Arsehole ripping entire sites using a wild card.
 

This was posted on another board and I'm here to warn you all.

I got onto my host and they are blocking him hotlinking our sites.

It can be done to any site and might screw with your SE listings

QUOTE]hey there guys

i was checking some links from yahoo and i accidentally found this

http://shopping.gabrio.com.1bu.com/ basically he ripped our entire blog + links, everything....and i have never seen such a thing, yet he is also ripping and running on his domain '1bu.com' all the pages, but serving the pictures from our server (thus hotlinking), AND if you look more carefully, he also changed all our referral links and sponsor links.....now, look at the row on the right, you will notice our hardlinks, he ripped off those as well, and on each of those sites, the links are changed there too!!

for example, some other domains he's doing this...

http://www.freeones.com.1bu.com/ => and EVERY site freeones.com is linked with....
http://www.pornstargalore.com.1bu.com/
http://www.nurglesnymphs.com.1bu.com/

they are all loading fucking slow, his server is infact in china, but it's worth the wait.

is there anything we can do to stop him doing so?[[/quote]

This is fucked up...when I click my sponsor links at mysite.com.1bu[dot]com they show up in the browser with my ref code, but it's sponsorsite.com.1bu[dot]com/my-refcode. What the fuck is the point of all this?

I wonder how you report an asshat like this to the Chinese Government...maybe they'd be kind enough to shut him down for us.

Try "Chinese Police" in Google, might come up with something.

yeah man that's all fucked up, hopefully we can join forces together and have them to shut down, first of all, remember to block his IP tho

Done that as well.

same here ;-)

Is there a search we can do to see if he's ripping our sites? If he's changing the sponsor codes on ripped sites, the best way to close him down (besides sending a DMCA notice to his ISP which may not work if he's really in China) would be to contact those sponsors and pressure them to drop his accounts.

Simply replace freeones.com with your domain name and you'll see your site there too. He's doing it to millions of sites!!!!!!
http://www.greenguysboard.com.1bu.com/

Anybody have the capability for a DDOS? :)

I've had no luck so far tracking down the Chinese government site to report this assfuck. Reproduction of every porn site on the internet on a Chinese server should certainly interest them :)

Absolutely amazing. He seems to have a problem with flash though, so all we need to do is redesign our sites in flash and the problem vanishes |angry|

ffs mine are there too.. one thing tho is he seems to have a problem with phpadsnew banners :) it seems to be keeping my sponsor codes... try pun-an-i.com.1bu[dot]com

are you sure this is a direct copy of these sites or is it only a proxy service? I just did a google translation of the http://www.1bu.com/ page and it says:
"Accesses the net the safety first, the welcome uses the 1bu homepage ..."

Plus going to sites like the greenguy one and clicking on the images, you see their properties are still from the original site, ie, http://www.greenguysboard.com/images/gjenter4.gif

I really think this is only a proxy service.

cheers,
Luke

also, check out http://www.greenguysboard.com.1bu.com/board/index.php
all updates are done in real time, so there is no way this site is copying and storing other people's sites, it is only proxying and redisplaying them.

altho I don't totally understand what a proxy is I think chilihost is right. Plus they are doing it with seemingly all domains because I have mainstream ones in it that there isnt any point to copy

Its a proxy server. The following code will block it:

.htaccess
If you have an ErrorDocument 403, it will rewrite those through it's system.

However, since it is a proxy, and it is serving dupe content, I would think it would be worse to allow the proxy to continue since google could deem it as duplicate content.

This will at least break it for javascript compliant people. Meta-refresh's, location redirects, etc are all rewritten.

.htaccess
br.html
I'm not quite sure it was originally done with malicious intent -- it is a caching proxy server running on IIS it seems. I think someone just had a link that was followed, and google did its thing.

Here's a tip that has worked well for years, because that site is FAR from the only site the rips content, keeping a htaccess code preventing them can be a pain or almost impossible.

