Alert to Medium Writers: The Scrapers have Intensified
Something mirrored this way comes
This Thursday, the Medium Discord sent out a mass message: someone had been scraping the paywall and mirroring their articles at least a week back.
There’d been a weird vibe going around in February already. A ton of Everyday Explorer domain accounts had been mass-liking and subscribing to accounts, amassing some pretty substantial follower numbers. On light examination, their content was all AI-generated (maybe 10–15 accounts), and a lot of people scratched their heads and blocked.
Now, the Mirror-Medium site had amassed a huge amount of content scraped directly from the Medium paywall:
The server was panicking. Here were the main issues (paraphrased from the chat):
- ‘The website scrapes the RSS feeds.’ (The Accidental Monster)
- ‘For anyone that deletes, revises and uploads old work, having someone else scrape and repost their work on another site could get them flagged with plagiarism and have them lose their account’ (Sam W.)
- ‘What is the site that republished Medium stories? It can’t be a mirror site. It needs to be flagged. Medium should have in its algo detection of plagiarism a way to see that it’s from that site and dismiss it right away.’ (Binky Ink Writing)
- Web scraping is only legal if it’s publicly available on the internet. If it’s behind a login, especially a paywall, the situation is different.
The Game is Afoot
I happened to be eating dinner when the mass message went out, so I started doing a few quick searches on my phone:
BuiltWith told me it was a UK server, but not much else. Doing a WhoIS search was a little more helpful in determining an Icelandic domain host (Namecheap), server in the UK, and privacy settings on (unsurprising).
Domain name: mirror-medium.com
Registry Domain ID: 2656501240_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.namecheap.com
Registrar URL: http://www.namecheap.com
Updated Date: 2023-10-22T07:03:35.35Z
Creation Date: 2021-11-21T15:02:04.00Z
Registrar Registration Expiration Date: 2024-11-21T15:02:04.00Z
Registrar: NAMECHEAP INC
Registrar IANA ID: 1068
Registrar Abuse Contact Phone: +1.9854014545
Reseller: NAMECHEAP INC
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Registry Registrant ID:
Registrant Name: Redacted for Privacy
Registrant Organization: Privacy service provided by Withheld for Privacy ehf
Registrant Street: Kalkofnsvegur 2
Registrant City: Reykjavik
Registrant State/Province: Capital Region
Registrant Postal Code: 101
Registrant Country: IS
Registrant Phone: +354.4212434
@withheldforprivacy.com
Name Server: dns1.namecheaphosting.com
Name Server: dns2.namecheaphosting.com
DNSSEC: unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2024-02-22T23:31:37.70Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
The next stop was much more interesting when I did an NS lookup and found an IP address: 185.61.153.110IPv4.
And then it gets interesting:
The iPv4 address into a checker and came up with this:
Okay. Interesting. I didn’t want to start accidentally doxxing some poor dude, so I googled the name and his location to see what came up: and got two links to Abuse IPBD. Here’s the summary for the TL;DR crowd (marked over names and unrelated chat banter):
Essentially, the mirror site was thrown up by a hacker from England who’s been active since around the time the pandemic started and a metric ton of paywalled content has been mirrored through the RSS feed. This seems like something Tony Stubblebine might need to be aware of?
What Writers Can Do:
As for everyone else, the best thing we can do is mass report the activity in order to get the site taken down ASAP (Thanks The Sturg, for being so on top of this and getting the word out!)
Also thanks to Mark Suroviec, M.Ed., The Accidental Monster, Sam W. and Binky Ink Writing for taking part in the session to work out just what the hell had been happening here.