Saturday, 06 June, 2015 -( 9˚C / 49˚F @ 2:22 am in Atlantic Canada )- D-Day plus 70 years. *** I don’t think our heroic ancestors fought and died to save the world from Nazis just to turn us over to freakin corporate Fascists***
— A couple nights ago the first two hours of Coast to Coast am with George Noory exposed an extortion scheme used by a ‘cybersecurity’ company with ties to the US Federal Trade Commission. It was the opinion of the guest being interviewed that attacks like the one he suffered were endorsed by the US Government in a sneaky attempt to try to prove that they should have much more control over the internet.
— So guess what? I tried to log in to one of my blogs to write about that and I discovered an error page, “Something isn’t quite right here… / This site is temporarily unavailable. If you’re the owner of this website please contact [ your provider ] …”
& Checking out my provider I learn that an email message I glanced past because the address was ” compliance@ —- ” had slipped below my radar. The subject of this message had a big long ticket number with at least ten extra zeroes beyond the actual ticket number and went on to include- “Malicious files” :
When we conducted a routine scan for your account ‘*****’, we found the malicious or infected files. We have uploaded a file named infected.txt within the stats directory of your account which contains the full list of files. As a result, we had to suspend your account, to avoid problems for website visitors or other customers.
To unsuspend the account, I request you to remove the malicious files and take below actions.
1. The most common reason for websites to get infected is because of using outdated applications, plug-ins, themes or modules in your hosting account. So, please make sure that they are up-to-date.
2. Update your control panel and any additional FTP account passwords. Remove unwanted FTP sub-users.
3. Scan your local machine with anti-malware/anti-virus software regularly.
4. Make sure that you have not uploaded any Pirated Softwares.
5. If you have clean backup, delete the entire website and upload a known clean copy of your website.
Alarm Bell #1 = “When we conducted a routine scan for your account … we found the malicious files. … ” a routine scan for my account – not of my account? and We found the malicious files – not ‘we found malicious files’? At best this is not very professional. At worst— are these foreign hackers pretending to be my provider?
I get a little bit suspicious whenever I see that somebody has written “Softwares” – as a plural, but I have friends up here in Canada who know that many French speaking programmers use that term all the time.
— There was more, but that ‘more’ included the name of the provider and the name of the ‘helpful’ person who was informing me of the problem.
— The ‘bottom line’ of this message, after I checked with the provider and investigated the latest updates in the security software they ‘offer’, is: they want an additional $189.99 per year to install and keep current the souped up version of the security package I bought last July, when I paid for two years hosting, because, stupid me, I used these people before and I trusted them.
— Looking through the file they saved in their ‘stats’ directory, their list of suspicious files includes their own software: “SiteLock-PHP-OBFUS_Eval_REQUEST.UNOFFICIAL” & “SiteLock-PHP-EVAL_REQUEST-md5-cgw.UNOFFICIAL” & “SiteLock-PHP-INJECTOR-1-et.UNOFFICIAL” and a couple WordPress Theme Version checkers, and a plug-in file that might have been infected or might be legitimately there to check for updates: “JCDEF.Obfus.CreateFunct.BackDoorEval-22.UNOFFICIAL” There’s a lot more in this .txt document, too.
But anyway- the timing here is highly suspicious. We hear that the US Govt is trying to seize control of the internet by hook or by crook, and, hey, if any of you out there actually get to read this, let me know what you think might be going on.
—– Hairy old Admin ((( firstname.lastname@example.org )))