Tag Archive: Justin Asking

Turkish Hacker-Crackers, perhaps?

A Cracking Week Off?

I had a week’s holiday of sorts last week.  On returning I found that this website had been cracked. (I already had intimations that something was wrong because of site stat failures and an email from @Justin Asking, sometime commenter to this website and others).  Anyway, so it was.  Unfortunately, I didn’t have good web access so was unable to correct things properly.

The main screen, viewable on zone-h here, was replaced by this,

Site Hack Aug 2011

Site Hack Aug 2011

A neat little JavaScript mouse trailer was part of the package!

The cause was my own – a wide-open directory made so as part of an image upload plugin for my WordPress installation.  This plugin makes it easy and neat for any commenter to add material to the website……unfortunately for me, it allowed any file, with active content or not, to be uploaded.

Needless to say, the plugin is now disabled and the directory is locked down to the specific  file types that I’ll accept.  No more active content allowed there matey!

Unwanted Extras

Once the nasty files were uploaded, the internal site privileges allowed the install of a swathe of .htm files to the site root and uploads folder.  These had various names like f.htm, g.htm etc.  Index.htm was the file on show.

Alongside these, apart from files needed to run the previously mentioned JavaScript, were another swathe of .phtml files, such as joker.phtml, which are actually php code shining as html.  A couple of plain text files had also been uploaded.  These had lists of files, sites and persons.

All .htaccess files were okay as well as the WordPress installation files.  To be sure, I redid the WordPress install from scratch with fresh downloaded files..

Finale

All told, about fifty files were dumped on my website.  I’ve hopefully removed the lot and have them downloaded for analysis at a later date.  The screen content and internal code all points to Turkish or S.E. Asian (Vietnam or Indonesia) Muslim crackers (I refuse to use the hacker term except to clarify the cracking of security by it’s now-common usage).  Saying this, the culprits (the code points to several authors who used freely downloadable files from cracking websites and then proudly expected a pat on the back for their extreme skill at doing a download…like….der….), the culprits could have come from anywhere.

Fifth columnists and agent-provocateurs are nothing new.

Interestingly, being cracked puts me in the same company as at least 186 well-known multinational businesses, such as Acer, Vodaphone, BetFair, The Daily Telegraph, The Register, Spam.Org, Victoria Beckham and Destiny’s Child.

Even System of a Down dot com, was down!

Zone-h’s full list is here.  The Register reports it here, The Guardian here.

The Guardian interview with the crackers notes that the culprits had been planning the attack for some time which obviously includes the time when my site was compromised.  I don’t know if my website was actually used as part of the above DNS server attack but it’s usual for an attack like a DDOS to use several vectors and simultaneous attack points in order to force a server to fail and dump code.  This dump then reveals passwords and the like for later use.

Addendum

WordPress.Org’s forum has a posting about this crack from last week.  A Google search in the comment by RedNeckTexan shows the attack on this website to be far from unique….!   The links I’ve followed go right to the heart of the crack and the people doing the cracking.

This is the Google Search on the “Easy Comment Uploader” plugin.  Like me, RedNeckTexan has pulled the plugin for now, which can be found in the WordPress repository here.

Related Posts:

Comments are closed

Jesse Willms Hacked

Jesse Willms Ethics Hacked

Jesse Willms Ethics About Page Hacked

Jesse Willms Ethics About Page Hacked

I got a auto-alert from a Scamraiders post from Justin Asking that a page on one of the plethora of Willms self-promotional websites has been tampered with – and sure enough it has!  See here for the original comment from Justin Asking.

Below is a screenshot of the hacked page, a brief perusal of the rest of the site shows no other tamperings….  Still.  It made me laugh, although having had this website and the Crawling Chaos website hacked by Turks, I know that personally, it’s not a lot of fun.  (I wonder if Willms will post about it and how long it’ll take to fix it…Probably got a lot on his plate, currently!)

