AIMultiple ResearchAIMultiple ResearchAIMultiple Research
AI Governance ToolsAI Writing AssistantsAutoML softwareCloud GPU ProvidersEnterprise AI AgentsLegal AI SoftwareML Model Monitoring ToolsMLOps PlatformsNo code AI tool / softwareServerless GPUs
Application Security ToolsDynamic Application Security Testing ToolsInteractive Application Security Testing (IAST) ToolsSoftware Composition Analysis (SCA) ToolsStatic Application Security Testing (SAST) Tools
Cloud Contact Center SolutionsCRM SoftwareFinancial CRM SoftwareHealthcare CRM SoftwareInsurance CRM SoftwareRetail CRM SoftwareSocial Customer Service Software
Customer Survey SoftwareData Annotation ServicesData Collection ServicesData Loss Prevention SoftwareData Security Posture Management (DSPM)Device ControlSynthetic Data Generator
ITAM SoftwareITSM SoftwareMicrosegmentation SolutionsNetwork Monitoring ToolsNetwork Security Policy Management ToolsRMM Software
AI Email Marketing ToolsAntidetect Browsers for Social MediaEmail Marketing PlatformsEmail Marketing Analytics SolutionsEmail ServersTransactional Email Marketing Services
Accounts Payable AI SoftwareAP Automation SoftwareBPM SoftwareDocument Capture SoftwareIntelligent Document Processing (IDP) SoftwareProcess Mining SoftwareProcess Modelling SoftwareRPA Software
Instagram ScrapersPrivate Proxy ServicesProxies for Web DataResidential Proxies for Web DataScraping Tools for LinkedinScraping Tools for Search EnginesSocial Media ScrapersTikTok ScrapersWeb ScrapersWeb Unblockers
Batch Scheduling SoftwareEnterprise Job SchedulerHybrid Cloud Job SchedulerManaged File Transfer SoftwareOpen Source Job SchedulerSAP Workload AutomationWindows Job Scheduling SoftwareWorkload Automation Software
We follow ethical norms & our process for objectivity.
This research is not funded by any sponsors.
We learnt about cloning by getting cloned
Why do attackers clone websites?
How does cloning work?
What can you do against it?
How will LLMs change website cloning?
We learnt about cloning by getting clonedWhy do attackers clone websites?How does cloning work?What can you do against it?How will LLMs change website cloning?
Table of contents
We learnt about cloning by getting clonedWhy do attackers clone websites?How does cloning work?What can you do against it?How will LLMs change website cloning?
Marketing
Updated on Apr 2, 2025

How to Protect Your Business from Website Cloning / Mirroring

Headshot of Cem Dilmegani
Cem Dilmegani
MailLinkedinX
See our ethical norms

Your business may be a mundane B2B business like ours and you may think that you do not have to protect your website from attacks like cloning. You would be wrong. Eventually, your site may get cloned, it happened to us. This could be done by

  • attackers trying to steal your traffic
  • your competitors
  • 3rd parties who may not like what you publish

We explain our experience, how cloning works, LLMs‘ impact on cloning and how to protect yourself once it happens:

We learnt about cloning by getting cloned

Someone bought a misleading domain name that looks similar to ours and mirrored our entire website.

Now the mirror website is down but you can see a screenshot below.

The clone was copying our website immediately. We added “2” to the category name on the right which was immediately reflected
It was not a pixel-perfect clone, as you can see the images for sharing on social media were not replicated

The domain was bought about a month after we published an article about a crypto project. It could be due to that article or another reason:

This was unethical and incompetent. All we needed to do was:

  • Look up the new website’s IP
  • Block it via Cloudflare

Why do attackers clone websites?

The aim is to steal traffic. Search engines could be sending your traffic to the clones which the clone operators can use to monetize via ad networks like Google Ads or they could make changes to the clone to confuse your readers by putting words in your mouth.

How does cloning work?

Attackers can use a variety of tools (e.g. HTTrack) to create a copy of your website. This copy may be dynamically updated, which was the case in our attack.

