Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

How Do I Fight Russian Site Cloners?

kdawson posted more than 3 years ago | from the cloned-and-pwned dept.

Crime 208

An anonymous reader writes "I used to run a small web design service, the domain for which I allowed to expire after years of non-use. A few weeks ago, I noticed that my old site was back online at the old domain. The site-cloners are now using my old email addresses to gain access to old third-party web services accounts (invoicing tools, etc.) and are fraudulently billing my clients for years of services. I've contacted the Russian site host, PayPal, and the invoicing service. What more can I do? Can I fight back?"

cancel ×

208 comments

Sorry! There are no comments related to the filter you selected.

Meatloaf is more important (-1, Troll)

Anonymous Coward | more than 3 years ago | (#31871844)

What I want to know is when Meatloaf's additions to the Linux scheduler are going to make it into a release of Ubuntu? I'm not a fan of his music, but he has made some incredible contributions to the Linux community, and I want to experience the speed improvements his scheduler brings to the table.

contact your clients (5, Informative)

Pinhedd (1661735) | more than 3 years ago | (#31871880)

If you have a summary of your clients (and you should) you should send out a mass email and let them know what's going on

Re:contact your clients (4, Informative)

Cassini2 (956052) | more than 3 years ago | (#31872080)

Check that the problem is not closer to home. The problem could be either technical like a corrupt ISP or some spyware, or it could be an insider running the scam.

To make this scam work, the third party needs a great deal of inside information. That points to an insider. For instance, the third party would need access to invoicing forms to make everything look official.

Re:contact your clients (5, Insightful)

wvmarle (1070040) | more than 3 years ago | (#31872552)

I didn't immediately think "insider" but now you mention it... it makes total sense of a very unbelievable story.

Oh well yet another story that doesn't pass a reality check, and in good kdawson fashion no supporting links or so. Here we go:

The fraudsters copied the web site (that was presumably off-line for a long time). Trivial if it is all static pages, not trivial to impossible if it includes a lot of server-side scripting and you do not have access to the server directly. And quite unlikely that a web site is copied and kept archived by would-be fraudsters hoping that in the future the owner lets the domain expire so they can bring it back on-line? No. It just doesn't happen.

Then they need to know which third-party services you used. And that you were so trusting that you use a third-party web service for invoicing in the first place.

Then they know your clients (potentially through the third-party invoice service).

Then they have your passwords (I may assume password protection).

And how come your old accounts at those invoicing services are still accessible in the first place? From the fact that you let your domain expire after "years of non-use" I take it your business has closed years ago too. Third-party web services usually require payment, especially specialised stuff like invoicing. Not likely they keep that active without it being paid for.

So Russian hackers? No. Insider job? That's where you should look first indeed. Start with former employees I'd say.

Re:contact your clients (2, Funny)

omnichad (1198475) | more than 3 years ago | (#31872730)

archive.org - just has to look alike, doesn't have to act alike

password resets via email, though PayPal is quite a stretch.

You seem to make good points on the rest.

Re:contact your clients (5, Insightful)

ottothecow (600101) | more than 3 years ago | (#31872750)

I am not sure they would have to replicate the pages exactly. Just take whatever shows up on archive.org and and slap a current date on it.

The cloners are not trying to recreate your business--they just have to make it look like the business still has an active website. Then they use the emails that they now control to get back into old accounts.

As for knowing which third-party services were used, there may be some indication on the archived site or there may be something available with enough googling--maybe they find a former client from a "site design by..." tag and social engineer some answers out of them (they don't have to be an insider or client themselves...they just use your old email address and ask a former client). There can't be that many providers of some of these services that were active when the business was running and are still active now...just start using lost password forms.

They might have to reinstate your old payments, but a few months of invoicing service is a drop in the bucket compared to what they could then invoice your clients for (and bigger corporate customers might not ask questions before cutting a check to a company already in the system).

Re:contact your clients (1)

Pinhedd (1661735) | more than 3 years ago | (#31872972)

To make this work effectively all an attacker would need would be the domain name. Replicating the site itself would be fairly easy and once they grab the domain they can also grab the email address, this wont include the original contents but it will match the address on file for many services. If this email address is tied to your third party services all they need to do is send out a password reset and neglecting any security questions they'll have access to all your stuff.

