Some guy named Graeme my entire personal website!

To summarize, it appears that some guy named Graeme (with an Email address of fun4lifeuk@yahoo.co.uk) stole the entire contents of my copyrighted personal web site (including images) at www.komar.org and then inserted his own Adsense Publisher ID on my content (hosted on his server) in what I assume was an attempt to profit from it. The whois record for his domain listed Epsilis Ltd. - contact Michael Spencer ... but it appears that Graeme was a customer of their's and they were not directly involved. I'll add that Michael was fairly responsive to this "outrageous behavior" (his words) which reflects positively on him and his company ... although I find it a bit surprising that over a month later, www.feverdat1ng.com ("i" replaced with a "1" here and in all subsequent references) still shows "Design by epsilis.co.ok" on it; you'd think he ask for it to be removed.

The "evidence" - all times are MDT (web server is in Colorado, USA):

1. From 1019-1026 on Saturday, June 12th, 2004 there was what I consider "normal" surfing behavior from the IP address 81.154.138.246 which resolves to host81-154-138-246.range81-154.btcentralplus.com - here are the actual log entries showing a total of 104 requests.
2. From the same IP address, they then fired up WebRepeaper v9.8 at 1030 which ran until 1053, slurping up a total of 1,426 files and images - maybe I should be happy that at least they consulted the robots.txt file first! ;-)
3. Then, starting at 1059, the same IP address goes back into "normal surfing mode" making a total of 40 requests until 1130.
4. Finally, (and again from the same IP address) we see the first referral entry from from "www.leswingjive.com" at 1218 (lets just say their scrape/duplication wasn't "perfect") arriving at www.komar.org. This means they are surfing THEIR site now (using my copyrighted content), but due to some boo-boo's on their part, some requests "leak" back to my site. There are 24 of 'em until 1229 (my guess is Graeme was confirming things were working). We then see 12 more from 2118-2123 (remember that local time is 7-8 hours ahead for them, so my guess is an early to bed and early to rise! ;-) but the referring domain is now "www.leswingjive.co.uk" - HEY, if we are going to steal these guys content, lets mirror it on more than one site! Or maybe he is a night owl, since we see a single access from that IP at 0557 on June 13th - just checking to make sure it's all still working?!? ;-) Just to be complete, we see 20 more referrals (from different IP addresses besides mine) starting at 1044 on June 13th and ending at 0336 on June 14th. Here is a list of all 56 entries.
5. Related to all of the above, we saw 84 more requests to www.komar.org from his 81.154.138.246 IP address from June 13th to June 17th so there seems to be a lot of interest in my site.

And if you think that is bad, I find out later that day that they had inserted their Adsense Publisher ID pub-3436355362882820 into the HTML - i.e. they were getting paid by Google for any click-thru's on my stuff - if that is not being a scumbag I'm not sure what is!

Since there was no contact information on this page (except my own!), I did a "whois" lookup to see who had registered the domain name. Here is the whois records for leswingjive.com and it shows some organization named "Epsilis Ltd" ... and some help from Google, it appears to be epsilis.co.uk ... which is pretty much confirmed when I look at the whois record for epsilis.co.uk and (as we shall see is interesting later), here is the whois record for feverdat1ng.com

This is pretty blatant, so lets ask 'em to remove my copyright content ... and (basically) ask WTF?!?

The www.epsilis.co.uk site says Epsilis Ltd. does "website design for effective Search Engine Optimization" so I figure they are certainly knowledgeable about web sites ... and the point of contact listed is Michael Spencer so I send him an Email at 2258 MDT on June 13th, 2004 outlining the situation and asking "Can you please explain why this was done and also remove this copyrighted content from all of your computers"

Michael Spencer responded with an Email at 0359 MDT on June 14th, 2004 (5 hours later - remember there is time zone difference) and apologizes for the "outrageous behavior on the part of one of our clients" and the content is removed shortly thereafter. I'll add that I was pleasently surprised that he responded so quickly and forcefully - at the time, I can't be sure that Michael wasn't the person who actually "did it" ... but in future communications, I'm of the opinion that it truly was his customer, and not him, although one can never know for sure. Note that I asked and received Michael's permission to post his Emails - yea, I'm an "old school" guy back when the Internet was a much more friendlier type of place.

So then I get an Email from Graeme at 0518 on June 14th and I gotta wonder about his Email address which is fun4lifeuk@yahoo.co.uk and the comment that really got me was "My actions were not meant maliciously" ... scraping copyrighted content is bad enough, but then putting your Adsense Publisher ID in the code - what would you think?!?

So I write back at 0929 on June 14th pointing out the insertion of their Adsense Publisher ID ( pub-3436355362882820 ) into MY code on their site, saying "which certainly looks like an attempt to profit from my work - what was up with this?" and Graeme responds at at 1207 on June 14th and the "best" quote in this one is "[I] was just playing the [sic] the google tools and finding my way around" - boy, am I the only one who finds it hard to believe all of this was just "playing around" and an accident (!) ... as do a number of other folks.

I don't hear anything back for a few days, so I write again to Graeme (with cc to Michael) at 1509 on June 17th that the "playing around" response certainly puzzles me and also express my concern about Google penalizing me for mirrored content. Ironically, on June 22nd, the Page Rank of www.komar.org web site dropped from PR7 to PR6 - almost certainly coincidental ... I hope! ;-)

I don't hear anything back from Graham ... and Michael says it is unlikely that Google will penalize me. In the meantime, I use Google to look at the Google Cache for www.leswingjive.com (before my content replaced it!) - what's really puzzling is that this looks like a "decent" web site - why replace with my copyrighted content - makes no sense! BTW, there is also a Google Cache of their "links" page which includes a reference to www.feverdat1ng.com - remember I included the whois record above for this and it matches ... so looks like another web site run by our man Graeme! ;-)

There were a few more Emails back-n-forth between Michael and I (no more from Graeme) basically lamenting the whole unfortunate affair - he doesn't sound too happy about having Graeme as a customer - neither would I!

BTW, I might add in closing that I've seen evidence of further web site scraping from UK IP addresses - as noted at the top, there really is no easy way to prevent this, but it would be nice to be left alone ...


Graeme never disclosed his last name in our discussions, but I did some Googling, and some guy named Graeme last_name talking a number of times about his web site feverdat1ng.com and the whois data shows his name - gotta be our man! Ironically, if you look at the second post in this WebProWorld thread, he uses the screen name northernladuk to provide a 14-point response to someone looking for advice on their web site and how to better optimize it for Search Engine Optimization, so he appears pretty darn knowledgeable ... so do you think his actions above were just "playing around?" ...


I realize scumbags have a hard time reading, but try this ===> © 2004-2005 www.komar.org