A Necessary Change

Recently my sites had been under attack. I did have one site out of four that was mostly untouched, but I try to fend off potential threats as much as I possibly can. This site seems to have been the most vulnerable and no matter what I did, nasty malicious code continued to rear its ugly head. With that said, I removed all pages from my family site until I can work this out. Admittedly, the site sat un-updated for more time than I want to admit, but that is no excuse for malicious code attacks. Please bear with me as I continue to work through this technology snafu.

My Blog-like Journal

Until I have my website rebuilt using a slightly different format, I will continue to post my thoughts and findings here. I have done more research into this major infection than most webmasters would do. That alone should tell you how frustrated I was when I couldn't simply find code and remove it...and how I trusted my hosting company when they said they had cleaned it...oh...and according to them it must be me...failing to protect my passwords or maybe it was a brute force attack (they didn't know?) and/or maybe my own unit was infected, possibly with a keylogger. Really???  Since I wasn't able to talk directly to the Russians who in theory were cleaning my sites, it was impossible to get direct feedback from them. The replies they sent simply said the sites were cleaned...not how or what was found.  Oh, they "cleaned and removed" legit JavaScript that provided my local weather; they "cleaned and removed" a legit JavaScript scroller on one site that provided information about upcoming events. They may have removed other "officially" bad code, but that is not where this rant will lead. If you follow my posted babble, you will find what the hackers did. I regret I can't tell you how they did it because I simply don't know. Others that are developers and far more techie than I will have to publish that info because it is out of my range of information and expertise.

Follow my journal as I attempt to provide readers with my battle against the CookieBomb.

From the Webmaster

WebmasterIt is with great regret that I have to basically down my site to work this out. I should have had a clean copy to replace the site on the server, but due to technical problems beyond my control, that was not possible. The number one rule of a webmaster is to keep clean copies of their sites and I broke that rule by not having a copy of the site in several places like I should have. I've learned and I'm trying to get all my ducks in a row and sort through this mess. If removing all those pages will let me work through this in a timely fashion and having a one page site for a bit will expedite things, I am all for the one page site temporarily.

I figure it is going to take me weeks to rebuild and work through this, but be assured I will keep at it and make a lot of changes to the site, not to mention updates that were sorely needed. Please bear with me and continue to check on my progress. I will give updates as I plug away.

Updated: July 2, 2013

I am very frustrated with Google. I removed my site, yet they will not remove their warning.

July 15, 2013

My battle with Google continues with this site and two others. My fourth site was never "blocked" like the others. Apparently it had only been "brushed lightly" with malicious code injection. If only one site had been effected by all of this, it would be a problem. But having three sites labeled as potentially infectious has been a daunting task to repair. Even my perky upbeat personality is changing to one of bleakness.

Yes, I have used Google's Webmaster Tools...that is a pot of confusion alone...but I have managed to get a small grasp of understanding of the hoops they want me to jump through. Don't misunderstand me. I totally get it that they, like I, want safe web browsing for people going to my sites. But even after I had my "crew" at the hosting company clean up the code and after I have downed this site, I continue to be black listed by Google. The other search engines only give warning when entering through their links, but Google continues to BLOCK entrance! This madness must END!!

August 7, 2013

Time marches on and the battles continue. Not only do I duel with judgment being passed by a large internet conglomeration, I fight equipment failure and software woes. Will it ever end? Well, there is only one way to get my "name" restored and back in good standing and that is to put at least one or two pages up so they can be crawled. I will keep you posted.

August 8, 2013 - CLEAN

Finally clean...well, it has been clean for a very long time, but I've just now got the thumbs up from a very large search engine...one that I had to jump through hoops for. If being blocked wasn't bad enough, consider that I also had equipment and software woes. Having this ban lifted makes my day a little brighter and allows me to progress further with my website construction...not this site but a couple of others.

