A Necessary Change

Recently my sites had been under attack. I did have one site out of four that was mostly untouched, but I try to fend off potential threats as much as I possibly can. This site seems to have been the most vulnerable and no matter what I did, nasty malicious code continued to rear its ugly head. With that said, I removed all pages from my family site until I can work this out. Admittedly, the site sat un-updated for more time than I want to admit, but that is no excuse for malicious code attacks. Please bear with me as I continue to work through this technology snafu.

My Blog-like Journal

Until I have my website rebuilt using a slightly different format, I will continue to post my thoughts and findings here. I have done more research into this major infection than most webmasters would do. That alone should tell you how frustrated I was when I couldn't simply find code and remove it...and how I trusted my hosting company when they said they had cleaned it...oh...and according to them it must be me...failing to protect my passwords or maybe it was a brute force attack (they didn't know?) and/or maybe my own unit was infected, possibly with a keylogger. Really???  Since I wasn't able to talk directly to the Russians who in theory were cleaning my sites, it was impossible to get direct feedback from them. The replies they sent simply said the sites were cleaned...not how or what was found.  Oh, they "cleaned and removed" legit JavaScript that provided my local weather; they "cleaned and removed" a legit JavaScript scroller on one site that provided information about upcoming events. They may have removed other "officially" bad code, but that is not where this rant will lead. If you follow my posted babble, you will find what the hackers did. I regret I can't tell you how they did it because I simply don't know. Others that are developers and far more techie than I will have to publish that info because it is out of my range of information and expertise.

Follow my journal as I attempt to provide readers with my battle against the CookieBomb.

From the Webmaster

WebmasterIt is with great regret that I have to basically down my site to work this out. I should have had a clean copy to replace the site on the server, but due to technical problems beyond my control, that was not possible. The number one rule of a webmaster is to keep clean copies of their sites and I broke that rule by not having a copy of the site in several places like I should have. I've learned and I'm trying to get all my ducks in a row and sort through this mess. If removing all those pages will let me work through this in a timely fashion and having a one page site for a bit will expedite things, I am all for the one page site temporarily.

I figure it is going to take me weeks to rebuild and work through this, but be assured I will keep at it and make a lot of changes to the site, not to mention updates that were sorely needed. Please bear with me and continue to check on my progress. I will give updates as I plug away.

Updated: July 2, 2013

I am very frustrated with Google. I removed my site, yet they will not remove their warning.

July 15, 2013

My battle with Google continues with this site and two others. My fourth site was never "blocked" like the others. Apparently it had only been "brushed lightly" with malicious code injection. If only one site had been effected by all of this, it would be a problem. But having three sites labeled as potentially infectious has been a daunting task to repair. Even my perky upbeat personality is changing to one of bleakness.

Yes, I have used Google's Webmaster Tools...that is a pot of confusion alone...but I have managed to get a small grasp of understanding of the hoops they want me to jump through. Don't misunderstand me. I totally get it that they, like I, want safe web browsing for people going to my sites. But even after I had my "crew" at the hosting company clean up the code and after I have downed this site, I continue to be black listed by Google. The other search engines only give warning when entering through their links, but Google continues to BLOCK entrance! This madness must END!!

August 7, 2013

Time marches on and the battles continue. Not only do I duel with judgment being passed by a large internet conglomeration, I fight equipment failure and software woes. Will it ever end? Well, there is only one way to get my "name" restored and back in good standing and that is to put at least one or two pages up so they can be crawled. I will keep you posted.

August 8, 2013 - CLEAN

Finally clean...well, it has been clean for a very long time, but I've just now got the thumbs up from a very large search engine...one that I had to jump through hoops for. If being blocked wasn't bad enough, consider that I also had equipment and software woes. Having this ban lifted makes my day a little brighter and allows me to progress further with my website construction...not this site but a couple of others.

For those webmasters who "track" website visitors (we really don't know who our visitors are), PLEASE be careful if you note visitors of foreign countries, ESPECIALLY Indonesia. They aren't simply looking at your site for their entertainment or to broaden their knowledge. I had done what was supposed to be done...anti virus...Malware bytes...but I was still hacked via FTP. Maybe it's time I use a hosting company that will allow SFTP and will help BLOCK IPs from countries that are known to do REALLY bad things to sites. My current hosting company does not, but does help remove infections, more of a defense rather than offense position. Be careful out there.

August 14, 2013

A beginning . . .

