It doesn't matter if it hurts your “SEO efforts”. It matters that someone has pointed a different site’s DNS at your server ... and you’re allowing it to happen. If the site had a domain-name canonicalization redirect in place, the problem wouldn’t exist.

There are several dozen, if not hundred, threads about domain-name canonicalization, variously in the Apache or IIS subforums. (You don’t specify.) If you’re on nginx there isn’t a subforum just for you; people generally post in Apache and hope for the best.

Bottom line: This is not an SEO question; it’s a server configuration question.

I don't believe that domain is "pointed" at your server.

Can't say for sure until i see it but it sounds like php curl method of site replication. It is really a super simple script that can mirror an entire site and serve it as is or even with changed elements (changled logo, word substitutions, their own ads, whatever).

Don't know how "worthy of effort" your site is but they are probably adding backlinks and such in effort to boost their copy up in serps, and google is retarded enough to make it work.

What you need to do:
- check your server logs to find their real IP, since they are probably behind cloudflare, and block it through your hosting company
- dmca their domain provider
- dmca their pages in google
- dmca their host
- dmca cloudflare (they are %%%holes that rarely do anything, but still do it)

Not sure what lucy24 is talking about though, because any part of code (including canonical stuff) can be altered to make it seem as if it is their own.

Yes btw, it will hurt your SEO if you sit idle and watch it happen.

Aside from what @lucy24 said, gold rule, only let your server answer YOUR domains and reject/ignore everything else, always.

Thank you, everyone.

This is weird.

I'm not that tech-savvy, but this is what my server guy did: he pointed the Plesk default page when accessing the IP, not to the website. And it worked, when I entered the .life domain it said: "page not found". But now it's redirecting to my server again.

Not sure what to do...

They copied your site and serve it from their own server. To prove it, add some test word on your live page and access this page via the .life domain; the test word should not appear there.

@Selen... no. Just no. This is way more complex than that.

@Selen

I've added a word to the contact page, and it appeared when their domain was in the address bar as well.

[edited by: Robert_Charlton at 7:42 am (utc) on May 12, 2019]
[edit reason] Removed reference to deleted post. [/edit]

Ok so that's better because it's easier to block (still, they could serve the copied static pages if you block their IP). My guess is they use one of the TOR Ips (look it up and confirm if it's one of a TOR IP).

What weird is, I've added the test word on the contact page, and when I checked it I've noticed that my support email changed as well to the .life version: suppport @ mysite . life.

[edited by: Robert_Charlton at 7:50 am (utc) on May 12, 2019]
[edit reason] Removed reference to deleted post. [/edit]

@Selen So the task is to find out their IP, then block it in the htaccess file, right?

They replace your domain, probably via <base> - see in your HTML source.

Yes, it would be the first / best step.

You should be able to clearly find the requests in your access logs if they are showing your pages on their domain. That will give you the IP address.

Not sure what lucy24 is talking about though, because any part of code (including canonical stuff) can be altered to make it seem as if it is their own.

And, conversely, not sure what “canonical stuff” is intended to mean here.

Domain-name canonicalization means: If a request comes in to your site, giving a hostname that is anything other than the exact form of your sitename that you want to see, then redirect to the said exact proper form. In general this applies to with/without www, and more recently to http vs. https, but it also applies in less common scenarios such as requests with an appended port number or, worst case, requests for some entirely different domain that has pointed its DNS at your server. A properly coded redirect will take care of everything in a single step.

I've added the test word on the contact page, and when I checked it I've noticed that my support email changed as well to the .life version: suppport @ mysite . life.

Both things changed? The newly added word, and also the contact address? Or did you mean that while checking for the new word, you only then happened to notice that the address is different? Hmm.

Is the email in your support form hard-coded--“example.com” written out explicitly in the html--or does it use a php-or-similar synonym that translates as “insert the present sitename here”? If it’s the latter, then “example.life” is exactly what you would expect to see, since the server “thinks” it is handling a request for example.life.

@lucy24
Yes, I'm well aware of what you're talking about and I already said it in my first response here that this is NOT a domain pointed to his server.

I will quote myself now:

Can't say for sure until i see it but it sounds like php curl method of site replication. It is really a super simple script that can mirror an entire site and serve it as is or even with changed elements (changled logo, word substitutions, their own ads, whatever).

Additionally, it can also be done through CloudFlare apps.

Since I've seen plenty of this over the last couple of years, those suggestions that you speak of will do nothing.

In fact, there is very little options for "attacked" website to do, because a savvy black hatter can lift up a mirror of your site in a matter of minutes, and there is no real detection method to know when and how many times he did it (unless you're obsessively checking server logs and all IPs in it).

You will see it happened:
- when your traffic drops
- when you start seeing your content on unfamiliar identical site
- when you notice a sudden bunch of backlinks coming in from mirror site

Once again -there is no protection for this. You can solve/remove it when you see it but you can't prevent it for the future.

Only thing you can do when you notice it is a bit of "damage control"
- dmca everything (cloudflare, host, domain provider, google)
- block the particular server from access

Googleshould be the one to make these kinds of blatant exploits not worthy doing, but instead, google indexes and eats up such obvious duplicate content like it is made out of candy.

Thank you, everyone, for the help.

I found the IP in the access logs and blocked it. Also DMCAed Cloudflare, Namecheap, Digital Ocean, and asked Google to remove it from the index.

I also blocked all IP ranges from Cloudflare to disable their site-cloning apps.

I have to say that even though this wasn't a pleasant experience, I learned a lot from it.

Thanks again!

I happen to be in a niche that I see this type of thing ALL the time, lucky me. What I noticed is that they simply test to see if it will get them some traffic(it doesn't) and they take it down a few weeks later, move it to the next potential victim. Getting those canonicals right on your domain goes a long way but it's more complicated than that.

Examine where you might leak traffic(rankings) to such a setup....

- Images. If they copy your page but NOT your images it's possible that your site ranks well in image search but not in web search. I've seen MANY pages that rank in image search not be allowed to rank in web results. To be clear - perform a search for your content in Google's web search and take note when you get a result in the top 5 in the images section, this will often block you from ranking at all in web(text) results. If they don't serve images they can rank on web and deny you further in this situation.

P.S. Google really needs to look into why an image result in related images can deny a text result, it's still happening.

- Combined with negative link campaign. If you don't get canonicals right a competitor can link to versions of your page so that Google uses those instead of your intended url. When Google does that you usually get a lower ranking from that wrong page and the copied site competes with a better version of your own page and content.

Bottom line is that it's automated and if they don't see traffic from it they move along. Canonical tags help a lot and consider not allowing Google to rank your images until they stop those "images related to" sections from eclipsing the text ranking you'd otherwise have gotten. I complained about this back in 2009, ten years later it still happens and it actually benefits content scrapers.