2.18.6. The site was copied by hackers

In modern realities, a rather frequent problem of popular services can be cloning of their websites by cybercriminals. Most often, such cloning is aimed at phishing or intercepting orders. A clone of a site is a very big problem for the service, as potential customers leave, and their data can be stolen and used by outsiders.

Site cloning can be done in several ways:

• Copying HTML layout and all related site files. Usually this is done by a certain parser bot, which bypasses all pages and copies their content in a ready-made HTML format. These bots are pretty easy to track down.
• Copying HTML layout with downloading all files from an existing site. A fairly common way to copy a site, because it is easier to implement and does not require copying and placing many files. Just an HTML version of the pages is enough, and all other files and resources will be downloaded from the donor site.
• Obtaining files from the donor site. This is most often the most time consuming method of cloning, but such a site cannot be distinguished from a donor site, and it is also extremely difficult to deal with such copies.

If it was found that the site was completely copied, then the following recommendations should be followed:

1. Restrict site access to the IP addresses of the server hosting the clone site. This action can help in cases where the site is simply automatically copied by bots. For this:
   1. Obtain the IP address of the server of the clone site by making one of the following example requests to it:
      • V Windows command prompt:

        nslookup example.com

      • In Linux terminal or macOS:

        host example.com

      • In any terminal, run the command:

        ping example.com

        
        Instead example.com use the required domain.

   2. Block access from the obtained IP to access restrictions or in file .htaccess.
2. Install protection on the site HotLink... This protection will help in eliminating the possibility of uploading site files to a clone site.
3. V site settings disable the option "Add Access-Control-Allow-Origin: * header for static files":
4. Change all passwords on sites and in adminpanels hosting, turn on two-step authenticationand also change passwords for FTPusers and database users.
5. After completing the initial steps to eliminate the possibility of cloning, you need to analyze web server logs for the presence of requests to all pages from one or several IPs in a short period of time. You should also check the data available in the section analysts, where a suspicious number of requests from one IP can be found or many 404 responses that can appear when using a parser bot to copy a site.
6. All logs should be checked FTP, account authorization log, logs of authorizations in the admin panel of the site, if any, and other available data.
7. Since access to the site files could be obtained using CMS vulnerabilities or plugins, you should update all plugins to the latest version, and also check for new versions of the CMS core. Additionally, it is worth using plugins that can help protect the site from hacking.
8. You should contact search engines to indicate the theft of site data and cloning it. This method is not always effective, but still possible.
9. After all the actions taken on the hosting, you should contact the hosting provider where the clone site is located and the police for further investigation.