I have begun creating what I will refer to as the "real" site. It will take a VERY long time to make since I will be using a photo gallery to host my photos, unlike pages that previously housed four or five photos on the "Memories" pages. I may not be able to offer as much description as I once did, but I will still be able to add captions. I currently use the photo gallery maker on two other sites and I like it. I will hope that the overall outcome of the gallery will be as clever as my original photo display.

Stay tuned for my updates on my progress.

Cleaned by hosting company...REALLY??

In my previous log on August 8th, I stated that my current hosting company offered defense of infections rather than offense. Hmmm...I will have a lot more to say on that topic when I complete my new site. But let me simply say that I went through my old webpage files to begin looking for a reference point and decided to look at one of the pages that Google had noted was infected. All looked well...except...well there was this one code...which I had Googled at the time of my reported infection and all that returned in my search was that it referred to a color hex for HTML. Oh, how clever of these hacker monsters from hell...since the attack had just occurred there was no discussion of this code...only the color hex information. It was only this past weekend I Googled and found reference to this code in a forum where not only this code was being discussed by IT professionals, but the actual attack itself. It seems this was a widespread infestation and they are thinking it was months if not years in the making...waiting...like a sleeper cell.

If you haven't figured out by now this infection and removal of my sites has ripped at my very soul. It's silly, but I consider it a personal attack upon my person. These hacker monsters from hell stole from me something personal and treasured. When looking at this one page from my old site, I decided to have a look at some of the others...they all HAD THAT COLOR HEX CODE. Remember, my hosting company had "cleaned" the pages, right? Wrong. No wonder Google would not reconsider my request to be reinstated (but then again, even after I replaced the site with this basic one page they refused my request, but that is another story for another day). When I first downloaded my old site from the remote server, I went through it and found a page containing an iframe page that I had not created nor placed on my server. I believe that was the trigger to load the malicious code. When I found it, I deleted it...now I wish I had not done that. It would have been a good resource to help find out how the code is triggered. Too late.

In finding that the code was present on literally every page of my old site, the code was found and replaced with something to void the code to allow me to view those pages and not risk being a Typhoid Mary. But I am still upset that I was attacked...but what might disturb me even more is the fact that my hosting company (IXWebhosting.com) assured me my sites had been cleaned giving me a false sense of warm fuzzies while dealing with my frustration with Google....and there is another story there about how they were the pot calling the kettle black when they had an infected link on their page. But I digress and that would lead into a totally different story...one you can be assured I will write about once my website construction progresses.

Directly from IXWebhosting site:

IXWebhosting Secure? Are you kidding me?

IXWebhosting secure? They're joking right? They don't even support SFTP for uploading sites which is MORE SECURE than FTP...yet they're secure??? Denial ain't a river in Egypt. Whose site are they proposing that is safe? Their site? Oh wait...they infer it is your site they are protecting? Really?? Then they have major apologizing to do to me because they didn't protect me from squat. Malware monitoring? Again, really? Yes, it is time to jump ship and go with someone...anyone...that allows the site owner to at least access SFTP. I might be placing myself in a zone where I think I will be safer using SFTP, but at least I am willing to try...unlike with IX that won't even allow me to attempt to use a safer mode of uploading my sites and photo galleries.

August 18, 2013

Things Improve

Things are looking brighter. I can now Google this site and not only does it come up, but it actually appears...as #1 in the search...admittedly, I am searching for "Cosner Family", but before the site would not even appear unless I typed the sites name along with a dot com.

I continue to have some anger issues with this whole debacle, but I will work through it. And you know, it would be great if Google would crawl my site...or any search engine.

August 26, 2013

Trying new hosting company...let's see if that helps with things as they are.

August 27, 2013

I may eventually owe Google an apology...but until they fix that link that goes to their own Google Webmaster Tools (Google Webmaster Tools and look at the sub link on the right)...the one that keeps getting "hijacked" and of which they repaired once, but is back again and takes you to Webmaster Tools, but in Indonesian...and most likely is simply a look-a-like Tools site for a festering malicious code attack or waiting to rip off your Google account info..well, when they fix that link and it stays fixed, I will consider an apology for my bad thoughts about how I felt they left me stranded after they blacklisted my sites. I actually understand why they had to do that...but they need to wipe their own table before they tell me my counter is dirty. Just my take on things as I see 'em.

