AuthorTopic: I need high level internet savy tech help in probable fraud situation - hijack!  (Read 2681 times)

Offline Eddie

  • Administrator
  • Master Chef
  • *****
  • Posts: 16380
    • View Profile
Welcome to Web 2.0. Take a number, and fuck you very much.
What makes the desert beautiful is that somewhere it hides a well.

Offline Surly1

  • Administrator
  • Master Chef
  • *****
  • Posts: 14602
    • View Profile
    • Doomstead Diner
Thanks Eddie.

Here's the "form letter" (auto-response) I got from Meetup.:

"Thank you for contacting us. We understand your issue is important and may be time sensitive. Our Trust and Safety Team will be responding to you as soon as possible. We appreciate your patience.

If you have any concerns about your personal safety, please contact your local authorities.

For some additional resources and general information, you can visit our Help Center:
http://www.meetup.com/help/


Sincerely,
The Trust and Safety Team
Meetup HQ"

 interesting to try to translate this into English:

"This is to knowledge that your inquiry has been received, and placed into a little-tended queue.  While your inquiry may be important to you, our profitability depends upon minimal human intervention, so you're pretty much on your own,  Because even if we believed in tech support, we're not about to spend real money to provide it.  Our trust and safety team (See what we did there; pretty funny, don't you think?)  will get around to you in the fullness of time, or as soon as we can get a temp trained.

"Meanwhile, if your personal safety is at risk, you're very much on your own. This is, after all, America.

"And if our lack of concern about  your issue is not evident enough, feel free to visit our help Center, where you can read a list of FAQs which have nothing to do with your issue.

"Thanks for contacting us, and fuck you."

***

 Sorry you are going through this. Wish I had something to offer besides snark.
"It is difficult to write a paradiso when all the superficial indications are that you ought to write an apocalypse." -Ezra Pound

Offline JRM

  • Sous Chef
  • ****
  • Posts: 3190
    • View Profile
Nope. Not a word.

Nada. Nothing. Zip.
My "avatar" graphic is Japanese calligraphy (shodō) forming the word shoshin, meaning "beginner's mind". --  http://en.wikipedia.org/wiki/Shoshin -- It is with shoshin that I am now and always "meeting my breath" for the first time. Try it!

Offline Palloy

  • Sous Chef
  • ****
  • Posts: 3754
    • View Profile
    • https://palloy.wordpress.com
I suspect that although the fake site mirrors all of your site, it has some extra stuff (maybe ads) that puts malware onto clients' computers, or maybe extra pages that are porn. 

Are you sure your site hasn't had something added to it?  If a common page on the site has the line:
<meta HTTP-EQUIV="REFRESH" content="0; url=http://www.anotherdomain.com/index.html">
in the <head> section near the top, then that will redirect your clients to the fake website.

To look for this, imagine you are a client and go to the normal entry page.
Then in Firefox: Tools > Web Developer > Page source will show you the HTML source of the page.
Other browsers might differ in the details.
If OK, go to the next normal page after that, and repeat.

It sounds like there is a problem with the meet-up package that is being exploited. I recommend dropping it and using something else, and starting again with a new domain name.

Someone has reported your IP address for spam/porn/malware.  You can find out more at http://mxtoolbox.com . Your ISP should help you clear your name, or give you a new IP address.

Don't waste time trying to find out who did it - they will have covered their tracks, and in any case are probably in Bangladesh or Ukraine or somewhere.
The State is a body of armed men

Offline JRM

  • Sous Chef
  • ****
  • Posts: 3190
    • View Profile
I suspect that although the fake site mirrors all of your site, it has some extra stuff (maybe ads) that puts malware onto clients' computers, or maybe extra pages that are porn. 

Are you sure your site hasn't had something added to it?  If a common page on the site has the line:
<meta HTTP-EQUIV="REFRESH" content="0; url=http://www.anotherdomain.com/index.html">
in the <head> section near the top, then that will redirect your clients to the fake website.

To look for this, imagine you are a client and go to the normal entry page.
Then in Firefox: Tools > Web Developer > Page source will show you the HTML source of the page.
Other browsers might differ in the details.
If OK, go to the next normal page after that, and repeat.

It sounds like there is a problem with the meet-up package that is being exploited. I recommend dropping it and using something else, and starting again with a new domain name.

Someone has reported your IP address for spam/porn/malware.  You can find out more at http://mxtoolbox.com . Your ISP should help you clear your name, or give you a new IP address.

Don't waste time trying to find out who did it - they will have covered their tracks, and in any case are probably in Bangladesh or Ukraine or somewhere.


___________________

Someone has reported your IP address for spam/porn/malware.  You can find out more at http://mxtoolbox.com . Your ISP should help you clear your name, or give you a new IP address.

I only use public wifi at libraries or cafes, as I don't have internet service at home.  I checked with friends in various locations with various ISPs, and they all got the same message:


Error 1006 Ray ID: XXXXXXXXXXXXXXXXXX
Access denied
What happened?

The owner of this website (xxxxxxxxxxxxxxxxxxxx.net) has banned your IP address

---- end quote -----

Could all or most IP addresses be on the ban list?

I'm so incompetent "under the hood" with computers that I honestly don't know how to perform the procedure you generously provided instructions for:
Quote
To look for this, imagine you are a client and go to the normal entry page.
Then in Firefox: Tools > Web Developer > Page source will show you the HTML source of the page.
Other browsers might differ in the details.
If OK, go to the next normal page after that, and repeat.

