2.18.6. The site was copied by hackers

In modern realities, a rather frequent problem of popular services can be cloning of their websites by cybercriminals. Most often, such cloning is aimed at phishing or intercepting orders. A clone of a site is a very big problem for the service, as potential customers leave, and their data can be stolen and used by outsiders.

Site cloning can be done in several ways:

  • Copying HTML- layout and all accompanying site files. Usually this is done by a certain parser bot that crawls all pages and copies their contents into the finished HTML-format. These bots are pretty easy to track down.
  • Copying HTML-maps with downloading all files from an existing site. A fairly common way to copy a site, since it is easier to implement and does not require copying and placing many files. HTML-versions of pages, and all other files and resources will be downloaded from the donor site.
  • Obtaining files from the donor site. This is most often the most time consuming method of cloning, but such a site cannot be distinguished from a donor site, and it is also extremely difficult to deal with such copies.


This article provides only general recommendations for protecting a site and eliminating the possibility of cloning it. Each situation requires an individual approach.

If it was found that the site was completely copied, then the following recommendations should be followed:

  1. Restrict site access to the IP addresses of the server hosting the clone site. This action can help in cases where the site is simply automatically copied by bots. For this:
    1. Obtain the IP address of the server of the clone site by making one of the following example requests to it:
      • V Windows command prompt:
        nslookup example.com
      • In Linux terminal or macOS:
        host example.com
      • In any terminal, run the command:
        ping example.com

        Instead example.com use the required domain.

    2. Block access from the obtained IP to access restrictions or in file .htaccess.
  2. Install protection on the site HotLink... This protection will help in eliminating the possibility of uploading site files to a clone site.
  3. V site settings disable the option "Add Access-Control-Allow-Origin: * header for static files":
  4. Change all passwords on sites and in adminpanels hosting, turn on 2-step authenticationand also change passwords for FTPusers and database users.
  5. After completing the initial steps to eliminate the possibility of cloning, you need to analyze web server logs for the presence of requests to all pages from one or several IPs in a short period of time. You should also check the data available in the section analysts, where a suspicious number of requests from one IP can be found or many 404 responses that can appear when using a parser bot to copy a site.
  6. All logs should be checked FTP, account authorization report, logs of authorizations in the admin panel of the site, if any, and other available data.
  7. Since access to site files could be obtained using vulnerabilities CMS or plugins, then you should update all plugins to the latest version, and also check for new versions of the kernel CMS... Additionally, it is worth using plugins that can help protect your site from hacking.
  8. You should contact search engines to indicate the theft of site data and cloning it. This method is not always effective, but still possible.
  9. After all the actions taken on the hosting, you should contact the hosting provider where the clone site is located and the police for further investigation.