What can you do against it?

As usual, we will suggest defense in depth to ensure that cloners put in as much effort as possible with limited benefits. As a preventative measure, you should improve your capability to identify clones and make it easy for your users to identify your website:

  • Link extensively between your own articles. The cloner may not change these links which would mean that even visitors that arrive at the clone, can click a link to arrive at your website. This helps you
    • become aware of the clone via your website analytics solution since you will be seeing traffic from the clone. They will probably buy a domain name that is similar to yours which will make it easy to notice
    • win back your readers quickly after they arrive on the clone
  • Link between your different domains. It is trivial to read your links and replace the internal ones with URLs in the clone. However, if you own a website on a different domain, the links to that domain will probably not be replaced by the cloner and will warn you about the clone.
  • Invest in your branding. The more memorable your logo, font choices and visual layout of your website, the better your readers will remember it. Therefore they may be less likely to be confused by cloners when they arrive at a domain that is different than yours that includes your material.

These help you identify as soon as you get cloned. Here is how to deal with a clone when you discover one:

  1. Try to block it from crawling your website. These are worth trying but will not stop sophisticated cloners so do not spend too much time with these steps:
    • Make a trivial change on your website and check the clone to see how frequently they refresh their clone. If it is a static clone, move to the second step as there is not much you can do to take it down via technical measures. If it is a dynamic clone
      • Discover the IP of the clone website, there are numerous free online tools for that
      • Block its IP if it is regularly crawling your website. However, if the crawler is based in another server, this may not work. Then, it may be worth looking at IPs that regularly crawl your website and block them. Of course, you do not want to block legitimate users or search engine bots so thread with caution in blocking.
  2. Contact every provider the clone website relies on including its domain provider, host or CDN. Send them a take down request and clearly explain the attack. Sharing your copyright and trademarks along with the take down request will expedite the process.

How will LLMs change website cloning?

Our website was copied verbatim but now bad actors can easily change these as they copy your website:

  • The wording and images on your website using generative AI
  • The internal links using simple rules

Such clones would be extremely difficult to detect and they could easily claim that what they created is a novel website not a copy. Probably the only remaining defense is to ensure that your brand is recognized in its domain.

Hope that was useful! We normally write about AI, feel free to explore AI use cases in business.

Share This Article
MailLinkedinX
Headshot of Cem Dilmegani
Cem Dilmegani
Follow on
Cem has been the principal analyst at AIMultiple since 2017. AIMultiple informs hundreds of thousands of businesses (as per similarWeb) including 55% of Fortune 500 every month.

Cem's work has been cited by leading global publications including Business Insider, Forbes, Washington Post, global firms like Deloitte, HPE and NGOs like World Economic Forum and supranational organizations like European Commission. You can see more reputable companies and resources that referenced AIMultiple.

Throughout his career, Cem served as a tech consultant, tech buyer and tech entrepreneur. He advised enterprises on their technology decisions at McKinsey & Company and Altman Solon for more than a decade. He also published a McKinsey report on digitalization.

He led technology strategy and procurement of a telco while reporting to the CEO. He has also led commercial growth of deep tech company Hypatos that reached a 7 digit annual recurring revenue and a 9 digit valuation from 0 within 2 years. Cem's work in Hypatos was covered by leading technology publications like TechCrunch and Business Insider.

Cem regularly speaks at international technology conferences. He graduated from Bogazici University as a computer engineer and holds an MBA from Columbia Business School.
Follow on

Next to Read

Top 5 WhatsApp Business Partners in 2025

Mar 213 min read

Top 8 Use Cases of Sentiment Analysis Marketing in 2025

Nov 176 min read

Bee Network is an anonymously managed clone of Pi Network

Jan 115 min read

Comments

Your email address will not be published. All fields are required.

0 Comments

Related research

Top 5 Ad Verification Techniques for 2025

May 127 min read

Recommendation Systems: Applications and Examples ['25]

May 1413 min read