Ask HN: How to deal with someone ripping off your design? | Better HN

69 comments

64 comments · 27 top-level

timdorr13y ago· 11 in thread

It's actually quite easy: Find their host and, if they're in the US, issue a DMCA notification:

   $ dig resinternationalgroup.com

   ;; ANSWER SECTION:
   resinternationalgroup.com. 18788 IN	A 66.206.15.100

   $ dig -x 66.206.15.100

   ;; ANSWER SECTION:
   100.15.206.66.in-addr.arpa. 3600 IN PTR cpanel.siteplot.com.

Send the email over to support@siteplot.com. If that doesn't work, go up to their datacenter:

   $ whois 66.206.15.100

   ...
   OrgAbuseHandle: NETWO5887-ARIN
   OrgAbuseName:   Network Admin
   OrgAbusePhone:  +1-509-209-8000
   OrgAbuseEmail:  network@cyber-world.com
   OrgAbuseRef:    http://whois.arin.net/rest/poc/NETWO5887-ARIN
   ...

Email it over to network@cyber-world.com or support@cyber-world.com.

Here's a good template from Scribd: http://support.scribd.com/entries/22980-DMCA-copyright-infri...

pmelendez13y ago

They seems to be in Europe though... what happens in that case?

Cthulhu_13y ago

It's still a copyright violation; the DMCA, as mentioned above, is (iirc) more related to sharing of copyrighted materials on websites that host user-generated content (such as copyrighted videos on youtube or copyrighted visuals or code on github). The DMCA doesn't apply or need to be mentioned here, as the pre-DMCA copyright laws already cover this.

timdorr13y ago

The copyright violation is coming from a server hosted in the US, so it's subject to US laws.

It would be the same if I took a DVD from the US that doesn't have a copyright in another country, went to that country to copy it, and then tried to sell it back in the US. It doesn't matter where I'm making the copy, it matters where I'm distributing it.

jiggy201113y ago

Hopefully they will just honour DMCA regardless.

They probably rip off designs in the hope that they won't get found out. As soon as it looks like a hassle they will hopefully just move to ripping off someone else.

Amarandei13y ago

Even if they aren't in the US, the majority of hosts will still accept DMCAs.

escaped_hn13y ago

That would be an abuse of the DMCA since its just a design (see Flat-Ui).

DanBC13y ago

No.

This is directly using (even hotlinking some assets) the OPs copyrighted materials.

FlatUI had 3 icons that were "similar"[1] to icons in LayerVault. There wasn't any clear copying of assets.

[1] for some values of similar, including "not similar".

jre13y ago

FlatUI was inspired by another website. In this case, both websites seem to have copied all the assets up to the javascript from gocardless since they received sentry notifications.

meerita13y ago

If they do the same design, but using different bits, they're not copy. But yes, they copied the design, files and everything, this changes the rules of the game. Now you can sue them for that, but you cannot stop people of using the typography, colors and layout of any design, that's called style.

It's silly the ripp-off, made me laugh.

okamiueru13y ago

Not sure if you read the description provided. They ripped the source code as well, not just the design. That goes under copyright, as would copying someones graphic assets. If it were using similar graphics or design, then yes, it isn't a copyright issue.

rorrr13y ago

Why? They are stealing OP's copyrighted works and posting them on their website.

charliepark13y ago· 6 in thread

Just add this to your JavaScript onload (and replace "yourdomain", of course):

    if(window.location.origin.indexOf("yourdomain.com")<0){
      window.location.href = "http://yourdomain.com";
    };

kls13y ago

The question would be if they just grabbed a static snapshot of the site and are using that or if they are actually still pointing back to some of the stolen sites files. If they are pointing back to the stolen sites JavaScript files then yes it would be very easy to redirect the traffic back to their site. Given that the code resides on their server they are completely within their rights to do so as well. I would also minify the JavaScript file as well, so the change is not immediately apparent to them. Make them work to figure out why the code they have stolen is not working.

Mahn13y ago

...unless they copied the JS files instead of linking to them directly, of course. Note to self: add remote self-destruct function within any JS I ship.

benmanns13y ago

Second note: Make it time delayed (set statically to something like 2 weeks from compile time). Then, when they use the script in development it works, but in 1-2 weeks it breaks in their production site. Otherwise, they will just find out why it isn't working and remove the self-destruct function.

johnx123-up13y ago

I think, better approach would be to change your HTML files and link them to newer version of JavaScript files. But, in old JavaScript add a virus code that blanks the page or do some kind of notice

jacobr13y ago

You just linked to a domain registrar, please use example.com in examples.

Mahn13y ago

I'm having a hard time trying to picture people on HN reading the comment and thinking "cool! yourdomain.com! I wonder what's in there!"

sageikosa13y ago· 4 in thread

The classic counter-punch to resource linking is to make some of the resource grabs dynamic based on the referrer. I remember one site host who realized someone was using his images for avatars on various forums, and changed the contents to p0rn.

bradleyland13y ago

You've got to be really careful when doing something like this. Basing the decision to display porn to users based on the value of the referrer (or any technical factor for that matter) is asking for trouble. Valid visitors' browsers should send your site as the referrer, but what if your check fails and a legitimate users is shown porn instead? What if you introduce a bug that causes many, or all, of your users to see porn instead of the intended content?

