Tags:




How do I get a spoof website down quickly?
December 31, 2004 2:55 PM   RSS feed for this thread Subscribe

Any ideas on how to get a fraud spoof website down quickly? (MI)

It has just to come to my attention, via smart web surfers who thought to ask, that someone is using the corporate logo of the place I'm the webmaster at to try and "legitimize" their spoof website for tsunami relief "donations." This is just disgusting to the extreme, and I have decided to pull out all the stops in order to get this thing offline as quickly as possible. Aside from the obvious "write PayPal, the registrar, and every name linked to the episode, even though most of them are probably fake" thing, does anyone have any suggestions of things I can do NOW about this? No hope of getting a lawyer on the case until Monday, so I'm looking for advice...
posted by Pufferish to law & government (24 comments total)
Go after the hosting provider, or, if it's self-hosted by the slimeballs, go for the upstream provider. Do a traceroute, find out where things land, and get on the phone. Most ISPs of reasonable reputation have 24/7 staffing, so contacting them shouldn't be too much of a problem.
posted by aberrant at 3:12 PM on December 31, 2004


Yeah, already tried that, but unfortunately it doesn't appear I'm dealing with a reasonably reputable provider this time. Thanks for the suggestion, though!
posted by Pufferish at 3:17 PM on December 31, 2004


This is probably asking the blatantly obvious.. but you are 100% sure it's a phishing/scam arrangement, right? It's not just a site set up for comedy (no matter how tasteless) value, right? I'm guessing it's not from what you're saying, but if it is, and they're not really trying to take no money, then well.. you can't do anything.
posted by wackybrit at 3:23 PM on December 31, 2004


Yep, live donation button to a working PayPal account. The very first thing I did was verify it was real account and contact PayPal about it.

Though even if it had been comedy, I'd still be after 'em demanding the logo of my company be taken off the page. Gotta protect our good name and all...
posted by Pufferish at 3:32 PM on December 31, 2004


Go after THAT provider's provider. Seriously -- if you can demonstrate a reasonable case that this is fraud, most places will take action pending getting the other side of the story.
posted by aberrant at 3:35 PM on December 31, 2004


I'm working my way up the line, but no luck getting a human yet. Going to keep trying until I do, though. I don't suppose this popping up on a holiday weekend was an accident. Grrr.
posted by Pufferish at 3:58 PM on December 31, 2004


Can you share the name(s) of the provider(s) you're trying to contact?
posted by aberrant at 4:03 PM on December 31, 2004


Yeah, I say share names and point providers to this thread so we know that if they don't act immediately, all 20 thousand of us will never use their services. (Line starts behind me.)
posted by You Should See the Other Guy at 4:09 PM on December 31, 2004


If you are giving the money you collect to a larger agency i.e. Red Cross or UNICEF, I would contact them also to see if they know of someone or someway to get it shut down quickly. Furthermore, they might have some bigger muscles in the form of attorneys or contact with the Feds.
posted by sillygit at 4:11 PM on December 31, 2004


I could, but I finally just got ahold of him, so I'll be kind and give 'em a chance to act on the information before I besmirch their name. If I don't quick results, then I'll lose all sense of mercy.
posted by Pufferish at 4:17 PM on December 31, 2004


"Him" being the operator of the name server they're using. Never type while angry, oops.

Though since I've confirmed the guy SAW the site, I'm only giving him about fifteen minutes to turn it off before I lose patience.
posted by Pufferish at 4:26 PM on December 31, 2004


So of course MF would go down just then. Ah well.

WARNING FOR THE CURIOUS: Lots of pop-unders and spyware garbage at the following website, do not go there without proper shielding.

incybernet.com is our offender (lack of link intentional). The logo they're flying belongs to the company I work for, though I think they grabbed it by mistake, thinking we were the Cybernet in Australia. Aside from claiming to be accepting cash donations and using our logo (among others), they're also claiming to be PayPal verified -- which they aren't (I actually sent them a penny to make sure).

They use 0catch.com as their name server, which is run by a company called Free Hosting Solutions Inc. in Utah. This place actually exists, because I had a human on the phone via their given number a while ago. He tried to hem and haw about it being legit, but said he'd deal with it immediately when I insisted that at minimum our corporate logo was there without our approval or consent, plus that whole claiming to be PayPal verified when they're not thing. So, of course, it's still there... hardly a surprise.

0Catch.com is not just a name server, but a site that makes their money off tons of banner ads on hosted sites, including a metric ton of ads on the offending site. Not really a big surprise there, either.

The "logo" they stole is actually only included as a floating object at banner size, so presumably it can be easily replaced later, along with the first word of the text. Nice.

Not sure if the bottom bit is verbatim spoofed from the Red Cross or not, but I contacted them about the use of their logo anyway -- interestingly enough, they not only apparently don't care, they were actually very snotty with me for calling to report it in the first place. I'll admit THIS surprised me.

