1. The solution is for dumb-ass Google to delist them.
2. Dense users need be more aware of the browser address location bar.

You cannot stop crime or scammers -- that has been proven over and over historically.

Every registry (where the registrar buys the names they sell you) has a AUP and TOS and will (or should ) accept certified mail or a FedEx / DHL overnight letter with a complaint at their PHYSICAL ADDRESS. ICANN says they need a physical address to accept mail at -- do the legwork yourself or hire a lawyer (or other qualified person) to do it for you.

Need to thank you for these registry tips. We had a domain lose its reg on the afternoon of the morning we filed an infringement notice for cloning.
We plan on using this method ALOT now because as you say scammers and criminals will not go away and it works. If you file the right complaint.

What about putting some super unique piece of text on your site and using google search api to check if it exists on any other domain to check if anyone has done this to your site?

Thats a good idea. We're doing a few things and have some friends helping as well.

I've had my sites heavily affected by this shit over the years.

You'll probably call me crazy but - http://www.clone-site.com - I wrote all that in a day.

Will expand on it during the following days, and I'm actually going to clone a few sites on subdomains, just to demonstrate it all.

Silly as it can be, but my goal is to get this shit recognized as an issue and to get google to provide some kind of "report tool" for affected sites.

Yeah, I know - but I'm an optimist.
:2 cents:

I'm not technical like the rest of our team here.. so hopefully I don't mangle this-

The feedback I'm hearing internally here is that Java code is the best way to address it. While it may need to be addressed on a case by case basis, writing a piece of code like that or to break the Iframe has been the solution we have used for more difficult ones. A clever hacker can work around Java obfuscation, too, though. One of our techs says "I've broken down sucuri's java obfuscation with a simple PHP script and a system call to the `node` java interpreter."

Sincerely,

Brad

Good to hear you got results. :thumbsup

I learned a long time ago shit flows downhill FAST.

Yes, this works perfect most of the times.

But: one site of mine did not react to the javascript. They had learnt to use the

tag which stops script execution in the iframe, so the javascript in my iframed site was never being executed.

Love the site. Very helpful. :thumbsup
You and Barry should hook up and create a solution to kill these fuckers.
Its obvious Google is less than receptive to helping.

Thats great advice. Your techs have been very helpful to us.
Still, we need a solution for people who are scraping and downloading our content to their sites. So far, no cure for that except to complain to cloudflare and the registries.
I'd like to block these guys before they create issues.

Google has all the money and technical resources to do something -- if they gave a shit. They don't give a shit -- that should be clear :2 cents:

Not very technical with javascript so maybe somebody can actually type this up. What I was thinking is that use the escape characters to obfuscate what you are doing with the javascript and do this:

1. window.location.hostname - if it doesn't match your domain then goto step 2:
2. insert a noindex <meta name="robots" content="noindex" />

It should be obfuscated so they really don't know what's going on. Some something like this:

<script language="javascript">
if window.location.hostname != '%79%6F%75%72%64%6F%6D%61%69%6E%2E%63%6F%6D
then
document.write(unescape('%3C%6D%65%74%61%20%6E%61% 6D%65%3D%22%72%6F%62%6F%74%73%22%20%63%6F%6E%74%65 %6E%74%3D%22%6E%6F%69%6E%64%65%78%22%20%2F%3E'));
</script>
that js is not correct but maybe somebody can fix it. You can also just obfuscate your canonical like somebody mentioned above. Kind of tricky for lots of pages though.