.htaccess for webmail login? Webmail login has been cloned to phishing server.

I'm not sure if this is the correct place to post this question but I'm not sure where else to ask. So recently I've run into an issue where my webmail login has been cloned by HTTrack in what I'm assuming is an effort to gather usernames and passwords from my users. From what I am seeing it looks like this site is just mirroring the content from my webmail login. What I'm looking for is a way to block the referrer on my server, when I look at the cpservd logs it appears the requests are showing the legit IP and user agent of the user connecting to this, this is a sample log, note I've replaced the domain and IP's with fake info except for the domain that is forwarding the requests: 192.168.1.100 proxy - [05/20/2020:14:47:46 -0000] "GET /cPanel_magic_revision_xxxxxxxxxx/unprotected/cpanel/fonts/open_sans/open_sans.min.css HTTP/1.1" 200 0 "