Just a couple posts back I discussed the advantages of using modular design when building your websites. Then yesterday I told you about how a hacker tried to use my site to boost his own page-rank — or else tried to sabotage my site by inviting a duplicate content penalty. I had no response to my complaint to his domain host after 24 hours, and being the impatient sort decided to take things into my own hands.

After looking up a couple PHP commands, I discovered that all I had to do was post two simple lines of code in the header file to effectively negate his attack. In fact, I turned his attempted theft into a benefit. Now if someone goes to his site, they will be automatically redirected to my site. Better yet, the redirect is a ‘301 - permanent’ type, so the search engines will see it as a correction, and not penalize my site for duplicate content. Until the hacker notices the change and stops stealing my code, I will get all his traffic for that site. Because the site is modularly designed, I had to add the code to just one file to have it effective on every page on the site.

Should you find yourself in a similar situation, here is the code:

<?php
$chk=$_SERVER[”HTTP_HOST”];
if(!stristr($chk,”mysite”)){header(”Location:http://www.mysite.com/”,TRUE,301);}
?>

This simply checks to see that the host is mysite, and if not, redirects to mysite. It is of course possible for the hacker to spoof the host before stealing the site, but then he will also have to serve different pages to the search engine than to regular browsers, if he expects to benefit from the theft. Doing that is not as effective as it used to be, because the search engines occasionally spoof the referrer string to look like regular browsers and compare the results to the regular search results.

Another solution available to me, should the hacker escalate his attack, is to have PHP write all the relative links out, so the browser receives absolute links. He could then still steal the home page, but all the links would go back to my site, which defeats his purpose.

While I’ve never heard of anyone else having this type of site theft, it is very common for hackers to copy your website and put it on their own server. Such theft is of very temporary benefit, but it can be automated, so the lazy thief can just replace it with another site when the search engines penalize him (and perhaps you as well).

To avoid such outright theft, you need to check your websites in a search engine occasionally. Select a long phrase of 50 or 60 characters from your site, put it in quotes in the search box. The search should return just your page. If there is a note that ‘very similar’ results have been left out, click on the ‘repeat search with omitted results’ link. If you have a blog, or the page is indexed both with and without the ‘www’ in the URL, you may get multiple results from your own site, but if you see someone else’s site in the results — your page has been copied.

If it is only one page, it may be a case of innocent infringement (i.e. stupidity) on the part of the other site. Write the webmaster and ask them to remove your material from their site. If they don’t respond, use whois to find the hosting site, and write them. In 99% of such cases you can get the material removed with little difficulty.