Just having an SSL certificate is no help by itself, you need to enforce the use of https throughout the site. Joomla has an configuration option on the server settings page, set 'force https' to 'entire site'.
Also you can back this up in your .htaccess file using
Code: Select all
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
If you Google it you will find variations on this code, if this particular one doesn't do it for you.
Also do as Brian suggests, set up a content security policy, eg
Code: Select all
Content-Security-Policy: default-src https://mysite.com
(obviously replace mysite.com with your actual site name). I would put it in both in the http header and in a meta tag for good measure. There is a useful explanation here:
https://developers.google.com/web/funda ... urity/csp/
Also you can block the IP addresses of the domains pointing to your domain.
Also I would complain to Google about this. Probably your problem at the moment is that their algorithmn cannot distinguish which is the original content, if you can explain to a human what is going on they may help. They may not of course, but what this guy is doing is without doubt black hat SEO and they don't like that, there is a good chance that they might hit them with a penalty.