Any ideas how a website can protect itself in this situation?

https://github.com/UndeadSec/EvilURL - Generate unicode evil domains for IDN Homograph Attack and detect them.

https://github.com/elceef/dnstwist - Domain name permutation engine for detecting typo squatting, phishing and corporate espionage

Then, either buy (if you can afford them all) or block them (don't serve your pages to these domains )