Next up the line in the traceroute is eli.net -- that's going to be a hard one, since I really doubt they'll cut off all of 0catch's service. But what the heck... nobody else seems to care if someone steals money meant for disaster victims. I just must be some kind of wacko liberal or something.

I've researched, called and written a lot that I'm not adding because it would be way too long, but any other advice? Or is it just forget it for now and start throwing around cease and desist letters like they're going out of style on Monday?
posted by Pufferish at 5:52 PM on December 31, 2004


There really isn't a lower form of scum... I hope that, due to its terribly unprofessional design and sketchy Paypal account, not many people are fooled by this.
posted by delfuego at 6:13 PM on December 31, 2004


Me too. The fact that someone wrote and asked if it was legit makes me hopeful... but I'd feel better if they'd thought it was so obviously fake that they'd just written to report it instead.

Thanks for the suggestions, everyone. I -will- see it gone, one way or another.
posted by Pufferish at 6:24 PM on December 31, 2004


It's a little brutish but you could always just submit the story to Slashdot and let nature take its course. That would effectively take the site down while you sort it out with the proper authorities.
posted by pookzilla at 6:46 PM on December 31, 2004


Yah, don't hold out too much hope on eli -- I understand that they're fairly black-hat, esp. from a spam perspective (google news.admin.net-abuse.email for more).

You probably know this already, but here's the whois info:


Domain Name: INCYBERNET.COM
Reseller..............: PlanetDomain
Created on............: 16 May 2004 00:00:00 EST
Expires on............: 16 May 2005 00:00:00 EST
Record last updated on: 16 May 2004 00:00:00 EST
Status................: ACTIVE


Owner, Administrative Contact, Technical Contact, Billing Contact:
n/a
lynda Mcleod (ID00118532)
371 cambridge rd mornington
hobart, tasmnia 7018
Australia
Phone: +61.0662448054
Email: transferin@getdotted.com

Have you tried contacting planetdomain? Contact info from whois is

Phone: +61.399234590
Email: mkester@support.planetdomain.com


Good luck. You can definitely get the corporate lawyers involved on Monday, if it's really a rip of your logo.
posted by aberrant at 6:53 PM on December 31, 2004


Yeah, my finger's been twitching on the "submit story to slashdot" button for a while now. I thought I'd best exhaust all "quieter" options first, but it's definitely still tempting.

I've been making calls and contacts to every name and number I can attach to this from whois and google and whatnot, and I'm thinking I'll call the local police in Hobart next and see if they are interested in checking the legitimacy of that contact info. Even got a note into yahoo, in case they'll suspend the e-mail account being used for the spoof PayPal account. Might as well try everything, no matter how silly it seems...

If nothing else, I've got a calid number to someone who IS in power to do something about this. I can become one hell of a nuisance.
posted by Pufferish at 7:43 PM on December 31, 2004


Ugh, valid, not calid. I'm taking a break now.
posted by Pufferish at 7:44 PM on December 31, 2004


I admire your patience and willingness to take the high road on something so infuriating and profane. But I won't hold it against you if you decide to play dirty. These guys are truly scum.
posted by drpynchon at 7:58 PM on December 31, 2004


I say submit it to Slashdot. Hopefully the editors there will have the sense and care to use the bandwidth-draining power they have at their disposal to put this guy under.
posted by armoured-ant at 8:22 PM on December 31, 2004


Heh. Only reason I'm taking the high road so far is because I know that's what my company would prefer me to do. Me personally, I'd prefer to just nuke 'em from orbit.
posted by Pufferish at 8:23 PM on December 31, 2004


This may sound unintuitive, but start out by making a paypal payment of a non-negligible sum (say $5.00)

Then use PayPal online automatic dispute resolution service to claim that you were not shipped your product or defrauded, etc.

The dispute will not be reviewed by a human at PayPal for some time, but they will immediately disallow withdrawal of money from the account. People will still be allowed to put money in, but the owner will not be allowed to take money out.

This usually takes at least a week to resolve, which allows your lawyers time to work their magic and hopefully by the time the dispute would expire, a human at paypal would have refunded everyone's money.

This doesn't prevent them from making money on the ads, but they won't get any more donations.
posted by PissOnYourParade at 9:40 PM on December 31, 2004


POYP, you have made my morning. I was just thinking that the site's finally gone now, and was kinda happy something had been done but kinda upset that maybe I couldn't pursue this any further... but the very first thing I did when I found this was donate one cent to the account so I had a financial tie just in case I needed to use it later.

Now I know what to use it for. Thank you!
posted by Pufferish at 11:01 PM on December 31, 2004


non-negligible
posted by seanyboy at 3:11 AM on January 1, 2005


« Older Trying to identify two things....   |   A friend just had a premature ... Newer »
This thread is closed to new comments.


Related Questions
Fraudulent Telemarketers on my Cell Phone! August 7, 2008
Identity theft - help! June 23, 2007
I need a fake ID detector! May 16, 2007
How screwed are we? March 1, 2007
How do I deal with check fraud? December 22, 2006