Re:contact your clients (-1)

girlintraining (1395911) | more than 3 years ago | (#31872136)

If you have a summary of your clients (and you should) you should send out a mass email and let them know what's going on

Or fall for the trap yourself. Find out what merchant account the money is going to, and follow the trail. The money has to get to these people somehow. Follow it, and you find the crook.

Re:contact your clients (5, Funny)

sopssa (1498795) | more than 3 years ago | (#31872362)

The money has to get to these people somehow. Follow it, and you find the crook.

Exactly, good advice!

Like girlintraining states, you only need to hack to the Visa merchant account to know what bank account it belongs to, then hack the bank to know who is the owner of that account and get his bank statements to know what is being done with it. After you furiously raid the persons home you discover the old lady is a money mule and has wired the money overseas. Now you only need to take a flight to Kazakhstan and go talk with the local banks about it, just to find out that some alcoholic cashed it out for $10 and gave it to some man he doesn't remember.

As always, great tip, girlintraining.

Re:contact your clients (3, Insightful)

Quantumplation (1692804) | more than 3 years ago | (#31872760)

<sarcastic troll> They did it on CSI... </sarcastic troll>

Re:contact your clients (1)

Yvanhoe (564877) | more than 3 years ago | (#31872570)

And explain to them how email is not a way to do business on the web if they are not cryptographically signed. Sorry, I may sound like an asshole, but this is a flaw in the email protocol that everyone accepts and deals with. This is the kind of things that will more and more happen until people ask for something more robust.

Re:contact your clients (1)

Lumpy (12016) | more than 3 years ago | (#31872786)

you forgot another one...

He also needs to take a baseball bat and beat himself in the head. Leaving LIVE billing accounts anywhere is pure stupid. you CLOSE those accounts when you close up shop. Even pay-pal will allow you to close up shop and shut down an account.

That's just criminally sloppy.

It's Russia (-1, Offtopic)

girlintraining (1395911) | more than 3 years ago | (#31871898)

A lot of people will try to offer technical solutions to your problem. Your problem isn't technical.

You're living in Russia. Set a trap, lure them in, and then... explain the problem to them. Greed is an easy thing to manipulate in others and one is never so easily fooled as when one believes they are fooling others. Don't bother with the police, they'll only give you a pat on the head. They have more important things to do. Sorry that's the way it is, but it is what it is. Put your ear to the ground and follow the money. Don't bother with trying to sniff them out online -- follow the money. Audit trails are far harder to erase than web server records.

Re:It's Russia (-1, Troll)

Sperbels (1008585) | more than 3 years ago | (#31872800)

How the fuck is this a troll? Seriously people have been dishing out the negative mods way to freely lately.

A crazy Idea (0, Troll)

Monkeedude1212 (1560403) | more than 3 years ago | (#31871900)

You sound like you've taken care of most of what you can... so...

Get a bunch of hackers together and tell them to do their best to DDOS your old site!

Re:A crazy Idea (4, Funny)

Anonymous Coward | more than 3 years ago | (#31872108)

That's a rather dangerous and almost certainly illegal thing to do.

However, I was thinking about suggesting that he post the URL here so that people here in slashdot could take a look at the site and get some ideas about what to do about the ...
 
...oh, wait.

Re:A crazy Idea (1)

WrongSizeGlass (838941) | more than 3 years ago | (#31872156)

Get a bunch of hackers together and tell them to do their best to DDOS your old site!

I believe this kid [yimg.com] is available.

Contact all your clients (-1, Troll)

Anonymous Coward | more than 3 years ago | (#31871902)

And let them know they hired an asshole.

There's only one thing you can do (2, Funny)

FreeUser (11483) | more than 3 years ago | (#31871908)

"Take off and nuke 'em from orbit. It's the only way to be sure."

Oh wait, they're in post-soviet Russia...
(Sirens wailing)
That probably wasn't a very good--
[NO CARRIER]

Russian hosting (3, Funny)

blackraven14250 (902843) | more than 3 years ago | (#31871912)

Good thing your site is hosted in Russia. That makes things a whole lot easier.