Serving porn from a business oriented domain is never an option, IMO.

It sucks when someone rips off your content, but you have to carefully evaluate the real impact it has on your business, not just the emotional impact that it has on your sense of ownership.

sageikosa13y ago

I agree, doesn't have to be p0rn; just the example I remember.

Cthulhu_13y ago

The less offensive form of this kind of hotlinking prevention is to provide a small-sized image with the URL of the website it was taken from, or a hotlinking notification, not pr0n unless you want to offend unsuspecting visitors. The person that hotlinks an image for usage as a forum avatar won't even realize it most of the times because his browser cache kicks in.

sageikosa13y ago

IIRC, other users on the forum started complaining that the offending user was using pr0n, he (or the forum owner) then complained to the person from whom content was being leeched who promptly told them to suck it.

Tzunamitom13y ago· 3 in thread

Send them a cease and desist letter - you can find free templates online (http://www.free-legal-document.com/copyright-cease-and-desis... is one I just found).

The more professional you can make it look the better chance you won't have to resort to a solicitor.

kanamekun13y ago

You don't have to necessarily resort to a solicitor/lawyer in this scenario. If they are using your exact HTML/CSS/JavaScript and don't quickly respond and/or comply, you can always file a DMCA takedown notice:

http://www.smashingmagazine.com/2009/12/18/my-website-design...

Most hosts will quickly take down the website, giving you a cost-effective way to stop the issue. However I'd strongly encourage you to pursue a more friendly approach first, to give them a chance to do the right thing. (The site owner may not be the one who actually stole the design.)

wheaties13y ago

I'll add that if they're a legitimate site they'll be mortified but if they're an illegitimate site, they'll quickly move to open up shop somewhere else.

That said, if they're costing you money because of your sentry issues or causing you support issues that you can document, you have just cause for a lot of actions.

AdamTReineke13y ago

If/when that doesn't get a response (if they stole a design, who says they'll honor a C&D?), contact their web host.

huhtenberg13y ago· 2 in thread

I'm going to bet that this is a setup for the phishing scam. Random addresses and phone numbers, fake endorsements, blatant design rip-off - it all points rather unambiguously at a quick-and-dirty attempt at creating a believable online presence. It could've been just a designer's "sketch" or a proof of concept for a client if it weren't for two clones. This indicates that this is a redundant setup, with possibly more clones floating around, but with the JS files fixed.

Your best bet would be to contact the hosting providers and say just that.

If this is indeed a part of the scam operation, you should also prepare yourselves for a website redesign, because if the scam gets on its way, then your visuals may end up being associated with the scammy websites rather than with your genuine business.

pc8613y ago

The secure broker website has already been flagged by my work firewall as a phishing site.

seferphier13y ago

phishing scam websites spend a lot of effort to fake their website.. amazed.

ratherbefuddled13y ago· 2 in thread

There is something fishy here.

The Secure Broker Online company is not registered with Companies House in the UK.

The Kensington Gardens Square street address is that of a hotel and the CA address looks fake too from StreetView.

I would guess somebody's nicked your design to create a fake portfolio for a CV, or it's being used for fraud.

minikomi13y ago

Also the address of Tofman Energy Services ... ? http://www.tofmannenergyservices.info/Contact%20Us.html

Peroni13y ago

It appears the phone number they use is also the number for the Phoenix Hotel that uses that address.

jcutrell13y ago· 2 in thread

I actually set up a quick Heroku deploy to help identify when people are downloading our code and running it on a different domain than ours (just sends us an email). Most of the reckless folks stealing our stuff don't identify the little bit of JavaScript I've thrown in there, and we get a lot of these alerts. It also sends us the domain the code is running on. Of course, we aren't worried as much about localhost.

The JS also replaces the content on the page, and shows a "you shouldn't be doing this" kind of alert; we've had a TON of hits on this. It happens literally daily.

We have yet to file for DMCA takedown - good plan for those who are legit stealing.

However: I have a strong opinion on these things.

Specifically, if people are stealing your stuff, see what you can do to innovate past them. Ideas will always be stolen; edge and innovation can't be stolen.

Sometimes it's legit to call people out. Sometimes DMCA takedowns are needed. Sometimes, it's time to man up and beat the system. One step ahead, and all that jazz.

ameen13y ago

Any particular reason why you've been repeatedly targeted by such individuals? Some of them could be related and if targeted might cease abusing your code.

jcutrell13y ago

Well - it probably has to do with the fact that the site was featured on awwwards.com and a few other CSS-gallery type sites. Not 100% sure, though; the attention comes from all over the place.

glimmung13y ago· 2 in thread

I notice they're using eBay, AutoTrader and Gumtree logos. Don't know about the other two, but have known AutoTrader come down like a ton of bricks on muppets who abuse their brand - dob 'em in!

