Help please! Domain being duplicated and URL spoofed many others as well

[smokey99]

Hi,
I am really PO'd and worried right now.
I own mightygrip.ca

Someone in China is duplicating my page and hundreds of others even spoofing the url
Look at this
http://www.mightygrip.ca.1bu.com/mighty_grip.html

This 1bu.com is doing this to many big sites, I think this is why I got knocked way down in the SERPs.
THey also use 1bu.net

They ad to the end of the page title "fliter" and a number, yes fliter not filter
Search fliter on google and see what I mean, they show up a few pages down.

Look at all these,

ttp://www.microsoft.com. 1bu.com/
ttp://www.mapquest.com. 1bu. com
ttp://www.google.co.uk.1bu. c om
ttp://www.internet-optimizer.com. 1bu. com/contact.html
ttp://www.dell.com. 1bu.com

Whats up with this, ??
I am about to email a bunch of sites he has done this to, but want to make sure this is not some legit thing, I don't understand (newbie)

I tried running a whois on 1bu.com and can't get results

I am hoping that these other big guys listed above will take action if I notify them.

Check your site as well, try typing your url and ad .1bu.com to the end, you might be surprised.

Please help,

Thanks
Scott

 

[JuniperPark]

Wow.... this is a realtime PHISHING site! They are parsing the URL, grabbing the content, and presenting it as their own!

Check THIS out:
http://www.dnforum.com.1bu.com/

Yeah, go ahead and type in your ID and password to THEIR system!

How about http://www.PayPal.com.1bu.com/

This need to be shut down. Their IP is 219.129.21.160.

 

[eSology]

Whatever that is they are doing it is in real-time. Take a look at the newest member here at dnforum and then look at the spoofed site.

 

[smokey99]

OK so I am not crazy!
I was thinking, being inexperienced that this may somehow be legit.
Should I email other affected sites?
Don't want to get into trouble for making wrong allegations
They must have done this to thousnads if not millions of sites.

Could this explain googles screwed up SERPs lately

Ohh I am po'd

THanks
Scott

So what do we do??

 

[actnow]

Juniper,

You are a lot smarter about this stuff than me.

But, isn't it just a variation of "framing"?

 

[jojoyohan]

Whois info:

WHOIS information for 1bu.com:

[whois.OnlineNIC.com]
The Data in OnlineNIC's WHOIS database is provided by OnlineNIC
for information purposes, and to assist persons in obtaining
information about or related to a domain name registration record.
OnlineNIC does not guarantee its accuracy. By starting a WHOIS
query, you agree that you will use this Data only for lawful
purposes and that, under no circumstances will you use this Data
to:
(1)allow, enable, or otherwise support the transmission of mass
unsolicited,commercial advertising or solicitations via e-mail(spam).
(2)enable high volume,automated, electronic processes that apply
to OnlineNIC Inc.(or its systems).

OnlineNIC reserves the right to modify these terms at any time.
By starting this query, you agree to abide by this policy.


Registrant:
Li Tong

Room A801 Shimao Square
Shenzhen,Guangdong,CHINA 518026


Domain Name:1bu.com
Record last updated at 2004-09-02 20:40:40
Record created on 2000/1/15
Record expired on 2008/1/15


Domain servers in listed order:
ns1.dns-diy.com ns3.zg1.net

Administrator:
nameno)
Email[email protected]) tel-- 0755-3676300
no
A801 World Trade Plaza,Fuhong Rd
\r
t shenzhen
Guangdong,
China

zipcode:518026

Technical Contactor:
nameTong Li)
Email[email protected]) tel-- +86-917-3229910

Room A801 Shimao Square
\r
t Shenzhen
Guangdong,
CHINA

zipcode:518026

Billing Contactor:
nameno)
Email[email protected]) tel-- 0755-3676300
no
A801 World Trade Plaza,Fuhong Rd
\r
t shenzhen
Guangdong,
China

zipcode:518026


Registration Service Provider:
name: LiTie
tel: +86.75582972300
fax: +86.75582972700
web:http://


His server is somewhere in china (host is http://www.8u8.com/ ).

 

[smokey99]

Good work JOJO, Juniper and everyone else.
Do we now report him to his domain host? and who else?
I want to get this guy quick.
I have emailed microsoft with a link as well as a few other large companies.
I figure they will have more clout in getting them shut down than me.

What can we do??
Scott

 

[James]

I tried running a whois on 1bu.com and can't get results

edit..already posted above

jim

 

[mr-x]

Their script is dynamic so it will work with any website.

Apache users can add thier IP block to your .htaccess file like this,
Deny from 219.129.21

FYI, the "official" penalty for hacking in China is death... or organ transplantation and then death...

 

[jberryhill]

But, isn't it just a variation of "framing"?