Re:Russian hosting [Dancing with 3rd-World] (1)

Tablizer (95088) | more than 3 years ago | (#31872700)

Good thing your site is hosted in Russia. That makes things a whole lot easier.

Exactly! If you accept the benefits of cheap 3rd-world labor, you have to also be ready to accept the ugly downsides. In Soviet Russia, the cake eats you too.
       

fight back (5, Insightful)

toxygen01 (901511) | more than 3 years ago | (#31871916)

check the dns domain registrar of theirs and report domain abuse.
that's what whois information is about too.

talk to a lawyer (-1, Troll)

Anonymous Coward | more than 3 years ago | (#31871924)

not to take down the cloned site but to prepare for the wave of lawsuits (civial and criminal) that you're going to be hit with. See, you've broken your fiduciary duty big time and are facing jail time, fines, and any lawsuits. Hope you enjoy getting ass-raped in prison sucker.

Re:talk to a lawyer (1)

Skreems (598317) | more than 3 years ago | (#31872592)

How the hell is this modded informative? The guy didn't leak any financial data. This is the equivalent of moving out of a leased storefront and the next tenant contact Visa and saying, "Hey, I'm still here, could you pretty please send me a copy of all the records again?" and them doing it just because the address is the same.

Try to have the DNS entry removed (1, Informative)

Anonymous Coward | more than 3 years ago | (#31871932)

You MIGHT be able to at least force their registrar to shut down their DNS registration, thus removing both the site and the email addresses from the web.
I don't know how it works for fraudulent sites, but for Spam pointing at a clearly "spam-vertized" site I found this tool useful:
http://spamtrackers.eu/wiki/index.php/Complainterator
It helps you look up the responsible registrars for a domain and gives you their contact information, so you can ask them to remove their DNS entries.
Not sure how likely they are to help, especially if the registrar is in Russia or China (I read some horror stories about the lack of cooperation from some registrars in those countries), but you never know...

Re:Try to have the DNS entry removed (4, Informative)

Archon-X (264195) | more than 3 years ago | (#31872360)

There's a problem with these automated tools - and that is that they're the shotgun approach.

We run some mainstream sites, and we also allow affiliate promotion.
We have a zero-tolerance spam / mailing policy, but that doesn't stop people trying.

If or when complaints come through (SpamCop, SpamHaus, etc) - we deal with them, and nuke the affiliates - we're just as anti-spam & fraud as the BL guys.

The problem, however, is that with the use of this / these tools, when DNS, upstream and network providers are scatter-bombed with complaints, over, and over, you end up getting blacklisted. Even if you're not in the wrong, you get blacklisted.

If you've ever been on the end of a SpamCop / SpamHaus complaint, as much as they may have intended to setup a good service, their 'service' is incredibly partial.

For example, the latest email back from SH to our host, when we had banned a fraudulent affiliate:

Let's talk about removing the customer instead of offering up yet another affiliate excuse.
Regards,
-- The Spamhaus Project (SR22) http://www.spamhaus.org/ [spamhaus.org]

Their website 'evidence' archives are full of libel and blackmail - if you email SH with a fake complaint, and say that company X participates in money laundering, international fraud and spam - they'll publish it - without an ounce of fact checking.

Somewhat off topic, but these issues burn - who watches the 'watchers' / internet 'police'

More To It? (2, Insightful)

s7uar7 (746699) | more than 3 years ago | (#31871950)

How do they know which third-party web services you used to use, unless it's one of your old clients?

Re:More To It? (1, Insightful)

Anonymous Coward | more than 3 years ago | (#31872130)

It probably wasn't difficult at all, really. I would guess that he signed up for all those services with a fairly generic e-mail address like mail@domain.com, companyname@domain.com, clients@domain.com, etc., which they've probably re-created. Once those addresses started getting e-mail from the third-party services, they were in.

Re:More To It? (1)

Chrisq (894406) | more than 3 years ago | (#31872326)

How many services have a "lost your password? enter email address here". If you abandon a domain name you really must make sure that you change the registered email address of any service registered using it. Its easy to forget if you are used to just accessing the site with username and password.