For those webmasters who "track" website visitors (we really don't know who our visitors are), PLEASE be careful if you note visitors of foreign countries, ESPECIALLY Indonesia. They aren't simply looking at your site for their entertainment or to broaden their knowledge. I had done what was supposed to be done...anti virus...Malware bytes...but I was still hacked via FTP. Maybe it's time I use a hosting company that will allow SFTP and will help BLOCK IPs from countries that are known to do REALLY bad things to sites. My current hosting company does not, but does help remove infections, more of a defense rather than offense position. Be careful out there.

August 14, 2013

A beginning . . .

I have begun creating what I will refer to as the "real" site. It will take a VERY long time to make since I will be using a photo gallery to host my photos, unlike pages that previously housed four or five photos on the "Memories" pages. I may not be able to offer as much description as I once did, but I will still be able to add captions. I currently use the photo gallery maker on two other sites and I like it. I will hope that the overall outcome of the gallery will be as clever as my original photo display.

Stay tuned for my updates on my progress.

Cleaned by hosting company...REALLY??

In my previous log on August 8th, I stated that my current hosting company offered defense of infections rather than offense. Hmmm...I will have a lot more to say on that topic when I complete my new site. But let me simply say that I went through my old webpage files to begin looking for a reference point and decided to look at one of the pages that Google had noted was infected. All looked well...except...well there was this one code...which I had Googled at the time of my reported infection and all that returned in my search was that it referred to a color hex for HTML. Oh, how clever of these hacker monsters from hell...since the attack had just occurred there was no discussion of this code...only the color hex information. It was only this past weekend I Googled and found reference to this code in a forum where not only this code was being discussed by IT professionals, but the actual attack itself. It seems this was a widespread infestation and they are thinking it was months if not years in the making...waiting...like a sleeper cell.

If you haven't figured out by now this infection and removal of my sites has ripped at my very soul. It's silly, but I consider it a personal attack upon my person. These hacker monsters from hell stole from me something personal and treasured. When looking at this one page from my old site, I decided to have a look at some of the others...they all HAD THAT COLOR HEX CODE. Remember, my hosting company had "cleaned" the pages, right? Wrong. No wonder Google would not reconsider my request to be reinstated (but then again, even after I replaced the site with this basic one page they refused my request, but that is another story for another day). When I first downloaded my old site from the remote server, I went through it and found a page containing an iframe page that I had not created nor placed on my server. I believe that was the trigger to load the malicious code. When I found it, I deleted it...now I wish I had not done that. It would have been a good resource to help find out how the code is triggered. Too late.

In finding that the code was present on literally every page of my old site, the code was found and replaced with something to void the code to allow me to view those pages and not risk being a Typhoid Mary. But I am still upset that I was attacked...but what might disturb me even more is the fact that my hosting company (IXWebhosting.com) assured me my sites had been cleaned giving me a false sense of warm fuzzies while dealing with my frustration with Google....and there is another story there about how they were the pot calling the kettle black when they had an infected link on their page. But I digress and that would lead into a totally different story...one you can be assured I will write about once my website construction progresses.

Directly from IXWebhosting site:

IXWebhosting Secure? Are you kidding me?

IXWebhosting secure? They're joking right? They don't even support SFTP for uploading sites which is MORE SECURE than FTP...yet they're secure??? Denial ain't a river in Egypt. Whose site are they proposing that is safe? Their site? Oh wait...they infer it is your site they are protecting? Really?? Then they have major apologizing to do to me because they didn't protect me from squat. Malware monitoring? Again, really? Yes, it is time to jump ship and go with someone...anyone...that allows the site owner to at least access SFTP. I might be placing myself in a zone where I think I will be safer using SFTP, but at least I am willing to try...unlike with IX that won't even allow me to attempt to use a safer mode of uploading my sites and photo galleries.

August 18, 2013

Things Improve

Things are looking brighter. I can now Google this site and not only does it come up, but it actually appears...as #1 in the search...admittedly, I am searching for "Cosner Family", but before the site would not even appear unless I typed the sites name along with a dot com.

