Share This Post

Startup

Cyber Crime hits us, please help!

We are from an E commerce Company, A product based Marketplace We are an e-selling Platform that connects buyers with sellers who cater to the products & categories specifically in this domain.

 

With the help of Customers and Sellers feedback, data analysis understanding, we revamped as a new name, with a new, different look. 

 

We got a wonderful opportunity to present our idea at TheRodinhoods Delhi Open House held on  Aug 22, 2015. We got valuable insights, feedbacks & suggestions about our venture from Alok, Sairee and all the talented Entrepreneurs present. 

 

Yesterday (Oct 1, 2015) at around 7:00 pm I was just going through my email inbox. My eyes sighted a shocking email, with exact subject lines that we have been using for our promotions. I looked into the mail and figured out that the concept of the mailer was also copied.

 

Amazed, I called my partner to look at what’s happening?

 

We looked further, clicked on the mailer and there was even more. The entire theme of our website was copied, the background image, presentation & content. The only difference was the name & logo of the website. We were numb for a second and then immediately reached our tech team and sent an email to Asha who suggested we reach out to the community for help.

 

Our first call was to change our backdrop image, so our viewers should not mislead & register thinking it as our parent website.

 

Meanwhile our tech was looking into the issue. They informed us that “someone with little tech knowledge has played with us, drawing information from inspect element.”

 

If you look at the snapshots below, you will see that the below image name has been used on their page. Whenever we make any changes in our homepage, the changes can be seen on the other website too. 

 

#Incident 1: Our current look, we changed our backdrop & their backdrop also changed. 

 

 

 

 

     Fraud website screenshot, this is visible on there homepage.

 

 

 

#incident 2: They copied our Image name (Visible on there homepage, when we click on inspect element.

 

 

After we had all the discussions, around 1:00 AM I again thought of just browsing this website, which copied pasted our entire concept.

 

I jumped of my bed, the image we changed on our backdrop, automatically displayed on the backdrop of this fraud website. We inquired, investigated and know the name of the company & its owners, but at this stage we do not want to reveal (a call taken by our team.)

 

They created our fake email ID as well and scooted mails to people. This entire case has really affected us, specially just before the launch and we are looking forward for help & suggestions on the same at the earliest. We are really upset and not sure why someone is doing this. 

 

Pls suggest next steps for us?

 

How to deal with such cyber crimes?

 

Hack-free software’s that we can use to prevent such thing?  

 

What corrective legal measures should we take?

 

 

While we write this post, we get this watsapp on our personal number, check the screenshot below. 

 

errorkidzig 

 

We really need your help. 

 

Thank you in advance.

 

 

Comments

Share This Post

52 Comments

  1. hang in there girls. we’ve shared it over social. and i’m including it in the newsletter as we speak…

  2. First things first… you developer needs to do this so that they can’t directly link to your images : https://www.htaccesstools.com/hotlink-protection/

    or you can try other methods of disabling Image Hotlinking. 

    more suggestions coming in a bit…

  3. Hi,

    We just shared the same with our developer.

    Thanks.

  4. My first choice to tackle this situation will be to contact OYO BABY people directly and confront them via a mail / text asking them to take down their website. If they don’t reply / take action try confronting them on social platforms. If everything fails you can launch a formal complaint Cyber Crime Investigation cell. As an Entrepreneur I am afraid of this though coz this is very time and energy consuming process. I would rather talk to the concerned people and make them understand that if they copy/kill your business at this stage neither they nor you will benefit.

    FYI :  

    Cyber Crime Investigation cell,
    Room No 4, Stone buliding, 1st floor,
    Picket X Road,Near LT Marg Police Station
    Mumbai – 400002

     

  5. Hi,

    i think they have done URL mapping for your website.

    According to me : Best way to prevent it to block his(Fraud Site) IP address, So they can’t connect your server.

    Check your server hits (if you have access& you must have if you are owner)  and block that ip which is most hitting your server.

  6. We are on our toes. Thanks for the suggestions everyone..I hope we are able to sort this out soon.

  7. Hi Diksha, 

    Reach out to Pavan, CEO at ShieldSquare. They prevent websites from getting into situations like these. 

    Website: https://www.shieldsquare.com/

    Contact: pavan@shieldsquare.com

    • +91-11-30012618
  8. Hey Diksha,

    Drop a mail to Saket Modi at saket@lucideustech.com

    I have made him aware of the situation. He will be able to help you if you provide him all the details over a mail.