Re:More To It? (4, Informative)

Nadaka (224565) | more than 3 years ago | (#31872372)

It probably wasn't even that hard. Once they own the domain, they can park a standard email server on it and capture email sent to the domain, they don't even need to implement the specific addresses.

Re:More To It? (1)

petermgreen (876956) | more than 3 years ago | (#31872482)

And even if the addresses were a little unusual between looking at the old website on archive.org and watching which addresses still get spam in the mailserver logs it's probablly pretty easy to figure out what addresses used to be used on a domain.

Re:More To It? (1)

The MAZZTer (911996) | more than 3 years ago | (#31872684)

It's even easier since you can set up a "catch all" inbox to catch any e-mails to the entire domain. At least cpanel lets you do this. I keep it off because it tends to catch mostly spam to randomly generated usernames@mydomain.

Re:More To It? (0)

Anonymous Coward | more than 3 years ago | (#31872574)

Many of his customers might be publicly identifiable if their web sites are carrying a badge linked to his web site.

Ramon Samudio (-1, Offtopic)

Anonymous Coward | more than 3 years ago | (#31871954)

Parabéns pelo trabalho.
http://www.classeaflex.com.br

Business Ratings Sites (1)

lmnfrs (829146) | more than 3 years ago | (#31871964)

Find all the ratings and informational sites you can, and explain as prominently as possible what's happened. Show some evidence by explaining how to find the history of a domain's registration so people can see the ownership changed completely.

I assume you've been in contact with previous clients to learn they're being billed, so tell them they can report false billings on that type of site.

Don't let valuable/vulnerable domains expire? (4, Insightful)

Bourdain (683477) | more than 3 years ago | (#31871972)

Wouldn't it just be cheaper/easier to just never let even remotely valuable/vulnerable domains expire since it costs so little to keep renewing them?

Re:Don't let valuable/vulnerable domains expire? (0)

Anonymous Coward | more than 3 years ago | (#31872066)

How very helpful.

helpful indeed! (0)

Anonymous Coward | more than 3 years ago | (#31872456)

"help, I left a hundred dollars sitting on the restaurant table yesterday, how can I force the restaurant to give it back?"

Re:Don't let valuable/vulnerable domains expire? (5, Insightful)

uglyduckling (103926) | more than 3 years ago | (#31872134)

Yes!! You've hit on the perfect answer. Hindsight and a time machine can solve any problem. Bravo!

Re:Don't let valuable/vulnerable domains expire? (3, Funny)

doubleu606 (764072) | more than 3 years ago | (#31872182)

network solutions sales rep, is that you?

Didn't you notice? (1, Informative)

leighjam (1790848) | more than 3 years ago | (#31872202)

How come you didn't notice your website and email were down?

I used to work at a registrar and it's not like one day you wake up and BOOM the domain is gone. All give warnings weeks if not months ahead of time. Most give a couple days of leeway before turning off the domain. After they turn it off (i.e. no email, web or anything can use the domain) you have about 30 days before it goes into redemption, once in redemption it's a crap shoot if you can get it back but you still can.

If it was your business, then the domain is a valuable asset and should be treated as such. Much like a brick and mortar office. If you don't pay the rent, leave valuable customer information in file cabinets and are kicked out (after getting an eviction notice), don't complain if someone comes in and uses the space for a crack den and the customer info for their own nefarious purposes.

A few recommendations,

  • Use a reliable third party email account(i.e. yahoo, msn,gmail) for your contact info and NOT the domain in question
  • Make sure you check it all the time!!!!
  • Don't think your registrar is ALWAYS spamming you.
  • Renew domains for Christmas or another holiday, if you renew early the time just gets tacked on the end you don't looks anything
  • Renew domains for multiple years

Re:Didn't you notice? (1)

Rich0 (548339) | more than 3 years ago | (#31872316)

And what happens when you close your business?

Maybe he doesn't want that domain any longer. Why should he have to pay for it forever just so that nobody else uses it?

And what will DNS look like in 100 years when 95% of all domain names belong to companies that no longer exist but refuse to let anybody recycle it?

Re:Didn't you notice? (4, Funny)

John Hasler (414242) | more than 3 years ago | (#31872366)

> A few recommendations...

a) Read the article.