I'm using Firefox, actually, but I don't even know how to find Tools... I think was maybe once on one those "bars" at the top of my computer screen, but I'm not even sure about that! I'm smart at other things, just not with computers! I'm a dunce with computers!



My "avatar" graphic is Japanese calligraphy (shodō) forming the word shoshin, meaning "beginner's mind". --  http://en.wikipedia.org/wiki/Shoshin -- It is with shoshin that I am now and always "meeting my breath" for the first time. Try it!

Offline jdwheeler42

  • Global Moderator
  • Sous Chef
  • *****
  • Posts: 3314
    • View Profile
    • Going Upslope
Someone has reported your IP address for spam/porn/malware.  You can find out more at http://mxtoolbox.com . Your ISP should help you clear your name, or give you a new IP address.

I only use public wifi at libraries or cafes, as I don't have internet service at home.  I checked with friends in various locations with various ISPs, and they all got the same message:


Error 1006 Ray ID: XXXXXXXXXXXXXXXXXX
Access denied
What happened?

The owner of this website (xxxxxxxxxxxxxxxxxxxx.net) has banned your IP address

---- end quote -----

Could all or most IP addresses be on the ban list?
Most public wifi at libraries and cafes could easily be on the ban list.  Since they are open for anyone to access, they can easily be abused by spammers and thus get put on ban lists.  Sounds like you might be SOOL.
Making pigs fly is easy... that is, of course, after you have built the catapult....

Offline JRM

  • Sous Chef
  • ****
  • Posts: 3190
    • View Profile
Most public wifi at libraries and cafes could easily be on the ban list.  Since they are open for anyone to access, they can easily be abused by spammers and thus get put on ban lists.  Sounds like you might be SOOL.

Not so much.

Actually, the only web site I know of which I'm not able to access as a result of banning is the one which has been illegitimately mirroring my group's Meetup web site.
« Last Edit: March 07, 2015, 12:57:34 PM by JRM »
My "avatar" graphic is Japanese calligraphy (shodō) forming the word shoshin, meaning "beginner's mind". --  http://en.wikipedia.org/wiki/Shoshin -- It is with shoshin that I am now and always "meeting my breath" for the first time. Try it!

Offline Palloy

  • Sous Chef
  • ****
  • Posts: 3754
    • View Profile
    • https://palloy.wordpress.com
I've had a look at meetup.com and it looks like you pay them to host everything and provide all the software. So it is them that have been hacked, and not you. And it's their site (which includes your site) that has been mirrored and not you specifically.

If that is correct then there is not much you can do about it - either wait for them to fix it, or start over with someone else.

You probably don't want to go on with what I said before, but in case you do:
To get your Menu Bar back, right-click on a blank area of Firefox's header, above the page display area, then left-click on Menu Bar from the drop-down list.  Then you will see Tools

Tools > Web Developer > Page Source will open a new window (with its own Menu Bar) with the HTML source for the page. Edit > Find should open a dialog box, type in http-equiv and examine the matching lines for REFRESH and url=http://somewhere-else
This would explain how traffic gets diverted to the mirrored web site.
The State is a body of armed men

Offline JRM

  • Sous Chef
  • ****
  • Posts: 3190
    • View Profile
You guys were so right!

I still have not heard from Meetup's "support" people, and now suspect I never will! They are crap!
My "avatar" graphic is Japanese calligraphy (shodō) forming the word shoshin, meaning "beginner's mind". --  http://en.wikipedia.org/wiki/Shoshin -- It is with shoshin that I am now and always "meeting my breath" for the first time. Try it!

Offline JRM

  • Sous Chef
  • ****
  • Posts: 3190
    • View Profile
Thanks Eddie.

Here's the "form letter" (auto-response) I got from Meetup.:

"Thank you for contacting us. We understand your issue is important and may be time sensitive. Our Trust and Safety Team will be responding to you as soon as possible. We appreciate your patience.

If you have any concerns about your personal safety, please contact your local authorities.

For some additional resources and general information, you can visit our Help Center:
http://www.meetup.com/help/


Sincerely,
The Trust and Safety Team
Meetup HQ"

 interesting to try to translate this into English:

"This is to knowledge that your inquiry has been received, and placed into a little-tended queue.  While your inquiry may be important to you, our profitability depends upon minimal human intervention, so you're pretty much on your own,  Because even if we believed in tech support, we're not about to spend real money to provide it.  Our trust and safety team (See what we did there; pretty funny, don't you think?)  will get around to you in the fullness of time, or as soon as we can get a temp trained.

"Meanwhile, if your personal safety is at risk, you're very much on your own. This is, after all, America.

"And if our lack of concern about  your issue is not evident enough, feel free to visit our help Center, where you can read a list of FAQs which have nothing to do with your issue.

"Thanks for contacting us, and fuck you."

***

 Sorry you are going through this. Wish I had something to offer besides snark.
My "avatar" graphic is Japanese calligraphy (shodō) forming the word shoshin, meaning "beginner's mind". --  http://en.wikipedia.org/wiki/Shoshin -- It is with shoshin that I am now and always "meeting my breath" for the first time. Try it!

 

Related Topics

  Subject / Started by Replies Last post
0 Replies
292 Views
Last post August 11, 2016, 03:35:22 PM
by Palloy
0 Replies
241 Views
Last post February 02, 2018, 04:17:19 AM
by azozeo
0 Replies
213 Views
Last post July 31, 2018, 11:27:49 AM
by azozeo