October 27, 2013

Looks like I am falling down on the job, because it's been a while since I last posted here.  I have broken the promise I made to myself about posting on a regular basis. But to be honest, I have a lot of irons in the fire and sometimes I have to tend to certain irons first.

The poetry bug bit me again and I had to write. Actually, the bug didn't come looking for me, I went in search of it. For those of you who don't write it's hard to explain why we that do are driven to put pen to paper. Admittedly, I decided to write this poem because it is going to be a gift for someone at Christmas. Oh, it won't be just a simple poem scribbled onto a piece of paper. I decided to do this up right and it will be framed complete with the theme that I had in mind when writing it. I call it my limerick-ish poem because I followed the basic rules of a limerick, but went beyond the five lines required for a limerick and made 20 lines. In other words, it has four verses. Hey, I had a story to tell and could not accomplish that in five lines. But the poem is cute and includes information about the recipient and her travels. I think she will love it and it will make a great Christmas gift when the entire project is completed.

Glad to Have Gone to New Hosting

Before I get way off track with my train of thought, let me express how wise my decision was to go with another hosting company. The saga with IXWebhosting only gets better...or is that worse? Regardless, I attempted to cancel my remaining time left with them. Yes, I know the account has only until the end of December before it expires, but why would I want to keep it? So I wrote them and explained their downfall and their lack of promised and/or inferred website protection under their hosting services...that I was forced to go with another hosting company which at least allowed an improved method of loading one's site. Ahh....but here is their reply:

"We are sorry to hear that you've had so many issues with your account. We do our best to provide superior support and service, but it sounds like we have failed here.

I apologize, however, per our Terms of Service you have passed the 90 Day Money Back Guarantee and do not qualify for a refund. Your account #xxxxxx is set to Manual and will expire on Dec-29-2013 with no further charges. If, instead, you would like for the account to be canceled now and access to it removed, please let us know, via this ticket, and we will process your request."

Hmmmm...wham-bam, thank you, mam...we have your money and we ain't giving any of it back. No prorating...nothing...zip...nada. I had been with this company since 2007. I even referred people to them. If anybody is reading this, I most certainly do not recommend them now. They outsource their Malware Team to Russia...maybe even more of their behind the scenes part of the company like billing...they just sort of forget to mention that part. Since they do in fact outsource, why do they stress they are located in Columbus, Ohio and that when you "talk" to a tech they will speak English? Rather misleading wouldn't you say? Ah...but their promises to keep your websites safe are also misleading, if not downright untruthful.

Please remember this is my accounting of my experience with IXWebhosting. You are welcome to believe their misleading marketing babble and go with this company as a hosting provider. But would I recommend them in 2013 for you to trust your sites to their servers and their Russian Malware Team? One word...NOPE.

Have You Ever Tried to Help People?

It seems this is personality flaw that I have. It wouldn't be so bad if I charged people for my help, but like my husband says, why would they pay for it if I continue to give it away?

During this snafu with the websites and the massive malicious code injection, I was forced to down three out of four of my sites. One of those sites is one that I made back in 2008 and for a long period of time would update the content and place new photos on the site that I had taken. Not unusual you say...or that is to be expected, and of course you would be right. But this was NOT my site...well it was but it wasn't. I got the domain for someone who was in a financial bind and could not afford the domain and hosting herself. She wanted to promote her puppy breeding business and felt that a website would benefit her greatly and over the years it did generate a lot of traffic. I wanted to help her and free her of the financial and emotional pit she had dug for herself. That "pit" is another story all on its own.

Anyway, I got the domain name for her and I made the site. I even provided hosting for the site. I wrote all the copy for all the pages and the descriptions of each and every puppy placed on the site. I took ALL THE PHOTOS of the puppies myself, usually without assistance.  Have you ever tried to take pictures of puppies without help? If you aren't an octopus, you might as well become one because you are going to need that many arms/hands to accomplish your photo shoot and to have the pictures look at least a little professional. If I had charged her for the photo shoots it would have been defeating my purpose of helping her financially, so the shoots were free...frustrating for me...but at no cost to her.

At first the domain name was free because my hosting company provided domain names at no charge (initially) and could be renewed with "hosting" points. Free for me...I passed that savings on to my friend. Then the hosting company changed their policy. No more renewals with earned points. The domains had to be renewed with cash. Since my friend was in dire straits, I would pay for the domain and award the website to her as a birthday gift. This went on for several years. I kept hinting she needed to take full possession of the domain because it wasn't really my website and I didn't want to own the domain. I simply had gotten it for her and felt it should be in her own name since it was her business that was being promoted. Last year I made that leap and transferred the domain to her name. At no time had she ever paid for this domain. It was always taken care of by me. At this time I informed her that renewal was now her responsibility and even created a document and stored it in her email telling her how to renew when it came time.