Re:Didn't you notice? (0)

Anonymous Coward | more than 3 years ago | (#31872582)

b) what article? c) ..... d) profit!

Re:Didn't you notice? (1)

Bourdain (683477) | more than 3 years ago | (#31872934)

was there an article besides the several line initial post?

Re:Didn't you notice? (0)

Anonymous Coward | more than 3 years ago | (#31872864)

How come you didn't notice your website and email were down?

From TFS (emphasis added):

I used to run a small web design service, the domain for which I allowed to expire after years of non-use.

Any questions?

ok, so you abandoned it and your customers (-1, Flamebait)

Anonymous Coward | more than 3 years ago | (#31871974)

you abandoned the site (for years), let it expire, ignored your historical customers (remember this is *years* you said) and now someone else has picked up the ball where you left it?
to be honest, i have little sympathy for your situation and it sounds that you are more pissed that they are making money by working rather than your own abandonment.

good luck to them.

Re:ok, so you abandoned it and your customers (1)

Anonymous Coward | more than 3 years ago | (#31872224)

Insightful? The new site owners are scamming his old customers by billing FRAUDULENTLY. If this were just them doing more work maybe the above post would not be a troll.

Re:ok, so you abandoned it and your customers (1)

spydabyte (1032538) | more than 3 years ago | (#31872376)

agreed. it sounds like to me that he stopped working on a website, stopped offering a service, and let everything expired. That leaves a great business plan for someone to start where you left off. If the people are paying for a service they aren't receiving, that's their fault. If the Russian "cloners" are actually providing the same service you did, then good for the Russians.

The only other issue I can see here is copyright / stolen corporate identity, which if you don't know what to do already (contact a lawyer and file an international law suit?) then there's nothing you can do.

Would contacting ICANN help? (1)

areusche (1297613) | more than 3 years ago | (#31871998)

From readings on here, I've discovered that for a couple thousand dollars ICANN can take domain names from squatters and pass them off to you. Granted if it was some other business who wanted the domain name I'd say don't worry, but this is a clear case of fraud. So would Icann be able to help in this matter?

If TV Has taught me anything... (2, Funny)

0100010001010011 (652467) | more than 3 years ago | (#31872016)

The only way to deal with the Russians is with the Italians or the Irish.

So either:

"Say hello to my little friend"

or

"This guy takes a blunt object, fuckin', waah! Hits the guy with the bandages around his head, right? Why? 'Cause he's smart. He knows the guy with the bandages around his ass, he ain't goin' nowhere. He's goin' fuckin' nowhere. "

Re:If TV Has taught me anything... (0)

Anonymous Coward | more than 3 years ago | (#31872304)

"Where you going? Nowhere!"

Re:If TV Has taught me anything... (1)

allcaps (1617499) | more than 3 years ago | (#31872562)

"When are you going? Fast!"

Re:If TV Has taught me anything... (1)

AtomicOrange (1667101) | more than 3 years ago | (#31872520)

Not to be a pain in the ass, but "Say hello to my little friend" Was Tony Montana - Cuban. So would Cuban/Mexican drug cartels work?

Re:If TV Has taught me anything... (0)

Anonymous Coward | more than 3 years ago | (#31873024)

Scarface was Cuban. Thanks for defaming Italians.

Dear Anonymous Coward (-1, Offtopic)

Anonymous Coward | more than 3 years ago | (#31872018)

Don't Blink. Blink and you're dead. Don't turn your back. Don't look away. And don't Blink. Good Luck.

Re:Dear Anonymous Coward (-1, Offtopic)

Anonymous Coward | more than 3 years ago | (#31872082)

Is there a Doctor in the house?

Re:Dear Anonymous Coward (0, Offtopic)

allcaps (1617499) | more than 3 years ago | (#31872538)

Is there a Doctor House in the?

Re:Dear Anonymous Coward (0)

Anonymous Coward | more than 3 years ago | (#31872910)

Russian mafia.... blink and you're dead... the joke went completely over the moderators heads, a.k.a. ''woosh''.

Copyright Violation (0)

Anonymous Coward | more than 3 years ago | (#31872032)

Why not go after them for copyright infringement?

