AuthorTopic: I need high level internet savy tech help in probable fraud situation - hijack!  (Read 2648 times)

Offline JRM

  • Sous Chef
  • ****
  • Posts: 3190
    • View Profile
My web site has been hijacked by a probable fraudster who made an exact copy of it on another URL. I need to discuss this in private. I know some of you fellas here are wise to this kind of crap. Help, please -- and fast!
My "avatar" graphic is Japanese calligraphy (shodō) forming the word shoshin, meaning "beginner's mind". --  http://en.wikipedia.org/wiki/Shoshin -- It is with shoshin that I am now and always "meeting my breath" for the first time. Try it!

Offline JRM

  • Sous Chef
  • ****
  • Posts: 3190
    • View Profile
Suddenly, I'm in the weird position of having to research why and how fraudsters hijack other people's web sites!

The web site I and my friends created (a Meetup site) has been hijacked -- copied word for word, image for image -- onto another server and URL other than our own -- posing as a Meetup web site!

--------------------

Google Blacklist Includes Hijacked Websites

    May 20, 2012
By Fahmida Y. Rashid

Excerpt:

"Many of the Websites blacklisted by Google are actually legitimate Websites that have been hijacked to serve up malware, according to security firm Zscaler. "

http://securitywatch.pcmag.com/apps-and-websites/298102-google-blacklist-includes-hijacked-websites

++++++++++++++++=

I won't reveal my web site's name, etc., here, as I don't want to give a "heads up" to the probable fraudsters.  So I'll  talk with a trusted friend here by email.

Am I right that every owner of a URL is on public record as that owner? The crook used another URL, which can be traced....

My "avatar" graphic is Japanese calligraphy (shodō) forming the word shoshin, meaning "beginner's mind". --  http://en.wikipedia.org/wiki/Shoshin -- It is with shoshin that I am now and always "meeting my breath" for the first time. Try it!

Offline Eddie

  • Administrator
  • Master Chef
  • *****
  • Posts: 15784
    • View Profile
I'm not internet savvy, but I'd start by reporting it to the Meet-Up support people. If it's happened to you, it's probably happening to others, and they may already know about the problem and have a solution. I assume you did this already?

http://help.meetup.com/customer/portal/emails/new
What makes the desert beautiful is that somewhere it hides a well.

Offline JRM

  • Sous Chef
  • ****
  • Posts: 3190
    • View Profile
I got caught up in finding how deep the rabbit hole went, and so haven't yet talked with Meetup support.  It appears there are at least hundreds, if not thousands of individual Meetup sites hijacked by this other URL. Unless it is somehow legitimate?!!  I'll talk with the Meetup folks soon, but I didn't immediately find a phone # for them, and I expect email exchange can be a long, long wait.  But I'll try!

This is weird.  Could it somehow be legit? Is there any valid reason this other entity (URL) should be re-publishing our Meetup web sites?

My "avatar" graphic is Japanese calligraphy (shodō) forming the word shoshin, meaning "beginner's mind". --  http://en.wikipedia.org/wiki/Shoshin -- It is with shoshin that I am now and always "meeting my breath" for the first time. Try it!

Online RE

  • Administrator
  • Chief Cook & Bottlewasher
  • *****
  • Posts: 33693
    • View Profile
You should PM Doomer Support here on the Diner on this.  He's the Pro from Dover for tech issues.

RE
SAVE AS MANY AS YOU CAN

Offline jdwheeler42

  • Global Moderator
  • Sous Chef
  • *****
  • Posts: 3310
    • View Profile
    • Going Upslope
"Many of the Websites blacklisted by Google are actually legitimate Websites that have been hijacked to serve up malware, according to security firm Zscaler. "
That explains why some sites my antivirus program says are clean are blacklisted by Google.... which I believe includes a Diner's blog :(
Quote
Am I right that every owner of a URL is on public record as that owner? The crook used another URL, which can be traced....
That's not exactly correct... every DNS entry must have a public contact, but it need not be the owner.  There are people who protect the owner's identities by inserting themselves as the contact for multiple DNS entries and passing messages along.

DNS entries are the "human-readable" URLs.  Things like http://45.39.20.238 are URLs too but have no DNS entries.
Making pigs fly is easy... that is, of course, after you have built the catapult....

Offline JRM

  • Sous Chef
  • ****
  • Posts: 3190
    • View Profile
Thanks. I'll keep y'all posted. 

Still in an exploratory phase here. I did learn that hundreds or thousands of Meetup sites have similarly (apparently) "hijacked" mirrored versions on the same URL.
My "avatar" graphic is Japanese calligraphy (shodō) forming the word shoshin, meaning "beginner's mind". --  http://en.wikipedia.org/wiki/Shoshin -- It is with shoshin that I am now and always "meeting my breath" for the first time. Try it!

Offline JRM

  • Sous Chef
  • ****
  • Posts: 3190
    • View Profile
I'm not internet savvy, but I'd start by reporting it to the Meet-Up support people. If it's happened to you, it's probably happening to others, and they may already know about the problem and have a solution. I assume you did this already?

http://help.meetup.com/customer/portal/emails/new

I have. However, they have not yet responded. They don't seem to be at all available by telephone, but can only be communicated with through their website / text.

I tried going to the web address in question this morning, and there was an announcement there that my IP address has been banned from that address. My friend in another nearby city  said he had a similar message at that address -- so the fraudsters are probably somehow aware of the fact that folks are onto them.