Not the phishing part, no.

Try some banks.

http://www.bankofamerica.com.1bu.com/

 

[smokey99]

tres,
to create .htaccess file , I open notepad
insert text

Deny from 219.129.21

and name the file?
.htaccess

Then put in root of my web?

Is there a name before .htaccess ?
Will it stop them if they already have my sight? (static sight)

Thanks

 

[mr-x]

Yes, but .htaccess (notice the . in front of the file name) only works with Apache.

For IIS, you will have to conact your hosting provider, use your control panel or write a script to block the IP address.

The content isn't static, copied from your web for each request.

 

[JuniperPark]

Not the phishing part, no.

Try some banks.

http://www.bankofamerica.com.1bu.com/

Yep... I'm prompted to enter my Bank of America login at the URL above, and it is sent to THEIR server! That's phishing!


Richard,
It's not framed at all -- they are collecting all data between the pages. I don't they're doing it with good intentions. I see their call hit m server when I visit their page.

 

[smokey99]

I just sent a news tip to CNN, showing them their spoofed site, and pointing out others.
I figure heat will, put these guys out of business.
I am going to try that .htaccess file
Thanks for the tip
Scott

When I create the .htaccess file in notepad and transfer to my www root
it comes up as .htaccess.txt is that ok and correct?
Thanks

 

[JuniperPark]

I just emailed the registar, OnlineNic.com, and told them I was putting my credit card info in, but why do they have such a funny URL?

Hopefully they will terminate the domain name.

 

[smokey99]

That .htaccess file didn't seem to do anything, my site is still being displayed on 1bu.com
Do I place it in my www dir?
Should it have .txt extension?

 

[mr-x]

When I create the .htaccess file in notepad and transfer to my www root it comes up as .htaccess.txt is that ok and correct?
Thanks

No use ".htaccess"

 

[smokey99]

No use ".htaccess"

Sorry I feel dense,
I make the file in notepad which automatically is .txt

so now the file is .htaccess.txt
I can't seem to change it to extension .htaccess

Please explain.
Sorry me bad
Scott

 

[Moondancer]

Sorry I feel dense,
I make the file in notepad which automatically is .txt

so now the file is .htaccess.txt
I can't seem to change it to extension .htaccess

Please explain.
Sorry me bad
Scott

Do a rename and take the .txt off it.

 

[mmkrulz]

Do a rename and take the .txt off it.

before u do that, there should be a drop down menu on the bottom which is called: "Save Type As", select the "All Files" option and now save the file as .htaccess and it should do the trick.
plus i found some more info:


IP Whois Results:

Connecting to whois.arin.net...

Deferred to specific whois server: whois.ripe.net...

% This is the RIPE Whois query server #1.
% The objects are in RPSL format.
%
% Rights restricted by copyright.
% See http://www.ripe.net/db/copyright.html

inetnum: 0.0.0.0 - 255.255.255.255
netname: IANA-BLK
descr: The whole IPv4 address space
country: EU # Country is really world wide
org: ORG-IANA1-RIPE
admin-c: IANA1-RIPE
tech-c: IANA1-RIPE
status: ALLOCATED UNSPECIFIED
remarks: The country is really worldwide.
remarks: This address space is assigned at various other places in
remarks: the world and might therefore not be in the RIPE database.
mnt-by: RIPE-NCC-HM-MNT
mnt-lower: RIPE-NCC-HM-MNT
mnt-routes: RIPE-NCC-RPSL-MNT
changed: [email protected] 20010529
changed: [email protected] 20020625
changed: [email protected] 20031014
changed: [email protected] 20040422
changed: [email protected] 20040504
source: RIPE

organisation: ORG-IANA1-RIPE
org-name: Internet Assigned Numbers Authority
org-type: IANA
address: see http://www.iana.org
remarks: The IANA allocates IP addresses and AS number blocks to RIRs
remarks: see http://www.iana.org/ipaddress/ip-addresses.htm
remarks: and http://www.iana.org/assignments/as-numbers
e-mail: [email protected]
admin-c: IANA1-RIPE
tech-c: IANA1-RIPE
mnt-ref: RIPE-NCC-HM-MNT
mnt-by: RIPE-NCC-HM-MNT
changed: [email protected] 20040417
source: RIPE

role: Internet Assigned Numbers Authority
address: see http://www.iana.org.
e-mail: [email protected]
admin-c: IANA1-RIPE
tech-c: IANA1-RIPE
nic-hdl: IANA1-RIPE
remarks: For more information on IANA services
remarks: go to IANA web site at http://www.iana.org.
mnt-by: RIPE-NCC-MNT
changed: [email protected] 20010411
source: RIPE

Hope this helps. (source of this info was iwhois.us)