Contact the FBI (3, Insightful)

Orga (1720130) | more than 3 years ago | (#31872040)

I assume this is a form of wire fraud, international at that.

Not many options, but to ease your conscience... (3, Insightful)

HikingStick (878216) | more than 3 years ago | (#31872062)

To ease your conscience, pull together your old contact list and let your former clients know that you've not been running the business (or charging for services) for years. Advise them of the current scam, and hope they get your message before they pay the bad guys.

While I have your attention, shame on you for letting your business go dark without tying up the loose ends (e.g., informing your customers). I feel for your customers.

Re:Not many options, but to ease your conscience.. (1)

macbeth66 (204889) | more than 3 years ago | (#31872420)

While I have your attention, shame on you for letting your business go dark without tying up the loose ends (e.g., informing your customers). I feel for your customers.

Bingo! The OP deserves every heartache he gets for leaving his old business in such a state. I hope he does get sued and serves as a lesson to others.

Re:Not many options, but to ease your conscience.. (1)

RealGrouchy (943109) | more than 3 years ago | (#31872454)

While I have your attention, shame on you for letting your business go dark without tying up the loose ends (e.g., informing your customers).

Who's to say he didn't? He could very well have tied up loose ends, but that doesn't stop the scammers from invoicing the former customers anyway.

- RG>

Based on my understanding... (5, Funny)

fuzzyfuzzyfungus (1223518) | more than 3 years ago | (#31872072)

Of how Russian Free Enterprise works, I would suggest either hiring hitmen to brazenly gun-down whoever cloned your site, if it is a relatively small operation, or insinuate that the cloner is an enemy of the state, and have him jailed on trumped-up tax evasion charges, if it is a large operation.

If neither of these options suits, I hear that Polonium is the new Earl Grey...

See if you can negotiate a cut if you help them? (1)

enaso1970 (759924) | more than 3 years ago | (#31872084)

You should know some inside intelligence in dealing with your clients? Seriously: 1) Contact anyone you did any business through the site and explain the situation to them. 2) Contact their DNS registrar and complain 3) If they have an SSL cert - contact the issuing authority and complain 4) Buy a zombie army (computers or people) and attack!

Phishing filters (4, Informative)

ISurfTooMuch (1010305) | more than 3 years ago | (#31872086)

Just an off-the-wall idea here, but check to see how to report this site to Mozilla and Microsoft to get it into their blacklist of phishing/scam sites. If I got something from a site, and, upon trying to visit it, my browser's filter warned me about it, I might suspect something fishy is going on.

Doing this is by no means a complete solution, but it could get you part of the way there.

hmm (1)

nomadic (141991) | more than 3 years ago | (#31872090)

File a UDRP complaint and get the domain name back. Won't fix matters, they'll still have access to your customers it sounds like but at least it will help.

Nuke the cloners from orbit (0, Redundant)

Daimanta (1140543) | more than 3 years ago | (#31872096)

it's the only way to be sure

ICANN (5, Informative)

carp3_noct3m (1185697) | more than 3 years ago | (#31872100)

Check out Uniform Domain Name Dispute [internic.net] Resolution. It is often overturned in court, and isn't always effective, but taking back control of the domain in whatever way possible is more than likely the only way you will fully recover from this. Otherwise you are simply on a damage mitigation mission.

Re:ICANN (4, Insightful)

v1 (525388) | more than 3 years ago | (#31872268)

the problem I see with this though is it's not like the domain was stolen. He allowed it to lapse while having email addresses on that domain still recognized by clients. They legally registered it, and are now making life hard for him. He screwed up, and can't go running to the authorities for that alone. Now clearly they're being fraudulent WITH the domain, but they obtained it legally, so that makes it a lot harder to legally take away.

Re:ICANN (4, Insightful)

Rich0 (548339) | more than 3 years ago | (#31872414)

Additionally, it doesn't sound like he even wants the domain back. He just wants people to stop using it to impersonate him.

Suppose I own a domain, and want to stop using it. No big deal - I let it lapse. I don't want to pay for it - I don't need it. However, if somebody were to register it expressly for the purpose of impersonating me, I'd certainly care about it!

