, 104.21.37.146, 104.21.75.252, 172.67.187.61, 172.67.199.206, 172.67.150.219, 172.67.211.222, 104.21.0.227
The code you have on your home page has an extra '}' at the end causing it to fail. Remove that one character and it should work.
If it does not or they add further changes, I can help you out.
Looking at that code, I believe when that last bracket is removed (and the semicolon should be removed also) it's going to redirect in all circumstances as the || "rebelpetal.com" is going to return true, and the result is going to be an infinite loop.
You need to be very careful when implementing code for this purpose.
The following I believe will do the trick but highly recommend testing it thoroughly.
<script type="text/javascript">
if (typeof window != 'undefined' && window.location && window.location.hostname.replace('www.', '') !== "rebelpetal.com") {
window.location.replace("https://www.rebelpetal.com/");
}
</script>
Also, file a DMCA claim on Google.
Hi @p1Commerce - thank you for your reply. I make a copy of our theme and try the code on it first. I had left the copy of our theme as the published one but have since put it back to our original.
I did try testing the code you kindly provided and published it to give it a test and it unfortunately did not work. Maybe I did it incorrectly - I input it just before the </head> script at the bottom.. Should it have been at the top? This is outside of my wheelhouse.
Doing the DMCA claim on Google now, thank you!
Anywhere on the page will work but the redirect will only take place if the code is used on a domain other than yours.
To test it you would need to add the code, view source of the page, save that source as an HTML file and upload it to a different website.
I have reported all 26 of them to cloudflare, their registrars and google phishing.
I was thinking of waiting another 72 hours (business hours during the week) to hopefully get the sites removed and then I would try the code again to "break" any of the mirror sites that haven't yet been removed. I have removed the code for now.
Is it possible to have code created that would stop our site from being duplicated / mirrored again? Worried this will keep happening. Yesterday we had 6,694 online store sessions (99.9 were BS)...they are messing with our analytics (and google ratings) so badly.
Thank you
The only technical way to stop these copiers is by making the website render incorrectly if served from their domains or redirecting automatically to your correct domain which is what you are doing now.
I have tested the code from @p1Commerce and it works perfectly (if it runs on your domain as well as the other domains), in both cases, it will redirect to your domain only if needed.
Just copy & paste what @p1Commerce provided mostly anywhere on the page (maybe at the end of the head). (Use the button 'copy' top-right of the code to make sure you are copying the right thing).
Note, I noticed that when you had your original code, the other sites made changes to it. So after you try it and it does not work, let us know while the code is there so we help adjust it.
@InfiniteCom that is great to know - is it okay if I tag you in a reply in a day or two (giving time for the companies to remove the websites) once I update the code? I will ping you when I am online and if you are too, then I will add the code and we can go from there. I am super grateful! Thank you!
@p1Commerce I submitted the DMCA claims on Google - thank you again!
re: your comment "To test it you would need to add the code, view source of the page, save that source as an HTML file and upload it to a different website." I don't think I have the ability/skills/brain to do that. Or maybe I do and my brain is too fried to process what you are saying and things are all starting to sound like the teacher in Charlie Brown. Going on 3 days with very little sleep trying to get this all sorted. Super appreciate your help.
Of course... will be happy to help
Thank you again. I am beyond grateful.
Hello @RebelPetal ,
Was your issue resolved (Mirror Proxy)? Someone is doing that to our Shopify site (mirror Proxy) and I want to implement a good solution. I did report the fraud domain and the IP Address host has blocked them, so the issue is temporarily resolved until they switch to a new IP address host. CC: @InfiniteCom @p1Commerce I did contact Shopify but they basically recommended doing the DMCA reporting. I need a more permanent solution.
Our Shopify Site: https://thesweetdesignsshoppe.com/
Fraud (mirror site): https://sweetshoppeshop.com/ ( The IP Address is currently blocked).
Thank you
Arnoldo
Thank you RebelPetal for the information. I am really happy that your issue was resolved I hope stays like that. I did file a few DMCA claims, trying to find out who is the Web Server Host to file a DMCA claim directly. The IP Address has been blocked by the IP Address provider based on a DMCA claim that we filed but they mentioned they don't host the actual Web Server. I would really appreciate if you can answer the following questions.
Did you file the DMCA claim directly with their web server host and/or did a generic DMCA claim in Google for example?
Did you add any special code to the Theme Script for protection and/or changed the template to a newer version for example?
Thank you
Thanks to everyone who participated in our AMA with 2H Media: Marketing Your Shopify St...
By Jacqui Sep 6, 2024The Hydrogen Visual Editor is now available to merchants in Shopify Editions | Summer '...
By JasonH Sep 2, 2024Note: Customizing your CSS requires some familiarity with CSS and HTML. Before you cust...
By JasonH Aug 12, 2024