I continue to have some anger issues with this whole debacle, but I will work through it. And you know, it would be great if Google would crawl my site...or any search engine.

August 26, 2013

Trying new hosting company...let's see if that helps with things as they are.

August 27, 2013

I may eventually owe Google an apology...but until they fix that link that goes to their own Google Webmaster Tools (Google Webmaster Tools and look at the sub link on the right)...the one that keeps getting "hijacked" and of which they repaired once, but is back again and takes you to Webmaster Tools, but in Indonesian...and most likely is simply a look-a-like Tools site for a festering malicious code attack or waiting to rip off your Google account info..well, when they fix that link and it stays fixed, I will consider an apology for my bad thoughts about how I felt they left me stranded after they blacklisted my sites. I actually understand why they had to do that...but they need to wipe their own table before they tell me my counter is dirty. Just my take on things as I see 'em.

October 27, 2013

Looks like I am falling down on the job, because it's been a while since I last posted here.  I have broken the promise I made to myself about posting on a regular basis. But to be honest, I have a lot of irons in the fire and sometimes I have to tend to certain irons first.

The poetry bug bit me again and I had to write. Actually, the bug didn't come looking for me, I went in search of it. For those of you who don't write it's hard to explain why we that do are driven to put pen to paper. Admittedly, I decided to write this poem because it is going to be a gift for someone at Christmas. Oh, it won't be just a simple poem scribbled onto a piece of paper. I decided to do this up right and it will be framed complete with the theme that I had in mind when writing it. I call it my limerick-ish poem because I followed the basic rules of a limerick, but went beyond the five lines required for a limerick and made 20 lines. In other words, it has four verses. Hey, I had a story to tell and could not accomplish that in five lines. But the poem is cute and includes information about the recipient and her travels. I think she will love it and it will make a great Christmas gift when the entire project is completed.

Glad to Have Gone to New Hosting

Before I get way off track with my train of thought, let me express how wise my decision was to go with another hosting company. The saga with IXWebhosting only gets better...or is that worse? Regardless, I attempted to cancel my remaining time left with them. Yes, I know the account has only until the end of December before it expires, but why would I want to keep it? So I wrote them and explained their downfall and their lack of promised and/or inferred website protection under their hosting services...that I was forced to go with another hosting company which at least allowed an improved method of loading one's site. Ahh....but here is their reply:

"We are sorry to hear that you've had so many issues with your account. We do our best to provide superior support and service, but it sounds like we have failed here.

I apologize, however, per our Terms of Service you have passed the 90 Day Money Back Guarantee and do not qualify for a refund. Your account #xxxxxx is set to Manual and will expire on Dec-29-2013 with no further charges. If, instead, you would like for the account to be canceled now and access to it removed, please let us know, via this ticket, and we will process your request."

Hmmmm...wham-bam, thank you, mam...we have your money and we ain't giving any of it back. No prorating...nothing...zip...nada. I had been with this company since 2007. I even referred people to them. If anybody is reading this, I most certainly do not recommend them now. They outsource their Malware Team to Russia...maybe even more of their behind the scenes part of the company like billing...they just sort of forget to mention that part. Since they do in fact outsource, why do they stress they are located in Columbus, Ohio and that when you "talk" to a tech they will speak English? Rather misleading wouldn't you say? Ah...but their promises to keep your websites safe are also misleading, if not downright untruthful.

Please remember this is my accounting of my experience with IXWebhosting. You are welcome to believe their misleading marketing babble and go with this company as a hosting provider. But would I recommend them in 2013 for you to trust your sites to their servers and their Russian Malware Team? One word...NOPE.

February 12, 2014

A New Year . . .