However, to my knowledge no bots can submit a form, and you can pretty easly add form links to your site, like when clicking on a gallery or on a pic.. Surfers won't know the difference between it and a standard link, but making it impossible for a bot to rip your entire site...:)

Well I do this stuff for a living and don’t want to go much into it. Simple answer he is this.. Heres a tracert to the box. Most the response is normal considering the distance of the country. But as you will see on line 23 that's your lag point. That’s the place to start with stopping this. China telecom is just that. It's an ISP for China and if memory serves me, they tried to ban any and all porno from that country a few years back so contacting this company would be the first place to go. They prob can't do much other then block the B or C range which from experience only makes these Aholes run to another un-secure box. So even though it may go away for a few days most likely result will be pissing off the guy at the back end and he will only start up again but much worse. Getting people like this takes a constant look out from experienced security experts and even then they are dealing with well educated, unemployed young/men/boys who just don’t give 2 SH***. In fact the Chinese government won’t look to hard for him. As far as they are concerned he is (Unofficially) helping to stop a capitalistic country. Sorry which I could help more.
1 2 ms <1 ms <1 ms wr850g.motorola.com [192.168.10.1]
2 18 ms 8 ms 9 ms 10.91.0.1
3 15 ms 22 ms 16 ms dstswr1-vlan2.rh.jcsnnj.cv.net [67.83.247.33]
4 18 ms 14 ms 31 ms r1-ge12-2.mhe.prnynj.cv.net [67.83.247.1]
5 15 ms 22 ms 12 ms r2-srp13-0.wan.prnynj.cv.net [65.19.112.18]
6 15 ms 15 ms 22 ms r2-srp1-1.in.nwrknjmd.cv.net [65.19.112.84]
7 74 ms 19 ms 36 ms GigabitEthernet2-0.GW2.EWR17.ALTER.NET [157.130.
253.237]
8 57 ms 27 ms 17 ms 0.so-6-0-0.CL2.EWR6.ALTER.NET [152.63.28.50]
9 22 ms 21 ms 20 ms 0.so-6-3-0.XL2.NYC8.ALTER.NET [152.63.16.38]
10 26 ms 35 ms 25 ms 0.so-3-0-0.XR2.NYC8.ALTER.NET [152.63.19.34]
11 20 ms 37 ms 15 ms 182.ATM6-0.BR1.NYC8.ALTER.NET [152.63.23.173]
12 15 ms 18 ms 67 ms 200.atm6-0.pr1.lga2.us.mfnx.net [208.184.231.245
]
13 21 ms 22 ms 19 ms so-6-0-0.cr1.lga1.us.above.net [64.125.27.134]
14 41 ms 39 ms 41 ms so-1-0-0.mpr1.iad1.us.above.net [64.125.28.61]
15 18 ms 17 ms 40 ms so-1-0-0.cr1.dca2.us.above.net [64.125.28.125]
16 46 ms 29 ms 32 ms so-5-1-0.mpr2.atl6.us.above.net [64.125.29.37]
17 106 ms 34 ms 35 ms so-0-0-0.mpr1.atl6.us.above.net [64.125.27.49]
18 84 ms 59 ms 83 ms so-3-1-0.mpr2.iah1.us.above.net [64.125.29.62]
19 120 ms 56 ms 61 ms so-0-0-0.mpr1.iah1.us.above.net [64.125.31.61]
20 87 ms 200 ms 83 ms so-4-1-0.mpr2.lax9.us.above.net [64.125.29.101]

21 197 ms 89 ms 95 ms above-oc12.china-telecom.net [64.125.12.126]
22 111 ms 93 ms 99 ms 202.97.49.129
23 352 ms 337 ms 343 ms 202.97.51.221
24 343 ms 349 ms 334 ms 202.97.33.157
25 364 ms 370 ms 379 ms 202.97.40.110
26 347 ms 348 ms 362 ms 202.97.26.153
27 353 ms 340 ms 349 ms 202.97.64.218
28 379 ms 367 ms 324 ms 219.129.22.238
29 359 ms 349 ms 346 ms 219.129.21.137