The same thing can happen offline. Suppose I buy a home and phone number that used to be owned by Bill Gates simply so that I can impersonate him and clean out his bank accounts or whatever. Should Bill Gates need to dispute my purchase of the home? That isn't what is at issue.

The problem is fraud, not domain ownership in this case.

The real solution is to not tie identity to a domain. Sure, you can deliver based on a domain, but emails should be encrypted to a certificate, and signed by a certificate, and identity should be based on that.

For whatever reason it seems like we live in this fantasyland where security and authentication is an afterthought in almost all internet protocols...

Re:ICANN (3, Insightful)

MobyDisk (75490) | more than 3 years ago | (#31872464)

They are committing fraud.

If you sell your house, and I move in, that does not mean that I can legitimately use your credit card just because I have your mailing address.

Re:ICANN (5, Interesting)

ISurfTooMuch (1010305) | more than 3 years ago | (#31872314)

Excellent idea! If you file the claim, the scammers have to file a reply, or they lose by default. Since people like this are bottom feeders who move from one scam to another, I seriously doubt they'll want to expose themselves by filing a response. Like cockroaches exposed to a light, they'll scurry away.

Re:ICANN (0)

Anonymous Coward | more than 3 years ago | (#31872332)

Or......sell the rights to your former domain to the Chinese. That should take care of the Russian site cloners fairly effectively. As for the Chinese site cloners, well.......you have my sympathies.

Close your accounts! (2, Interesting)

iamapizza (1312801) | more than 3 years ago | (#31872106)

Why didn't you close your third party accounts when you were shutting down your old site?

Re:Close your accounts! (2, Informative)

John Hasler (414242) | more than 3 years ago | (#31872264)

Many sites do not allow accounts to be closed. Try to close your Slashdot account, for example.

Re:Close your accounts! (3, Funny)

Anonymous Coward | more than 3 years ago | (#31872298)

It worked!

Re:Close your accounts! (1)

T Murphy (1054674) | more than 3 years ago | (#31872556)

...and now I've registered with your old username and will extort all your old friends for karma.

Re:Close your accounts! (5, Funny)

Chrisq (894406) | more than 3 years ago | (#31872394)

Try to close your Slashdot account, for example.

Bastard. now I've got to re-register.

Re:Close your accounts! (1)

Linker3000 (626634) | more than 3 years ago | (#31872928)

Some swine managed to grab my old /. account 'Anonymous Coward' and now posts over and over again using it - Grrr.

Trace? (2, Funny)

Anonymous Coward | more than 3 years ago | (#31872218)

Create a GUI interface using Visual Basic to track their IP address.

Done.

Re:Trace? (0)

Anonymous Coward | more than 3 years ago | (#31872346)

I ran out of mod points, I think what was posted above is funny as hell! Mod it up!

Form an Empire... (0, Offtopic)

DarthVain (724186) | more than 3 years ago | (#31872278)

and ally yourself with a "Trade Federation".... then use hordes of mechanical robots to fight a "Clone War".

You might not win, but some asshole may make a few shitty movies about it anyway...

Obligatory (1)

Wowlapalooza (1339989) | more than 3 years ago | (#31872286)

Clones are people two.

In (non-)Soviet Russia, sites clone YOU

Props to them (-1, Troll)

Orga (1720130) | more than 3 years ago | (#31872320)

At least someone made money from your business

How did they get ... (1)

Rambo Tribble (1273454) | more than 3 years ago | (#31872390)

... the client account data? I should think that the answer to that question would define your options for legal recourse. Ultimately, liability may befall your former ISP, the usurpers, or yourself, depending on that answer.

Always use a perm email (1)

Bruha (412869) | more than 3 years ago | (#31872404)

It's not good practice to use your domain email as a email for any domain registered tools. If your domain was down for whatever reason you have no recourse to reset any passwords etc, and as we can see this issue can crop up.

Unfortunately for the OP and I hope that his former customers would understand, he could be held liable, but I hope those impacted will just take it on the chin.

Re:Always use a perm email (1)

Chad Birch (1222564) | more than 3 years ago | (#31873034)

Where exactly do you get one of these "perm emails" that aren't tied to any sort of service that might go down or disappear in the future?

