Here is a scam that's hard to describe and even harder to stop. I've spent the last several days reading and researching this to get an accurate name for it. I haven't found one that even applies to the situation. Its bit and pieces of several scams rolled into one.
This scam is a form of hijacking. The best way to explain it is to demonstrate it. Let's start with the below image:
This looks like the "Along for the Ride!" web site, doesn't it. Look a little closer... Look at the url. Pay close attention to the domain name. Who the blazes is northwestmarketingdirect.com and why is AFTR's content showing up under their domain and not my own?
Did they hack my secure sever? A close inspection showed the server was NOT hacked...
Are they coping my content to their server? After looking at the my server's logs, that's not the case.
Did they hijack my domain server? Yet again, no hacking detected and no signs of tampering. My domain servers are secured and locked...
So why is my content under their domain name? This is where things get real messy. Not only is northwestmarketingdirect.com displaying my content, but its indexed in the search engines with my content...
Hence, they are claiming my content as their own with what I call "Authority by default." Some SEO experts call this SEO hijacking, but the method used here doesn't fit that at all. The below image of a Google search illustrates this:
As you can see from the image, Google has their domain name with my content. It ain't over yet as this mess gets worse. After contacting my domain registrar, hosting service provider and the search engines, there is nothing I can do legally.
Read it again, there is nothing I can do legally. My copyrighted content is being stolen and I can do nothing about it. Before anything can be done legally, I have to prove malicious intent on the part of the owners of northwestmarketingdirect.com. One would think that it would be enough to see the a domain with content the originating owner did not authorize or give permission for would be enough.
It doesn't work that way because of the way this scam is perpetrated.
Now lets look into how this scam is actually done. Its actually very simple to do and requires no hardware or advanced knowledge. All you need to do is buy a domain name.
Yes, its actually that easy. Buy a domain name. Once you've bought your brand new domain name, you'll be able to use a domain manager for your registrar to configure your domain. Here is where the scam takes place.
All that needs to be done is point the newly created domain to an IP address. Lets demonstrate this by example of a very popular site, whitehouse.gov. I chose this example simply because only an idiot would actually try to scam the White House and if Google got a call from the Secret Service, they would not put out a letter telling the Secret Service they (Google) was going to do nothing, like they gave me.
The current IP address of the White House web site is 173.223.104.110, which rotates often. Now let's say someone creates a domain called obama-house.org and configures the DNS to point to 173.223.104.110. You now have both domain names pointing to the same IP address. This is perfectly legal and many companies do this with their domains, like sears.net and sears.org.
Because there is nothing illegal about this and permission is NOT required to do this, the scam now begins to take shape. Now all the owners of obama-house.org have to do is put a little money into search engine listings and back links. The result will be that the original domain will start to loose placement in the search engines, yet the scam domain will inherit all page rank and placements. Hence, the scam domain takes authority by default as the original domain can no longer be found in a search. At this point, the actual content owner now has to prove its their content.
Here's the kicker, because of having to prove malicious intent, all the scam domain owner has to say is something like this, "My apologies for the inconvenience, my DNS server was inappropriately configured. The problem has been resolved." That's it and the original domain owner is left with a mess to clean up while the scammer simply plug in another IP address to a popular site and repeat.
The original owner now has a damaged reputation, brand and unranked web site that can't be found in the search engine. This could also translate into lose of advertisers and profit.
I'm sure by now you're asking what payoff the scammer is going to get from this. If the scammer pulls this off, they'll get your page rank, search engine placement, and authority by default of your content. If your site had a front page listing, that could be big money once they scammer redirects the domain to their intended content.
It take years to build a good page rank and listing placement with quality back links. For this scam, years turn into only a few months...
Thankfully, there is something you can do to stop this. A couple of line in your Apache .htaccess breaks the whole scam and give you protection from this type of theft. I'm sure other servers have similar ways, but I only know Apache's as LAMP (Linux Apache MySQL PHP) servers are most common.
Two lines as your first rule in your .htacces are all you need to stop this:
The scam is now busted and your domain shows up as it should. The scammer is left with their domain name being ripped out of the search engines and your content, work, page rank, and site are still yours.
For me, northwestmarketingdirect.com will soon be a broken domain relegated to the garbage bin. Along for the Ride! and its contents are safe and it only took a few seconds to do.
This scam is a form of hijacking. The best way to explain it is to demonstrate it. Let's start with the below image:
This looks like the "Along for the Ride!" web site, doesn't it. Look a little closer... Look at the url. Pay close attention to the domain name. Who the blazes is northwestmarketingdirect.com and why is AFTR's content showing up under their domain and not my own?