In July the domain registrar started sending notices that the domain would expire in October. One would think that a three month period of notices would be adequate to inform an owner of upcoming expiration. Not in this case. During this time period she never once looked at her email although I told her several times she needed to spend time cleaning her inbox out and should look at her email at least once per week. My warnings went unheeded.

October came around and so did her domain expiration. Granted, there is a grace period where a domain owner can pay just the registration and no other fees, but after a period of time a redemption fee is attached. The domain name is more or less held for ransom during this phase of the game and you either pay it or wait to see if it is auctioned off or is returned to the "books" so that anyone can buy it at the regular price of a domain registration. It was during this period of redemption that I learned it had expired and informed my friend. She did not have the money to pay the "ransom" or so called redemption fees. We are still in that phase and the fate of the domain name remains uncertain.

The point to this entire story is that I helped this person for five years. I gave her a domain name at no charge. I gave her hosting at no charge. I created, maintained, and provided content for her site. After five years I feel she either needs to sink or swim. I provided her with an HTML editor program and the already made website. I informed her if she wanted a website she would need to obtain her own hosting service after getting a domain name. I told her it was about time she learned how to edit webpages. If she wanted to sell her product, she would need photos and she should learn a little about her camera and how to take attractive photos of puppies (and mentioned it would be helpful if she were an octopus).

I tried helping her for five long years hoping she would eventually take over her website or at least provide photos and puppy descriptions. None of that ever happened. When she finally realized I was serious about not doing her site and/or hosting one for her, she simply pleaded that she was technology challenged and did not have that aptitude. Well, the way I see it is if you have tried helping someone for five years and you have not progressed one step further from where you began, then it is time to step aside.

The long and short of it is I will continue to help others, but they must make effort to help themselves, too.

February 12, 2014

A New Year . . .

We are well into the new year now and things are going smoothly (knock wood). The only nuisance I am experiencing thus far is tons of spam. With that said, I am changing my email address so that those nice email address harvesters will have to be creative in getting the address. If you wish to email me, you will have to actually type it into your TO: line. Email users will understand what jc at cosnerfamily dot com means. If they don't, well, it's best they don't email me. I have removed the direct email address at the bottom of this page so I should be getting less and less spam (no, I do not wish to purchase Canadian drugs and have no particular need for Viagra). Heck, I have even changed the address.

What I have found disturbing is the spam that says it's for discount prescription drugs (not the Canadian ones) and the emails are actually malware links. Since I don't fully open them (only forward them to spam abuse) and I do that from my spam folder that does not allow active links, I take that time to "research" the origins of the email. Most of the domains are registered in Panama. Some of the domains are potentially hijacked domains and are sitting there waiting like a spider for some poor soul to open the email and click on a link...especially the unsubscribe link.  Like I ever subscribed to such email...sheesh. I even got one that "suggested" it was from CVS...it wasn't...but just think if I used CVS as my pharmacy. I could have easily have opened it in my regular email and I could have been in a real stew.

It's a dangerous world out there and if you have websites that are at risk of infection or hijacking...PLEASE BE PROACTIVE IN YOUR RESPONSIBILTY TO TRY YOUR BEST TO KEEP A CLEAN SITE.  Sites that sit dormant and unchanged for long periods of time are prime targets. With FTP sniffers trying to get your hosting password because they are transmitted in text (not encrypted) is an accident waiting to happen. Get a hosting company that allows SFTP. Oh, I understand nothing is 100% hack free, but simply checking the site on the hosting company server to see if changes have been made to your pages without your knowledge is a good starting point.  Re-upload your site periodically. Make sure there are no "extra" pages in your site that you didn't put there. I know...you think you didn't make changes to a page so there is no need to upload that page again...well, check the date of your page on your computer and compare it to the one on the server...if they don't match...well, you could be a victim of hacker intrusion. Again, be proactive in maintaining your site even if you think your site is benign site and no one would be interested in your content.  Guess what...they aren't. They just want your site and hosting so they can plant malware and infect other computers when someone happens to click on links.  Your site visitor becomes infected and their private and financial information becomes at risk. BE PROACTIVE in your prevention of hacking as best as you can.