[Ipg-smz] Fellow Geeks: A new one on me.
Tom Henderson
thenderson at extremelabs.com
Tue Apr 2 00:23:26 UTC 2019
Hello Guilders,
I host my site at name.com. I've been there a few years, and have not
been happy with their technical acumen or their support (9am - 6pm MNT).
There is no phone. They have a twitter acct.
Here's what happened: Traffic hijack.
I have a Wordpress site called extremelabs dot com. It's ugly, one page
site. Has a ton of URLs from articles I've written, not much more. It
could have pizazz, but cobbling beautiful sites is for artists, and I'm
not an artist. The UX stinks.
That's not the problem.
I use a Wordpress plugin called WordFence. I've extolled its virtues
before, in print. I've used the pro and free versions. The pro version
is far more powerful, but the free version is ok. I went in to do some
maintenance. I noticed that suddenly, via the WordFence logs, that all
traffic was coming in from a single address on my same subnet at
name.com. GoogleBots, hijackers, even me, came from the same apparent IP
address.
Normally, this proxy behavior, meaning a server was intercepting and
routing all of my traffic. But this behavior makes it appear as though I
have only one host accessing my server, and this behavior also disables
the ability to sense traffic origins (unique origin addresses) so that I
can block it at my will and whimsy. When hijack attempts come, they up
the counters for one IP address, the proxy IP address, and I get locked
out very quickly-- because I have the same address has hijackers and
other ne'er-do-wells. WE ALL HAVE THE SAME IP ADDRESS. There is a way
back in, but it's not easy or delicate.
This traffic pattern started about 2-1/2 days ago. I started complaining
to their support late the first day; note they work Mon-Fri. Tech
support emails respond. Lame auto-replies, here are some handy URLs to
fix your stuff, now go away.
Either there's a proxy inserted (could be a warrant on little ole me,
dunno), a DNS hijack, but given the variety of http_referrers, it's a
proxy.
I complain on Twitter. DM them on Twitter. I hear nothing. Then I went
public on their @namedotcom account, to complain about the outstanding
support tickets that I have. Magically, and without comment, about three
hours ago, traffic now comes in from the entire Internet, unfiltered,
not proxy'd. Fixed.
But they won't comment. Or don't care. Or shenanigans.
Given my knowledge, I'd say that it's very difficult not to believe that
I wasn't proxy'd, but if so, why? It wasn't Squid Proxy; I probed for
that. I have the logs and the traceroutes and the DNS records.
But no answers from name.com.
Maybe it's time to just spend the long day, and migrate to HostGator. I
have ten sites that I manage for non-profits. It's an ordeal.
Ideas? Otherwise, thanks for listening. If there's a rational reply,
I'll post it.
Tom
--
Tom Henderson
ExtremeLabs, Inc.
+1 317 250 4646
Twitter: @extremelabs
Skype: extremelabsinc
More information about the Ipg-smz
mailing list