My "avatar" graphic is Japanese calligraphy (shodō) forming the word shoshin, meaning "beginner's mind". --  http://en.wikipedia.org/wiki/Shoshin -- It is with shoshin that I am now and always "meeting my breath" for the first time. Try it!

Offline JRM

  • Sous Chef
  • ****
  • Posts: 3190
    • View Profile
You should PM Doomer Support here on the Diner on this.  He's the Pro from Dover for tech issues.

RE

Where do I find the link to Doomer Support? How do I contact Doomer Support?
My "avatar" graphic is Japanese calligraphy (shodō) forming the word shoshin, meaning "beginner's mind". --  http://en.wikipedia.org/wiki/Shoshin -- It is with shoshin that I am now and always "meeting my breath" for the first time. Try it!

Offline Eddie

  • Administrator
  • Master Chef
  • *****
  • Posts: 15784
    • View Profile
Doomer Support is the username for one of our members who no longer participates in the forum. Message him using the message system (My-Messages), and remind him who you are and explain your problem. He will get the message. Up to him if he wishes to get involved. Good luck!
What makes the desert beautiful is that somewhere it hides a well.

Offline JRM

  • Sous Chef
  • ****
  • Posts: 3190
    • View Profile
Doomer Support is the username for one of our members who no longer participates in the forum. Message him using the message system (My-Messages), and remind him who you are and explain your problem. He will get the message. Up to him if he wishes to get involved. Good luck!

Okay, thanks!
My "avatar" graphic is Japanese calligraphy (shodō) forming the word shoshin, meaning "beginner's mind". --  http://en.wikipedia.org/wiki/Shoshin -- It is with shoshin that I am now and always "meeting my breath" for the first time. Try it!

Offline JRM

  • Sous Chef
  • ****
  • Posts: 3190
    • View Profile
There's not much more I can do than speculate on this, as there's just too much I don't know about the internet and about the relevant technology and ... conventions and habits of internet use.

It is conceivable (possible) that the mirroring of our Meetup site was done purposely by Meetup.  (???) This would be odd, though, as the site was popping up under a very different URL, and that would tend to confuse people, would it not?

About mirroring: http://www.netlingo.com/word/mirror.php

I informed some other Meetup groups that their Meetup website content was being mirrored by this other site, with another URL, and that I suspected malicious or fraudulent intent.  None of them got back to me. But now I see that -- at least in two different cities / IP addresses -- the relevant site is no longer accessible -- and has a message saying that our IP addresses have been banned.

Could it be that there is a legit reason for this mirroring ... and somebody accidentally left a "back door" open which should have been closed?  If Meetup were deliberately mirroring all of its web sites, wouldn't it use the same URL somehow? -- if just to avoid confusion (and worry) about the source?
My "avatar" graphic is Japanese calligraphy (shodō) forming the word shoshin, meaning "beginner's mind". --  http://en.wikipedia.org/wiki/Shoshin -- It is with shoshin that I am now and always "meeting my breath" for the first time. Try it!

Offline JRM

  • Sous Chef
  • ****
  • Posts: 3190
    • View Profile
The Mystery of the Internet
« Reply #12 on: March 03, 2015, 11:48:04 AM »
Does anyone here know the answer to any of these questions?

1.  Do serious and legitimate big money operations like Meetup.com ever deliberately "mirror" their subscriber's / user's web sites through URLs other than their own domain name? (such that they display as -- e.g. -- http://www.SamsBaconCheesebergers.net/Meetup/VegansOfHamberg-Meetup/)?

2. Should I reasonably suspect fraud if another URL is mirroring my Meetup web site under another URL?

My "avatar" graphic is Japanese calligraphy (shodō) forming the word shoshin, meaning "beginner's mind". --  http://en.wikipedia.org/wiki/Shoshin -- It is with shoshin that I am now and always "meeting my breath" for the first time. Try it!

Offline Eddie

  • Administrator
  • Master Chef
  • *****
  • Posts: 15784
    • View Profile
I think webmasters sometimes mirror a site when they are having server issues. Doomer Support had to do that for the Diner at one point. Beyond that...i can't help you.
What makes the desert beautiful is that somewhere it hides a well.

Offline JRM

  • Sous Chef
  • ****
  • Posts: 3190
    • View Profile
Thanks Eddie.

Here's the "form letter" (auto-response) I got from Meetup.:

"Thank you for contacting us. We understand your issue is important and may be time sensitive. Our Trust and Safety Team will be responding to you as soon as possible. We appreciate your patience.

If you have any concerns about your personal safety, please contact your local authorities.


For some additional resources and general information, you can visit our Help Center:
http://www.meetup.com/help/


Sincerely,

The Trust and Safety Team
Meetup HQ"
My "avatar" graphic is Japanese calligraphy (shodō) forming the word shoshin, meaning "beginner's mind". --  http://en.wikipedia.org/wiki/Shoshin -- It is with shoshin that I am now and always "meeting my breath" for the first time. Try it!

 

Related Topics

  Subject / Started by Replies Last post
0 Replies
270 Views
Last post August 11, 2016, 03:35:22 PM
by Palloy
0 Replies
222 Views
Last post February 02, 2018, 04:17:19 AM
by azozeo
0 Replies
124 Views
Last post July 31, 2018, 11:27:49 AM
by azozeo