Fight Back (1)

topcoder (1662257) | more than 3 years ago | (#31872424)

Give them nothing, but take from them everything!!!

This one is too easy... (1)

thepike (1781582) | more than 3 years ago | (#31872472)

In mother Russia, site clones you.

Re:This one is too easy... (0)

Anonymous Coward | more than 3 years ago | (#31872826)

Easy, yet you screwed it up. It's SOVIET Russia.

Pre-empt (0)

Anonymous Coward | more than 3 years ago | (#31872672)

I would suggest a pre-emptive strike, but as you may know the Russkies have that big ass Doomsday Device, so please don't.

Where is the soviet russian joke? (0)

Anonymous Coward | more than 3 years ago | (#31872698)

In Soviet Russia websites clone YOU!

Similar happened to us (1)

Sporkinum (655143) | more than 3 years ago | (#31872794)

I was part of a LAN gaming group. It was pretty much dieing anyway since more and more people were getting broadband then. Anyhow, we lost contact with the guy that had the domain, so we were not able to renew it when it expired several years ago. A few months ago, I was going through some old bookmarks, and lo and behold, the site was up and running. The forums weren't functional as they were based on custom code that they didn't manage to get. Other than that, it looked the same. The new domain contact info resolved back to some Russian place. BTW, there was no commercial value to the site, but it was a cool blast from the past to see it up again.

Slashdot the site (2, Funny)

dmesg0 (1342071) | more than 3 years ago | (#31872798)

Publish the link to the site on Slashdot (and don't forget to mention it has some free pr0n). The site will die within minutes, after the first 10 million slashdotters visit it.

A choice (0)

Anonymous Coward | more than 3 years ago | (#31872804)

Kill them.

Doesn't smell right... (2, Insightful)

ArundelCastle (1581543) | more than 3 years ago | (#31872840)

The site-cloners are now using my old email addresses to gain access to old third-party web services accounts (invoicing tools, etc.) and are fraudulently billing my clients for years of services.

Assuming your domain's e-mail has been bouncing for *years*, how in the hell did perfect strangers a world away(?) dig up your data? This sounds like something that happens after an unshredded trash rummage.
1. How do they know what all your internal e-mail addresses were?
2. How do they know what your web services were?
3. How do they know who your clients were?
4. How do your clients believe you're still doing work for them after years of silence?
5. How are these web services still holding your account data after years of inactivity? Invoice tools ain't free.

Hard to believe we're getting the whole story here. I think Ask Slashdot just got phished.

would you like to play a game? (1)

flahwho (1243110) | more than 3 years ago | (#31872884)

Global Thermonuclear War. That'll take care of those pesky Russians!

Don't Fight It, Help Out! (1)

DynaSoar (714234) | more than 3 years ago | (#31872908)

I can think of no better way to develop the sort of relationship you want with these people than to give them some assistance. A new web site offering credit card numbers, pr0n of various disgusting kinds and passwords to similar sites, "secrets of hacking [x]'s government sites", an enormous list of movies and such available for download, an international banking concern planned to assist others in recovering funds from dead relatives' accounts, and as many similar offering as you can imagine, is just what's needed. Of course the contact information should be theirs (even if it had been yours previously). Advertising it on usenet should help spread the word. Whatever you can do to send them /.'ing levels of traffic of all kinds will help make your point. Also, publicizing their contact info on multilevel marketing sites/newsgroups and Chinese manufacturer/wholesalers sites will get them more offers than it would take to please any such assholes. Devote some thought and time to it and I'll bet you can cause them far more trouble than they've caused you. And your old clients? Let them know that as the new owners of your old service, they'd be glad to service pets and farm animals on webcam and/or DVDs sent free for the asking. Currency exchange by email at 1:1,000 rates. Sex tour vacations for $200 including airfare. Official funds collection point for unspecified non-governmental armed freedom fighter organizations world wide. Recovered/liberated fissionables, pure plant extracts direct from South American mountains and middle eastern flower fields, all for pennies a day!

And of course if any of these attract enough public attention and appear to be illegal, law enforcement at the cloner's location as well as elsewhere would almost certainly want to know.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>