    Anuj

  9. Hi Diksha,

    This is Mithilesh, Founder of Peopleskart.com.

    I would suggest don’t waste time and immediately setup your own Server and transfer your website and secure it with firewall. 

    If you want my help. i can immediately help you out to transfer the things immediately. 

    Thanks,

    Mithilesh

  10. A very quick solution to prevent copying things from your site is to blacklist the public Ip of the imposter. It just take 2 mins to block in the firewall of your server.

  11. Thanks Anuj,

    Will do the same!

  12. Mayank, our tech team did that. But the minute we change the homepage image, there homepage image changes.

  13. Something is wrong with your Tech Team, Because If IP is blocked then there is no chance to do. 

    You also try to do hotlinking and have a try. 

  14. It means IP hasn’t been blacklisted.

     These should have work on your nginx server and they need to restart server after that. You can share these link with your developer. Also there are ways to pull the security on in the codeigniter framework too.

    https://www.cyberciti.biz/faq/linux-unix-nginx-access-control-howto/

    There are two possibilities I see here

    1. Public Ip wrongly entered (You can verify the public by opening command prompt and typing ping (url of impostor). the ip you see getting it returned is the Public IP

    2. The site of the impostor is on the same server but on different ports. I hope these is not the case with you. Ask your developer to carefully scrutinize the access log and identify the IP patterns

  15. Hi Mayank,

    My tech team is checking this up.

    I will revert with the update shortly.

    Thanks a ton

  16. Hey there,

    I checked the other website and they are not really copying anything other than the banner image. The css is also not copied. Anyone with a little of HTML knowledge can mimic the website even in a much better way.

    One thing as everyone is suggesting is that you can prevent access to your images by other domain.

    Every HTTP request contains an origin. Just only allow the origins that are familiar to your domain which can be kidzig.com and *.kidzig.com you can block all others.

    You will need to edit nginx.conf or /sites-available/default(or whatever you named it.) file to disallow.

    Since you use nginx. Check this. https://www.nginxtips.com/how-to-stop-image-hotlinking-on-nginx/

  17. Hi harsh,

    We received an email from them addressing BCC: “info@kidzig.com” this email ID is never created by us and we have not shared admin rights for Kidzig gmail account with anyone. 

    Is it possible to create a company ID withought having the admin rights?

  18. Which field it was mentioned in? From: ,  To: or  CC.

  19. Hi Aishna,

    Kindly go through DMCA(https://www.dmca.com/), they are leaders in content protection and is free to start with. They can pull down the website as well if they do not comply.

    Quick Technical Solution – Block IP address of the website and this will give you relief from most of the problems.

    Mail – Till the time your email address is not mentioned in “FROM”, the issue can be ignored. 

    ~Sunil Suri

  20. 200 fake IDS created by them just now… what i learn about entrepreneurship is there are ethics to everything. Healthy competition is respected, but such malpractices disappoint me. I will be looking forward and respecting healthy competitors than such poor bugs. Alok Rodinhood Kejriwal perfect post “Famous Bhagvad Gita Quotes and what Startups and Entrepreneurs can learn from them”

  21. Yes, this can be done using some SMTP tricks.. My friend mailed me from Some Celebrity Email Id years ago !!

  22. Hi Aishna,

    I watched PPT of your venture and I hope it will be fine soon.

    Few things I will like to share and advise keeping your current situation in mind:

    1. Copying an idea is an easy thing and copying the tech aspect is the easiest thing in today’s scenarios where things are open source.

    2. You must not be upset or freak out with what’s happening. Some badass person is just trying to piss off you guys and you are making them happy by getting upset..

    3. When we start project, we must take care of such things but in 90% cases of startups, if do not have lots of funds, such compromises are obvious due to lack of money spent in development.

    4. Pick up the gun and shoot those guys.. Wait.. You don’t need to do that:

    – Enable Hotlink Protection right away ( Your Server team can help in it)
    – Check your DNS records to make sure MX records and other records are just fine and do not look fishy.
    – Report the issue to Hosting team and ask them for cooperation.
    – If I was you 🙂 I think there are many nice people out here who can use little hacks to do some tit-for-tat thing 🙂

    Last but not the least, get a complete security scan done for the website and change all the passwords, domain panel, hosting, mail provider and whatever related to KidZig and share the same only with core team, use 256-BIT-HEX-KEY Password whereever possible to enhance security.

    https://keepass.info/ will help you in password management, in case you are not using any password management tool.

