[Ipg-smz] Fellow Geeks: A new one on me.

Tue Apr 2 04:09:31 UTC 2019

I won't use a hosting service that doesn't offer top flight tech support 
24/7 -- and I'm willing to pay for it. The minute I see a host's tech 
support starting to degrade, I start looking elsewhere. Been there, done 
that, too many times. For the last six years or so, I've been very happy 
with the IT guys at Known Host. They answer a ticket in less than a 
couple of minutes, and usually have the issue resolved within 15 minutes 
-- and keep me informed on what they're doing along the way.

Christine Hall
Publisher & Editor
FOSS Force: Keeping tech free
http://fossforce.com

On 4/1/19 8:23 PM, Tom Henderson wrote:
> Hello Guilders,
> 
> I host my site at name.com. I've been there a few years, and have not 
> been happy with their technical acumen or their support (9am - 6pm MNT). 
> There is no phone. They have a twitter acct.
> 
> Here's what happened: Traffic hijack.
> 
> I have a Wordpress site called extremelabs dot com. It's ugly, one page 
> site. Has a ton of URLs from articles I've written, not much more. It 
> could have pizazz, but cobbling beautiful sites is for artists, and I'm 
> not an artist. The UX stinks.
> 
> That's not the problem.
> 
> I use a Wordpress plugin called WordFence. I've extolled its virtues 
> before, in print. I've used the pro and free versions. The pro version 
> is far more powerful, but the free version is ok. I went in to do some 
> maintenance. I noticed that suddenly, via the WordFence logs, that all 
> traffic was coming in from a single address on my same subnet at 
> name.com. GoogleBots, hijackers, even me, came from the same apparent IP 
> address.
> 
> Normally, this proxy behavior, meaning a server was intercepting and 
> routing all of my traffic. But this behavior makes it appear as though I 
> have only one host accessing my server, and this behavior also disables 
> the ability to sense traffic origins (unique origin addresses) so that I 
> can block it at my will and whimsy. When hijack attempts come, they up 
> the counters for one IP address, the proxy IP address, and I get locked 
> out very quickly-- because I have the same address has hijackers and 
> other ne'er-do-wells. WE ALL HAVE THE SAME IP ADDRESS. There is a way 
> back in, but it's not easy or delicate.
> 
> This traffic pattern started about 2-1/2 days ago. I started complaining 
> to their support late the first day; note they work Mon-Fri. Tech 
> support emails respond. Lame auto-replies, here are some handy URLs to 
> fix your stuff, now go away.
> 
> Either there's a proxy inserted (could be a warrant on little ole me, 
> dunno), a DNS hijack, but given the variety of http_referrers, it's a 
> proxy.
> 
> I complain on Twitter. DM them on Twitter. I hear nothing. Then I went 
> public on their @namedotcom account, to complain about the outstanding 
> support tickets that I have. Magically, and without comment, about three 
> hours ago, traffic now comes in from the entire Internet, unfiltered, 
> not proxy'd. Fixed.
> 
> But they won't comment. Or don't care. Or shenanigans.
> 
> Given my knowledge, I'd say that it's very difficult not to believe that 
> I wasn't proxy'd, but if so, why? It wasn't Squid Proxy; I probed for 
> that. I have the logs and the traceroutes and the DNS records.
> 
> But no answers from name.com.
> 
> Maybe it's time to just spend the long day, and migrate to HostGator. I 
> have ten sites that I manage for non-profits. It's an ordeal.
> 
> Ideas? Otherwise, thanks for listening. If there's a rational reply, 
> I'll post it.
> 
> Tom
> 
>