We are well into the new year now and things are going smoothly (knock wood). The only nuisance I am experiencing thus far is tons of spam. With that said, I am changing my email address so that those nice email address harvesters will have to be creative in getting the address. If you wish to email me, you will have to actually type it into your TO: line. Email users will understand what jc at cosnerfamily dot com means. If they don't, well, it's best they don't email me. I have removed the direct email address at the bottom of this page so I should be getting less and less spam (no, I do not wish to purchase Canadian drugs and have no particular need for Viagra). Heck, I have even changed the address.

What I have found disturbing is the spam that says it's for discount prescription drugs (not the Canadian ones) and the emails are actually malware links. Since I don't fully open them (only forward them to spam abuse) and I do that from my spam folder that does not allow active links, I take that time to "research" the origins of the email. Most of the domains are registered in Panama. Some of the domains are potentially hijacked domains and are sitting there waiting like a spider for some poor soul to open the email and click on a link...especially the unsubscribe link.  Like I ever subscribed to such email...sheesh. I even got one that "suggested" it was from CVS...it wasn't...but just think if I used CVS as my pharmacy. I could have easily have opened it in my regular email and I could have been in a real stew.

It's a dangerous world out there and if you have websites that are at risk of infection or hijacking...PLEASE BE PROACTIVE IN YOUR RESPONSIBILTY TO TRY YOUR BEST TO KEEP A CLEAN SITE.  Sites that sit dormant and unchanged for long periods of time are prime targets. With FTP sniffers trying to get your hosting password because they are transmitted in text (not encrypted) is an accident waiting to happen. Get a hosting company that allows SFTP. Oh, I understand nothing is 100% hack free, but simply checking the site on the hosting company server to see if changes have been made to your pages without your knowledge is a good starting point.  Re-upload your site periodically. Make sure there are no "extra" pages in your site that you didn't put there. I know...you think you didn't make changes to a page so there is no need to upload that page again...well, check the date of your page on your computer and compare it to the one on the server...if they don't match...well, you could be a victim of hacker intrusion. Again, be proactive in maintaining your site even if you think your site is benign site and no one would be interested in your content.  Guess what...they aren't. They just want your site and hosting so they can plant malware and infect other computers when someone happens to click on links.  Your site visitor becomes infected and their private and financial information becomes at risk. BE PROACTIVE in your prevention of hacking as best as you can.

May 18, 2014

Time to Update a Bit

It's been a while since I have posted on this page. It doesn't mean I didn't re-up the page to make sure it keeps a clean copy on the site. I always have that in the back of my mind. People that don't do websites (and some that do sites) don't understand the importance of making sure the pages don't get hit with injected malicious code and an easy way to circumvent that from happening is to simply reload the pages. Heck, I wouldn't have understood if it hadn't happened to me. But I do know and I will continue my rants and constant vigil to protect my sites as much as I possibly can.

What to address here? Well, let's discuss spam/spoofing/hacked email. I was getting so much spam at my websites' email address that I had to remove the active email links. Did that help? You bet 'cha. When I removed the links I also changed the email addresses because the other addresses had already been harvested. If I was going to "replant" I had to use new seed...right? Well, by making the active click here email link go away and using forms to communicate on my other sites made the spam virtually disappear. Will it stay gone? I honestly don't know, but it has been working so far and that is what counts. The best defense is offense.

July 19, 2014

ALERT: BE ON THE LOOK OUT

Yep, have had a lot and I mean a lot of curious visits to my websites as of the last month.  These are NOT just any visitors, but those that most likely that are up to no good. Please run scans for Malware on your computer systems and if you don't have an anti-virus on your computer, please get one and update it. I have no idea what these visitors are trying to do, but I will discuss this situation with my hosting company next week and see if there is anything I should be concerned about.

Remember, many innocent sites are hacked...may people that have sites don't know who comes and goes from their sites. I do...not that I can say Sue from Tallahasse visited last Wedneday, but I track regions and countrys to monitor my sites for my safety as well as yours.

So be on the look out for spammers...a good bit of it is coming out of Brazil.