    I hope you guys get out of this soon. Do share your experience, steps to recover things and measures taken post this.

    Cheers!

  23. Hi Diksha,

    I was at the Gurgaon Open House, I am an information security consultant myself. I would recommend you few steps:

    Step 1: https://www.google.com/webmasters/tools/dmca-notice?pli=1&&rd=1 , Report the incident at this link.

    Step 2: Please visit Whois.com and get details of the IP address and the address associated with that IP address.

    Step 3: Please look for an option “Shows Original” , for instructions check this link (https://aruljohn.com/info/howtofindipaddress/). Then do a Whois lookup for that IP to get the address associated with IP.

    They have already downloaded files of your website using open source tools, the only thing now you can do is report to google and get them of the list. If some one uses their website through the mail they send, then there is nothing much you guys can do. 

  24. Also, this is a suggestion for every one associated with start ups. Do not ignore the security testing of your application, the above case is about copy right infringement.Please get your applications and websites audited atleast once in 6 months or 1 year to ensure it is safe.

  25. Hey guys, this is so bad. I can’t imagine what you guys might be feeling. I’ll put you in touch with one of my friends who might be of help.

  26. Check whois record for the domain and their IP,

    You will get domain registrar information 

    and Hosting Server Information.

    Then you Just need to send DMCA Notice to both, you can bann whole domain and force server hosting company to suspend user’s service permanently or force them to remove the infringing content.

    https://www.dmca.com/FAQ/How-can-I-file-a-DMCA-Takedown-Notice

    Check this link to get exact procedure.

  27. Dear Kidzig team,

    What has happened to you is really shocking and I hope you are able to find the correct redressal soon.  

    Please note my brother, Jitender Tanikella and his partner, Anirudh Rastogi have their own law firm, Tanikella-Rastogi Associates, based in New Delhi.

    Their linkedin profiles are https://in.linkedin.com/in/anirudhrastogi and https://in.linkedin.com/in/jitendertanikella

    They specialise in cyber-crime law and also work very closely with startups. In fact, Anirudh is a cyber-law expert who has even written Cyber Law: Law of Information Technology and Internet which is a book published by the renowned international publisher, LexisNexis.

    If you would like to get in touch with them, please drop me a mail at joginder.tanikella@gmail.com and I will put you in touch.

    Best Regards,

    Joginder

  28. Hi Disha,

    One of our Australian client also faced the same issue from some people in NCR region. She enhanced security of her site first (as suggested by members here), then pursued with the hosting provider of the copy cat for IP infringement and ensured that the site was taken down. 

    You can also follow below steps:

    • If the copy site is hosting on US based servers, connect with the service provider. (Dont bother if the site is hosted on an Indian server, nothing would happen)
    • Raise a ticket, provide necessary information
    • They will review the case, verify facts and then take the site down if its genuine case from your side

    Wish you luck !

    Note: Once the dust settles down, you would realize such hiccups are not enough deterrent for an Entrepreneur like you !

  29. I agree. This is something not be be ignored.

  30. Thank you Saif for connecting us with the right person. Thanks for all your help ya..

  31. Thanks for this suggestion Govind.
    We are taking the necessary action. We will check this link.
    We have already reported the issue to there Hosting partner.

  32. Hi Joginder,

    Though we have taken priority steps as lot of suggestions poured in. We have secured our passwords and server to avoid any further mishap. We are looking forward to get in touch with the Cyber Law experts. I will drop you a mail so that we can take this forward from there.

    Thanks a ton for your help.

  33. Hi Kunal,

    Honestly these 3 days have been a roller coaster ride for us! Specially when we started receiving watsapp messages asking about when do we plan to launch. 

    We have written to the hosting company, they said they will take necessary steps.

    Thanks for the positive note…I agree Entrepreneurship is all about fighting all odds..

     

  34. diksha – pls take up joginder’s offer for sure. he is a gem of a rodinhooder and will go to any lengths to help a fellow rodinhooder!

  35. Yes Asha, will get in touch with him for sure to avoid any further problems in future. 

    Thanks..

    P.S: Within these 3 days of anxiety we realized that if there are bad people using there brains to create troubles, there are good & wonderful people too who make real effort to help. Thanks to all Rodinhooders 🙂

  36. Hi Asha,

    Thank you for your kind words. Really Alok and you are the gems for starting and maintaining this platform to spread knowledge and help people without any expectations.