Did they hack my secure sever? A close inspection showed the server was NOT hacked...
Are they coping my content to their server? After looking at the my server's logs, that's not the case.
Did they hijack my domain server? Yet again, no hacking detected and no signs of tampering. My domain servers are secured and locked...
So why is my content under their domain name? This is where things get real messy. Not only is northwestmarketingdirect.com displaying my content, but its indexed in the search engines with my content...
Hence, they are claiming my content as their own with what I call "Authority by default." Some SEO experts call this SEO hijacking, but the method used here doesn't fit that at all. The below image of a Google search illustrates this:
As you can see from the image, Google has their domain name with my content. It ain't over yet as this mess gets worse. After contacting my domain registrar, hosting service provider and the search engines, there is nothing I can do legally.
Read it again, there is nothing I can do legally. My copyrighted content is being stolen and I can do nothing about it. Before anything can be done legally, I have to prove malicious intent on the part of the owners of northwestmarketingdirect.com. One would think that it would be enough to see the a domain with content the originating owner did not authorize or give permission for would be enough.
It doesn't work that way because of the way this scam is perpetrated.
Now lets look into how this scam is actually done. Its actually very simple to do and requires no hardware or advanced knowledge. All you need to do is buy a domain name.
Yes, its actually that easy. Buy a domain name. Once you've bought your brand new domain name, you'll be able to use a domain manager for your registrar to configure your domain. Here is where the scam takes place.
All that needs to be done is point the newly created domain to an IP address. Lets demonstrate this by example of a very popular site, whitehouse.gov. I chose this example simply because only an idiot would actually try to scam the White House and if Google got a call from the Secret Service, they would not put out a letter telling the Secret Service they (Google) was going to do nothing, like they gave me.
The current IP address of the White House web site is 173.223.104.110, which rotates often. Now let's say someone creates a domain called obama-house.org and configures the DNS to point to 173.223.104.110. You now have both domain names pointing to the same IP address. This is perfectly legal and many companies do this with their domains, like sears.net and sears.org.
Because there is nothing illegal about this and permission is NOT required to do this, the scam now begins to take shape. Now all the owners of obama-house.org have to do is put a little money into search engine listings and back links. The result will be that the original domain will start to loose placement in the search engines, yet the scam domain will inherit all page rank and placements. Hence, the scam domain takes authority by default as the original domain can no longer be found in a search. At this point, the actual content owner now has to prove its their content.
Here's the kicker, because of having to prove malicious intent, all the scam domain owner has to say is something like this, "My apologies for the inconvenience, my DNS server was inappropriately configured. The problem has been resolved." That's it and the original domain owner is left with a mess to clean up while the scammer simply plug in another IP address to a popular site and repeat.
The original owner now has a damaged reputation, brand and unranked web site that can't be found in the search engine. This could also translate into lose of advertisers and profit.
I'm sure by now you're asking what payoff the scammer is going to get from this. If the scammer pulls this off, they'll get your page rank, search engine placement, and authority by default of your content. If your site had a front page listing, that could be big money once they scammer redirects the domain to their intended content.
It take years to build a good page rank and listing placement with quality back links. For this scam, years turn into only a few months...
Thankfully, there is something you can do to stop this. A couple of line in your Apache .htaccess breaks the whole scam and give you protection from this type of theft. I'm sure other servers have similar ways, but I only know Apache's as LAMP (Linux Apache MySQL PHP) servers are most common.
Two lines as your first rule in your .htacces are all you need to stop this:
RewriteCond %{HTTP_HOST} !^DOMAIN.*
RewriteRule .* URL [R=301,L]These lines need to go under the "RewriteEngine on" line. Here is what mine looks like:
RewriteEngine on
RewriteCond %{HTTP_HOST} !^tsswd\.net.*
RewriteRule .* http://tsswd.net [R=301,L]This works because in Apache, the %{HOST_NAME} variable is the domain name the visitor put in their browser or the one they clicked on. So what these lines are doing is checking if the URL coming into your site equals your domain name, if not then use a force (permanent) redirect that tells browser and (especially) search engines that non-matching domain is invalid.
The scam is now busted and your domain shows up as it should. The scammer is left with their domain name being ripped out of the search engines and your content, work, page rank, and site are still yours.
For me, northwestmarketingdirect.com will soon be a broken domain relegated to the garbage bin. Along for the Ride! and its contents are safe and it only took a few seconds to do.