Jesse Willms Ethics About Page Hacked

Jesse Willms Ethics About Page Hacked

Related Posts About My Hacking Experience

Related Posts:

The Three Rules of Trust – Using SwipeAuctions/Bids as an Example

Introduction

There’s a well-known adage that says,

Don’t believe everything you read in the papers (Point 1)

Another, (which is derived from the mantra of the old UK stock market) goes like,

An Englishman’s word is his bond (Point 2)

Make what you want of them, but many people still go by this, replacing “An Englishman’s” with the word “MY”.

The Need for New Rules of Trust

The internet has made the job of snake oil salesmen, gangsters and other assorted conmen so much easier that the adages need to be re-thought and rules written.  It’s a bit like Isaac Asimov’s Rules of Robotics.   Here are mine, but please note the notes just below….

Note 1: All on-line businesses are required to reveal their correct identity through the WHOIS process.  The only exclusions are for private non-trading individuals in certain countries.  (Some people have a bit of a debate about this, but when you sign up for a domain, you’ll see!)

Note 2: The internet, (or world wide web), by its very nature is like the newspaper business – see Point 1 above!

Note 3: There is a consensus among decent people and a certain legality regarding tax etc., that most legitimate businesses would like to be known and contactable, or else they appear like spiv barrow boys on the make.

Note 4: There is no note 4… yet.

The New Rules of Trust

Rule 1:

Do not believe anything on-line without double or treble checking as a minimum.

Rule 2:

For any business that hides its WHOIS entry, do not believe anything that they say!!

Rule 2 and a half:

For any business that previously hid their WHOIS entry and later chooses to reveal it – same as Rule 2!

Example: Jesse Willms and his “businesses”

n.b. This is one example.  This whole web area is currently ballooning and Willms is not alone!

  • A business that is anonymous, is on the edge of trust. (Willms’ businesses have previously been cloaked in the main.  Only recently have they had publicly exposed WHOIS records.)
  • A business that uses false or misleading advertising, is on the edge of trust. (This very website is plagued by dodgy adverts, for which I apologise – it takes some time for the Google adwords filters to kick into play.)

The infamous Jesse Willms got his internet start by selling counterfeit software from Microsoft and Symantech (at least), and for which he had to pay oodles of dollars in damages.

Note: Willms translates this information on his website fluffs like so:

Before becoming a philanthropist, Willms was known for starting his first business – buying and selling computers and software when he was 16 – and launching several Internet companies by the time he was 22.  see http://jessewillms.com/ & link & link (two links WHOIS hidden)

His current activities are in the business of skirting the lotteries and gambling laws with On-line “Bid” “Auctions”.   These (and Willms is only one of many) are so far removed from the normal concept of an auction that they are more like Bingo.

In tandem with this he’s promoting himself as an internet good guy while still hypocritically continuing along the same vein of his previous activities. Like so…

His previous businesses included flogging green tea and acai fruits to either clean your bowels or make you thin with rippling muscles, and nicking the idea of and ruining the rotten business of a teeth whitening company, for which there have been sues and counter-sues which were resolved “with prejudice” as the wigs say (see link courtesy of @Justin Asking).

Like many fly-by-night websites, these were all promoted and run:

  • via email spam from a plethora of hidden marketing businesses, some of which he may or may not have had direct control although he admits to having close contact….(see info from @Justin Asking again)
  • via fake websites in the form of informational blogs or news websites designed to appear as such, although minutely disclaimered as otherwise – good link with screenshots here and another hereThese first two are run under the concept of “affiliate marketing” which harbours a whole realm of fly-by-night operations with virtually no scruples or accountability.  Someone once remarked that managing affiliates was like herding cats….
  • via a plethora of drop-point contact addresses, widely dispersed around the globe having no relevance to site visitors’ locations.
  • via a plethora of dubious phone number contacts of highly variable functionality.
  • with an early predilection for multiple un-called for monetary withdrawals from customer credit accounts
  • with a penchant for rapidly changing website names that came and went faster than the seasons although much of the modus operandi and contact points would remain unaltered – a good test for these is that the registration period is generally only a year.