    Best Regards,

    Jogi

  37. This may sound a bit harsh at the moment, but later, could you PLEASE write a post describing all the mistakes and learnings of this horrible episode?

    It will a very important lesson for all entrepreneurs!

  38. Hi Alok,We will surely share this experience in a week’s time, regards.

  39. Just one point I must add here- coming from a non technical background made me feel handicapped and worst about myself- I was almost in tears while we were sorting things out.

  40. This is very sad to see but don’t worry Diksha,with the abundance of support you have from the rodinhoods, the joke is going to be on them.

    I have done a complete background check on the guy who is behind this and its very clear from every angle that he is 1) Not very smart.Didnt take me 60 seconds to find out all his deets. 2) Very cocky or extremely stupid to contact you with his actual name and number 3) Doesn’t realise whats coming his way. So don’t worry! Someone with such a mentality and attitude cannot stop your journey no matter what they retort to. He is simply putting the wrong effort in the wrong place.

    After this is all sorted,some consideration should be given to make the entrepreneurial community (budding entrepreneurs who are not part of this forum) publicly aware of this guy which would prevent them from being scammed and their businesses disrupted.

    Also,have we checked to see if he is a member here Asha?

  41. 🙂

    shehan, so thoughtful of you to ask!!

    so i actually did check – couldn’t find anyone of his name/surname. if his name is actually ashish and not shish – there are many. but i can sort out via IP addy as well. so will take the details from diksha & aishna. 

    he is one of their sellers 🙁

  42. Hey Shehan, 

    Thanks a ton for your support on this and all the information shared by you. 

    Without Rodinhoods community and support, we don’t know how we would have handled the situation. A big cheers and thanks to everyone. 

    I agree his identity should not be kept hidden. We are also reporting at https://www.dmca.com/

    I will share the complete details with Asha. It is true he registered with us a seller on 15th Aug 2015. We have suspended him now. 

  43. Hello,

    This person is Shish Kharesiya , owner of Oyobaby.com.

    He also copied our idea and threatened us on phone and Whatsapp.

    He first messaged me on Quora , asking for some help regarding Oyobaby( at that time I don’t know this is copied website of kidzig) . So I shared my Mobile no with him.

    He called me talked about our product and B-Plan , I shared everything with him , though that he is just a fellow Entrepreneur like us , just trying to help him.

    He cheated us ,copied our Idea ,copied our B-Plan , purchased a similar domain name like us.
    Our Website is :- sellbuybook.com
    His website:- booksellbuy.com

    Few weeks back I found he start editing my Questions and Answers on Quora. He start deleting my websites link and starts spamming his own website link.

    Then he also called me and threatened to shut my website , else he will tell his friends to hack our website.
    He is a cheater , he cheated many people.

    I don’t know what to do next.
    Please Help

    His Quora Profile:- https://www.quora.com/profile/Shish-Kharesiya
    His Fb Profile :- https://www.facebook.com/profile.php?id=100000110841196&fref=ts

  44. ashutosh – pls read every comment on this thread very carefully and make a cyber crime complaint just like diksha and aishna have. and reach out to the people here who can help!!

    THANK YOU FOR TELLING ME ABOUT HIS WEBSITES – someone from his team has been trying to sign up on trh TODAY- first using the website name (which i declined as we don’t allow members to register as companies) – and then again as one person from oyobaby signed up but is awaiting approvals as she hasn’t provided linkedin. 

  45. Hi Ashutosh,

    If you have those threat messages and calls recorded, you can lodge a complaint with the police or the cyber crime cell as this is a direct threat. Else you can follow the standard procedure of complaining DMCA and google. Also get your website audited for security loopholes.  

  46. She may be Archu Chaudhary , his partner.
    She asked a question on Quora comparing their and our Website and also answered it herself.
    She also edits our answers and wiki answers .

  47. thanks for this ashutosh! i seriously think you and diksha & aishna need to take this up seriously with the dmca.

  48. If you are a private limited company the you need not worry. In fact even if you are not then you needn’t. You can approach your local Police Commissioner and lodge a complaint. 

  49. Diksha, its seems someone from your internal team is doing this.  Also register your creatives and source code for copyright so that if you take a legal stand you are protected.

  50. gay dating nyc
    senior gay dating sites boston
    [url=”http://freegaychatnew.com?”]no cost gay dating[/url]

Comments are now closed for this post.

Lost Password

Register