search

nextcloud / appstore

:convenience_store: App Store for Nextcloud
https://apps.nextcloud.com
GNU Affero General Public License v3.0
300 stars 136 forks source link

Nextcloud App Store clone #1451

Closed gerhardt-bergmann closed 1 month ago

gerhardt-bergmann commented 2 months ago

It seems that the entire Nextcloud App Store has been cloned here: rabbitegg.top

hostingchecker.com gives the following information about who is hosting that website:

It is hosted by: IT7 Networks Inc
WHOIS information: Click here
Organization name: Cluster Logic Inc
IP address: 199.180.119.210
AS(autonomous system) number and organization: AS25820 IT7 Networks Inc
AS name: IT7NET
Reverse DNS of the IP: 199.180.119.210.16clouds.com
City: Los Angeles
Country: United States

When running whois rabbitegg.top I get the following information about that domain:

Domain Name: rabbitegg.top
Registry Domain ID: D20240524G10001G_23708538-top
Registrar WHOIS Server: whois.namesilo.com
Registrar URL: https://www.namesilo.com
Updated Date: 
Creation Date: 2024-05-24T04:32:42Z
Registry Expiry Date: 2025-05-24T04:32:42Z
Registrar: NameSilo,LLC
Registrar IANA ID: 1479
Registrar Abuse Contact Email: abuse@namesilo.com
Registrar Abuse Contact Phone: +1.4805240066
Domain Status: ok https://icann.org/epp#OK

The domain has been registered recently, on May 24 of this year. The registrar would be NameSilo,LLC. The hosting company would be Cluster Logic Inc and the ISP seems to be IT7 Networks Inc. The website has the IP: 199.180.119.210, located in Los Angeles, California, US.

Since this appears to be an illegal clone of Nextcloud's App Store I want to ask a member of the Nextcloud team to inform the right persons from Nextcloud GmbH's management about this incident. I think Nextcloud can submit abuse reports/requests to both the company that hosts the website and to the company that registered its domain.

After confirming that the right persons have been informed about this incident, this issue can be closed.

bigcat88 commented 2 months ago

thank you for informing us, we will try to figure it out

gerhardt-bergmann commented 2 months ago

I looked at the Nextcloud App Store's license and indeed, it's GNU Affero General Public License v3, the same license as that of the apps published on the App Store. So, basically, anyone has the right to install on their own server the App Store together with all its individual apps pages. However, the fair play use of this freedom allowed by the license, would be to first install the empty App Store on one's server, then upload to it the apps that one wants to use, and not to automatically clone the entire App Store, together with all its individual apps pages, including the footer of the original App Store, with unmodified links that send the visitor to the Privacy and Legal Policy page and to the Legal Notice page of Nextcloud GmbH's official website, thus causing confusion: privacy_and_legal

Therefore, the footer of the rabbitegg.top clone can be considered illegal, since it sends the visitor to a Privacy page and a Legal Notice page that don't belong to the owner of the installation, causing confusion about the real owner of the cloned App Store.

Also, there is at least one more illegal element in this clone: the "GNU Affero General Public License v3" requires that when you take a program covered by this license, you modify it and you offer online services based on it, the corresponding source code of the modified version of the program must be prominently offered to all users who interact with the program over the Internet. So, where is the source code of the modified version of the App Store ? Because it's clear that the clone offers a service over the Internet and it's clear that it's a modified version of the original App Store, since there are pages full of Chinese characters, like the "Register" page:

register

The individual app pages also contain Chinese characters, as can be seen here:

modified_app

There are also Chinese characters on the top bar:

top_bar

So, where is the source code of the modified version of the App Store, required by the license ? It should have been published and prominently offered to all users who interact with the program over the Internet, as specified in paragraph 13 of the license.

gerhardt-bergmann commented 1 month ago

I checked the App Store clone on rabbitegg.top multiple times in different days, and it doesn't load anymore. This means that the clone has been taken down. Thank you for paying attention to this issue. I'll close this issue now. You can open it again if you think it's necessary.