(Although if they are as shady as they look, there may not be an entity to come down like a ton of bricks on - this looks like fraud to me)

glimmung13y ago

More brand abuse here: http://secure-broker-online.eu/company

The FSA, RBS and Wells Fargo might want to be aware of this, too.

culshaw13y ago

CEO of Auto Trader might have something to say too http://secure-broker-online.eu/escrow-process

Peroni13y ago· 2 in thread

Secure Broker Online: 1-8 Kensington Gardens Square , London, W2 4BH

Knock on their door and ask them directly.

kaolinite13y ago

Seeing as the two rip-offs are seemingly the same 'service' and yet have very different addresses, I suspect the addresses are fake.

Peroni13y ago

It appears you're right. The address above is actually the Phoenix Hotel.

stuartmemo13y ago· 1 in thread

I'd stop worrying about it and concentrated your energies elsewhere. By thinking about stuff like this you're focussing less on your own product, which is the important thing. If people are copying you, then you're most likely ahead of the competition anyway.

dabeeeenster13y ago

Given that they just did a big upgrade that has broken their API I would agree, and we're one of their biggest fans and customers!

testing1234123413y ago· 1 in thread

Add a check to the javascript files for those domains, then have it execute a while(1);.

This is semantically the same what Google does with their JSON responses [1]

[1] - http://stackoverflow.com/questions/2669690/why-does-google-p...

csomar13y ago

Nope, it's not the same. Google doesn't check for the domain; Google does this to prevent cross site scripting. (Accessing the JSON as a JavaScript file).

The OP doesn't have a JSON, he has a JavaScript file.

petenixey13y ago· 1 in thread

I'm guessing that the traffic from this will alert them pretty soon so either way you'll want to take action quickly Hiroki.

Might be fun to hellban them, alter your JS to show visitors nothing when they visit their sites. Won't last for long but if you only do that for visitors with fewer than 3 visits then it'll take them a little while to figure it out.

solistice13y ago

I'm not sure about the legality of this option, nor the alternative I'd suggest. Instead of hellbanning their site, try redirecting their traffic to your own site.

markdown13y ago

OT, but I'd like to suggest an improvement in your FAQ:

> Who is GoCardless for?

> Anyone can use GoCardless...

As far as I can tell from the rest of the website, you are a UK startup, and your service is useless to Taifusi in Samoa or Raj in Bangladesh.

lucb1e13y ago

The other comments already indicate it's a fake, so I wouldn't worry about it too much. I myself would have some fun with the Javascript files that they're hotlinking; have it break the website or do something funny (cornify). They have no reason to complain. And I'd ask them if they could stop copying my website (perhaps propose a reasonable time, like a month, but do nothing afterwards). Then I'd let it be.

hellweaver66613y ago

You can prevent hotlinking of your JS and CSS files using your server config (for instance, in .htaccess on Apache). That will make it harder but it won't stop them copying the files locally. Lots of tutorials to prevent this are a quick Google away. You could even serve up an alternate CSS file for offenders that warns them from hotlinking your resources by prepending something to the body tag that is styled like a massive warning box and hiding everything else.

xhedley13y ago

The business problem isn't the ripoff, it's the fraud in your business space of easy online direct debit set ups. If lots of fraudsters set up in this area with convincing sites, your customers' customers will worry about providing their bank details. Suggest talking to your sponsoring direct debit bank about shutting the fraudulent sites down. Or you could report to actionfraud.police.uk but I suspect your bank has better connections.

csomar13y ago

Here is my suggestion:

1. Send a DMCA notice [https://news.ycombinator.com/item?id=5367936].

2. Blank their page with JavaScript. While it's legal to redirect the traffic to your site (it's YOUR JavaScript and there are no Terms for its use), you'll probably mislead people and make them think that you are the phishing site. Not worth it, in my opinion.

cwisecarver13y ago

Use the "is this my domain" javascript trick and then remove all elements from the DOM. Better yet, location.href them somewhere else.

ep10313y ago

As a side note, where are those gray icons at the bottom coming from? I needed a light bulb like that on my last project, and ended up having to slap together something on photoshop

andyhmltn13y ago

I would take comfort in knowing that the sign up form at http://resinternationalgroup.com/ is impossible to finish :-)

amarco13y ago

http://resinternationalgroup.com/ - Looks to have a live operator that you can talk to and ask questions as well?

jentulman13y ago

I wonder if Ebay, Autotrader and Gumtree might also be interested in throwing some weight behind this given how prominently their brands are featured on the landing page.

kmfrk13y ago

http://www.plagiarismtoday.com/ has all the information you need in notifying affiliates and filing a DMCA.

dquigley13y ago

Well they do have a live chat on those two pages. Might as well make use of it! Or you could contact their live chat provider and mention the copying. They might care.

zeeg13y ago

First time I've seen this use-case for Sentry :)

(I didn't actually see Sentry within the source code, was I missing something?)

apeace13y ago

It's simple. Make money off your idea before they do. Good luck!

the113y ago

submit a DMCA takedown notice. and blog about how mean people are when they complain about it.

j / k navigate · click thread line to collapse