Swipe Offerings

SwipeBids.com which kicked off at the end of 2009 soon morphed into SwipeAuctions.com  (see final point above!)  How long this lasts is anyone’s guess… (p.s. swipebids domain expires soon).

Willms' Latest Fib

Currently, you’ll find that SwipeBids.com now redirects back to SwipeAuctions.com at a “prelogin” page.  There, sit a heap of hysterically hypocritical statements right on this front page – see screenshot on the left and dissection below!

This website is Jesse Willms’ latest saucy effort at world domination! Tied in with this has been a massive internet hype of “Jesse Willms, the caring philantropist”.

The plethora of websites for which he’s been loathed continues in the myriad of hype sites and linkage referrals containing the vomit inducing self-promotional bilge, plus a continuing swathe of fake news websites.

Uncharacteristically, he sticks with only one “bid auction” website…?  Hmm?  (p.s. since this was written, the site has been pulled although rumours are rife about a new startup…!)

Meanwhile, like snake oil, the Swipe-Bid-Auction scam has proved very enticing to all the scum of the earth and has turned into a veritable plague…  (p.s. since this was written, the plague of copycat sites is now a deluge)

Bid Auction Scum Fight it Out – it’s Getting Dirty

Dirty?

Yep! There’s a veritable bidding war going on to get to the top of the Google search results and the Facebook sidebar.  As noted elsewhere, BidSauce.com has joined the affray and Willms’ lawyers have been issuing writs a-plenty.

Amongst others…..  How so?

A. Well do a Google search for BidSauce.com, SwipeAuctions.com & SwipeBids.com (click links to see results – my results today are below), and you’ll see what I mean.

BidSauce.com

SwipeAuctions.com

SwipeBids.com

Bid Auction Scum New Kids on the Block

My results show the following paid for ads on Google and their WHOIS hidden status.

BidSauce.com

Bidhere.com – Hidden

Biddi.com – disclosed UK company, KSB Trading Ltd

SwipeAuctions.com

SwipeAuctions-Register.com – Hidden!  It also redirects to SwipeAuctions.com which is registered in California.  Check out this info from @Not Kevin for an earlier version of the listings.

MadBid.com – disclosed as Marcandi Ltd in the UK

Bidhere.com – Hidden (again!)

SwipeBids.com

No paid for ads at the top but some of the above appear in the right-side advert box of paid for ads.  Interestingly, swipeauctions.com is top!

What Does it Mean and What Should I Do?

puZZleMean? It means that many people have seen this “bid-auction” as a good bandwagon to join, while it lasts!

Do? What I do is click on the paid for ads as much as possible! These ads are costing well over a pound to place and it costs those businesses for every click!!!   (n.b. if you think I’m being hypocritical in allowing similar ads onto this website, then read my privacy policy.)

If it’s Facebook where I see the ad, I also click on it so that it fires up in a new window so the geezers have to pay again, then I click the cross next to the advert and report the adverts as “Misleading” – because, from all my research as seen on this website and others, plus the example searches shown above, they are all misleading.

Penny/Bid Auctions Mislead?

They mislead as it’s gambling, not an auction.

They mislead as you pay to enter the auction at each step, it’s not a bid.

They take money in advance – no auction does this, even one for a Van Gogh or an old wardrobe, because anyone can bid!

Swipe Auctions Duff Photo Evidence

Willms' Latest Fib (at the bottom)

Yep! At the bottom of his new landing page of swipeauctions.com, under “picture testimonials” Jesse states, today:

Each and every testimonial on the site should have a picture of the customer who sent it in. You can only use someone’s picture with his or her permission, so if there is a photo you can be sure the testimonial is legitimate. If there is no photo, the site’s management could have written a false testimonial.

Compare and contrast with my screen-shots of his website here where I explicitly show the fake photos from a testimonial: http://strangelyperfect.tv/7955/facebook-msnbc-jesse-willms-swipe-auctions-and-doctored-photos/ –   these photos are from an affiliate’s website about which there is some conflict of ownership evidence.

