[Ipg-smz] Fellow Geeks: A new one on me.

Lynn Greiner lists at itwriter.com
Tue Apr 2 14:53:49 UTC 2019 

My ISP, Sibername, helps people move their sites to it, FWIW.

-----Original Message-----
From: Ipg-smz <ipg-smz-bounces at netpress.org> On Behalf Of Tom Henderson
Sent: Tuesday, April 2, 2019 8:02 AM
To: ipg-smz at netpress.org
Subject: Re: [Ipg-smz] Fellow Geeks: A new one on me.

My motivations are diffuse. The site isn't very important to me, doesn't
produce revenue, and no one was harmed during the incident.

As a geek, I want to know what shenanigans were at work, although much could
be explained by stupidity. Exposing that stupidity helps the next Joe or
Jane decide whether to use their services.

As a journalist, helping people understand the shenanigans, what was going
on, how to detect such strangeness, is meaningful educationally.

As a vindictive SOB, I'd like to punish them for the time I had to take to
blast through to get the expletives-deleted site fixed. On a weekend.

Now I must allocate a few days, rsync, move DNS, setup a new hosting
company, and exit name.com flatulence for other potential hosting
flatulence.

There's a Dreamhost site that I manage that is moving to HostGator mid-month
and yes, they have 24/7 support. That's why I'm tempted to move there.

I document everything, religiously, knowing that one day, my castigations
could be the crux of litigation. I've had torts slung at me before. Perhaps
others are not so tidy.

I've had Rackspace accts before. Perhaps I should consider them again. I
wonder that much rain will make many cloud vendors go away, down the river,
to the sea.

Tom


On 4/2/19 12:09 AM, Christine Hall wrote:
> I won't use a hosting service that doesn't offer top flight tech 
> support 24/7 -- and I'm willing to pay for it. The minute I see a 
> host's tech support starting to degrade, I start looking elsewhere.
> Been there, done that, too many times. For the last six years or so, 
> I've been very happy with the IT guys at Known Host. They answer a 
> ticket in less than a couple of minutes, and usually have the issue 
> resolved within 15 minutes -- and keep me informed on what they're 
> doing along the way.
>
> Christine Hall
> Publisher & Editor
> FOSS Force: Keeping tech free
> http://fossforce.com
>
> On 4/1/19 8:23 PM, Tom Henderson wrote:
>> Hello Guilders,
>>
>> I host my site at name.com. I've been there a few years, and have not 
>> been happy with their technical acumen or their support (9am - 6pm 
>> MNT). There is no phone. They have a twitter acct.
>>
>> Here's what happened: Traffic hijack.
>>
>> I have a Wordpress site called extremelabs dot com. It's ugly, one 
>> page site. Has a ton of URLs from articles I've written, not much 
>> more. It could have pizazz, but cobbling beautiful sites is for 
>> artists, and I'm not an artist. The UX stinks.
>>
>> That's not the problem.
>>
>> I use a Wordpress plugin called WordFence. I've extolled its virtues 
>> before, in print. I've used the pro and free versions. The pro 
>> version is far more powerful, but the free version is ok. I went in 
>> to do some maintenance. I noticed that suddenly, via the WordFence 
>> logs, that all traffic was coming in from a single address on my same 
>> subnet at name.com. GoogleBots, hijackers, even me, came from the 
>> same apparent IP address.
>>
>> Normally, this proxy behavior, meaning a server was intercepting and 
>> routing all of my traffic. But this behavior makes it appear as 
>> though I have only one host accessing my server, and this behavior 
>> also disables the ability to sense traffic origins (unique origin
>> addresses) so that I can block it at my will and whimsy. When hijack 
>> attempts come, they up the counters for one IP address, the proxy IP 
>> address, and I get locked out very quickly-- because I have the same 
>> address has hijackers and other ne'er-do-wells. WE ALL HAVE THE SAME 
>> IP ADDRESS. There is a way back in, but it's not easy or delicate.
>>
>> This traffic pattern started about 2-1/2 days ago. I started 
>> complaining to their support late the first day; note they work 
>> Mon-Fri. Tech support emails respond. Lame auto-replies, here are 
>> some handy URLs to fix your stuff, now go away.
>>
>> Either there's a proxy inserted (could be a warrant on little ole me, 
>> dunno), a DNS hijack, but given the variety of http_referrers, it's a 
>> proxy.
>>
>> I complain on Twitter. DM them on Twitter. I hear nothing. Then I 
>> went public on their @namedotcom account, to complain about the 
>> outstanding support tickets that I have. Magically, and without 
>> comment, about three hours ago, traffic now comes in from the entire 
>> Internet, unfiltered, not proxy'd. Fixed.
>>
>> But they won't comment. Or don't care. Or shenanigans.
>>
>> Given my knowledge, I'd say that it's very difficult not to believe 
>> that I wasn't proxy'd, but if so, why? It wasn't Squid Proxy; I 
>> probed for that. I have the logs and the traceroutes and the DNS 
>> records.
>>
>> But no answers from name.com.
>>
>> Maybe it's time to just spend the long day, and migrate to HostGator. 
>> I have ten sites that I manage for non-profits. It's an ordeal.
>>
>> Ideas? Otherwise, thanks for listening. If there's a rational reply, 
>> I'll post it.
>>
>> Tom
>>
>>
>
--
Tom Henderson
ExtremeLabs, Inc.
+1 317 250 4646
Twitter: @extremelabs
Skype: extremelabsinc


--
Ipg-smz mailing list
Ipg-smz at netpress.org
http://netpress.org/mailman/listinfo/ipg-smz_netpress.org

More information about the Ipg-smz mailing list