Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
ariehkovler 9 hours ago

It's worse than that. There's a SECOND imitator that I actually stumbled on today while looking something up about nanoclaw - nanoclawS [dot] io - and that one's harvesting email addresses.

The obvious risk here is a bait and switch, where one of these sites switches their link to the Github repo to point to a malicious imitator repo instead.

One approach would be to go after the sites themselves, not their Google ranking. See if their hosts are willing to take them down. Is there anything you can assert copyright over to hang a DCMA request on? That's hard for an Open Source project, I guess. And the fake sites aren't (yet) doing any actual scamming.

Good luck, though!

yorwba 9 hours ago | parent [-]

The article says "Filed takedown notices with Google, Cloudflare, and the domain registrar spaceship.com"

ariehkovler 9 hours ago | parent | next [-]

Yeah but you do need to hang the takedown on some technical reason like copyright or scamming. The issue here is there's no obvious victim. Makes a takedown harder.

mx7zysuj4xew 9 hours ago | parent | prev [-]

Since the clone site isn't doing anything obviously malicious like spreading malware or blatantly illegal content none of those parties will take any action whatsoever, nor should they.

pocksuppet 5 hours ago | parent | next [-]

Most registrars and hosts consider phishing already malicious, even if there's no obvious malware download or anything.

luckylion an hour ago | parent [-]

"Phishing" has a _very_ different meaning from "offer the option to sign up for a newsletter", let's not conflate the two.

jacquesm 7 hours ago | parent | prev [-]

It isn't doing that now, but you can't be sure about what they're going to be up to a little ways down the line, the fact that they are clearly trying to misdirect the traffic is proof positive they're up to no good.

Just do a bit of risk assessment if something like this were to be shipped to people that have come to blindly trust the source and you'll see why letting this slip is a very bad idea.