And compare Jesse’s fine words with the fantastic investigative ScamRaiders revelation that the picture of an “auctioned” Honda as used on his website was taken and then Photo-shopped even before the website was set up!!!

Don’t you just love it when the creeps are so blatantly bad? !!

Suggested Further Reading

http://www.webcops.net/just_think_media_spam_scams_8001.html – Best expose on early Willms’ scams.  How he threatened legal action as his whereabouts were exposed.

http://strangelyperfect.tv/7955/facebook-msnbc-jesse-willms-swipe-auctions-and-doctored-photos/#comments-2834 – info on the incarnations and IP addresses of Willms’ Swipe**** sites  (I am currently taking legal advice on this article so it’s withdrawn pending notice.  Contact me for its contents which most right-minded folk would consider fair and accurate reporting.)

http://www.jimlillig.com/internet-marketing/abcs-news-2020-features-jesse-willms-among-others-in-alleged-deceptive-practices-story/ – smiling Jesse is exposed by “the CPA Guy”  n.b. currently offline but transcribed here courtesy of this link.

http://www.bbbroundup.com/ – discredits much of the BBB rating system and how entries flip and change due to possible business collusion.

http://www.walletpop.com/blog/2010/09/14/better-business-bureau-risks-losing-credibility-over-ratings-co/ – more info on BBB ratings not being what they seem…

http://forums.moneysavingexpert.com/showpost.html?p=36648669&postcount=22 – comment detailing the above BBB conflict of interests and how Jesse Willms’ businesses generated 2612 complaints at the BBB before they revised his status with his newer websites!  n.b.  This is one of the top UK websites!

http://onlinescamwebsites.com/how-do-penny-auctions-work/ – clearly explains how these “auctions” work

Suggested Reverse IP Checks

Reverse IP checking is a very good indicator that many websites are related in some businesses, commercial or personal sense.  Using this website, this website strangelyperfect.tv shows as follows:

Found 4 domains hosted on the same web server as strangelyperfect.tv (174.120.2.125).

ceinonline.org

crawlingchaos.co.uk

strangelyperfect.tv

www.foetusproducts.com

This is hardly surprising and I make no secret of the fact…

Using this website again, enter these three domains into the box. What you find are a host of probably related dodgy websites, fake blogs and news sites, and other stuff. Look and see!

SWIPEAUCTIONS-REVIEW.COM :2 domains

live9news.com, swipeauctions-review.com

SWIPEAUCTIONS-REGISTER.COM: 101 domains including such gems as:

1r2chat.com 24-7keybank.com  AcaiBerryBurnTrial.com  ColonCleanse4FreeTrial.com  Resveratrol-Resveratrol.com  acaiforceformen.com buy-wii-in-stock.com  buyipodnow.net  buyps4console.com  buyps4now.com  consumerhealthreporter.com  consumernewsreporter.com dazzlesmilefreetrial.com findluxurywatches.com   goboff.com hairexpert.org myhairexpert.org natural-hair-transplant.com  naturalhairtransplant.org swipeauctions-register.com thumoney.com  top3-coloncleanse.com top3-whiteteeth.com  www.buywiinow.net www.findluxurywatches.com www.natural-hair-transplant.com www.thumedia.net  www.thumoney.com  www.top3-resveratrol.com  www.tradeblogger.net

I’ve omitted most of the “foreign” domains.  Make of that what you will but it is noticable that many snake oil websites are to be found grouped under a single IP address.

SWIPEAUCTIONS.COM: has just the canonical and www domains.

Disclaimer

Many things are said above that rope all “bid” “auctions” into the same boat.  While some may have differing operational procedures with perfectly legal transactional and customer services, and may differ in their Terms & Conditions to Jesse Willms’ offerings, I accept those facts.

However, I consider all web-operations in this field of “bid” “auction” to be nothing more than gambling, and they should all be governed by those gambling laws applicable to their country of viewing and business location.


Related Posts:

© 2007-2017 Strangely Perfect All Rights Reserved -- Copyright notice by me