Posts Tagged ‘BlueHost’

« Older Entries

This Day Eaten By Bluehost

Monday, October 2nd, 2023

Content should resume tomorrow, assuming I’m not suffering from the same endless unavailability and timeout errors…

Tags:,
Posted in Uncategorized | No Comments »

Did I Get a DDos Attack From Russia?

Tuesday, September 27th, 2022

At some point during yesterday’s diagnosis of my ongoing technical difficulties, the BlueHost technician asked if 185.122.204.37 was my IP, because there were something like 30,000+ hits from it that day. I verified it wasn’t mine, and that it wasn’t Instapundit (which had linked me that day), and did a reverse DNS lookup, which brought up the following:

IP Location: 185.122.204.37

185.122.204.37 appears to be located in Moscow, Russia and allocated to Chang Way Technologies Co. Limited. Autonomous System Number (ASN) code for 185.122.204.37 is AS57523. IP Address local time zone is Europe/Moscow (+0300). PTR record is set to 185.122.204.37.

That’s a very curious site to be sending me traffic, since I’m seeing none of it in my stats counter. Could I be receiving a low-grade DoS attack due to my criticisms of Putin’s war in Ukraine, or even my coverage of China’s slow-motion economic collapse, given the Chinese-sounding company? Possibly, though given BlueHost’s history, there are certainly far more prosaic explanations for my ongoing difficulties.

Also, speaking of Internet bogusity, if you search for “Battleswarm” and some topic I’ve covered (say, “Beto”), the top links are not from my blog, but from some BS “https://jawabansmk.my.id” domain that’s scraping my content and then doing all sorts of clickjacking redirect bullshit. This may be entirely unrelated to the slowness issues and the Russian/Chinese IP above, but if you would, do a Google search “BattleSwarm” and something I’ve covered, and if that site comes up, click on those three dots next to the results that send feedback to Google to remove that result. Something like: “This is not battleswarmblog.com, this is a clickjacking malware site scraping the content of battleswarmblog.com. Please delete this domain from your listings.”

Also, normally I like everything to go to my posts, but given the recent difficulties, please feel free to reprint this entire message when linking, so regular readers will know what’s up.

As for a tech update on the ongoing problems, my dashboard actions are still dog slow, but the issue has been escalated.

Tags:, , ,
Posted in Foreign Policy, Uncategorized | 10 Comments »

Blog Outage Update

Wednesday, August 17th, 2022

Yesterday afternoon, BattleSwarm went down with 500 errors. Contacting Bluehost, they said it was a problem with an old stats plugin. When I went into my dashboard to fix this, surprise! Nothing worked! And the blog was still down hard.

After two round-and-round chat sessions with Indian technical support personnel using vague screen replies, the problem still wasn’t resolved, and they told me it was a server-wide problem affecting many people. And indeed, I’m evidently not alone in having a problem with BlueHost.

Also, this notice from https://www.isitdownrightnow.com doesn’t exactly suggest a company brimming with confidence.

Right now, the blog appears to be up, though with the characteristic slowness and dropped connections during editing that seem common this year. I have not received the email that the second Indian technical support guy promised would be sent when things were resolved.

Hopefully it will stay up long enough to update some plugins…

Tags:, ,
Posted in Uncategorized | 2 Comments »

LinkSwarm for September 24, 2021

Friday, September 24th, 2021

Greetings, and welcome to another Friday LinkSwarm! Unexpectedly, Austin’s fall started the first day of fall! That never happens!

  • The Biden Administration wants the IRS to have access to all your banking transactions of $600 or more. Good thing the IRS under Democratic Presidents has never abused IRS information in the past…
  • Speaking of the IRS, Slow Joe may owe may owe more than $500,000 in back taxes.
  • China bans all cryptocurrency transactions. I can’t possibly see this move backfiring on them in any way…

  • John Kerry’s commie connection. “Kerry’s latest filing with the Office of Government Ethics shows Teresa Kerry benefits from an investment of at least $1 million in a hedge fund specializing in private partnerships with Chinese government-controlled funds.” (Hat tip: Stephen Green at Instapundit.)
  • Duh: “Biden aides set up a ‘wall’ to shield him from unscripted events.” Like reporters questions…
  • “Hillary Clinton Is The Most Systemically Manipulative Politician Of Our Lifetime.

    The Indictment of Hillary Clinton campaign lawyer Michael Sussman for allegedly lying to the FBI has a lot of people grumbling about how long it took prosecutor John Durham to finally come up with an indictment of someone with regard to the Russia collusion hoax. And even then, while Sussman was an important lawyer at an important Democrat operative law firm, his indictment has a “that’s it?” feel to it.

    But, the 27-page Indictment is a wealth of information, and hopefully a roadmap to wider and more substantial prosecutions (you can’t take my hope away!). What the indictment demonstrates is that the Russia collusion claim leveled against Donald Trump and the Trump campaign was a fabrication of Hillary Clinton operatives who peddled the fraud to the media and FBI, allowing Clinton to use the media reports in the campaign against Trump.

    Much like the fabricated Steele Dossier, also paid for and arranged by Clinton operatives, Hillary Clinton and Clintonworld perpetrated a massive fraud on the American public which not only manipulated the election process but also froze the Trump presidency and nearly paralyzed the nation politically for years.

    We have had some pretty terrible politicians in our lifetime, and it’s always dangerous to say “the worst” — but the Russia collusion hoax fabricated by Hillary Clinton operatives proves beyond little doubt that Hillary Clinton is the most systemically manipulative politician of our lifetime.

  • “[EcoHealth Alliance head Peter] Daszak Admits Fauci Funded Chinese Coronavirus Research at Conference Featuring Hunter Biden-Linked Pandemic Group.” It’s like a giant debutante ball of all the last few years’ scandals rolled into one… (Hat tip: Director Blue.)
  • “Members Of Congress, Staff Exempt From Biden Vaccine Mandate.” Because of course they are.
  • Forget the MSM spin: Here’s what the Maricopa County audit really found:
    • None of the various systems related to elections had numbers that would balance and agree with each other. In some cases, these differences were significant.
    • There appears to be many ballots cast from individuals who had moved prior to the election.
    • Files were missing from the Election Management System (EMS) Server.
    • Ballot images on the EMS were corrupt or missing.
    • Logs appeared to be intentionally rolled over, and all the data in the database related to the 2020 General Election had been fully cleared.
    • On the ballot side, batches were not always clearly delineated, duplicated ballots were missing the required serial numbers, originals were duplicated more than once, and the Auditors were never provided Chain‐of‐ Custody documentation for the ballots for the time‐period prior to the ballot’s movement into the Auditors’ care. This all increased the complexity and difficulty in properly auditing the results; and added ambiguity into the final conclusions.

    (Hat tip: Stephen Green at Instapundit.)

  • Old and busted: Illegal aliens on the border at Del Rio have Flu Manchu. The new hotness:

  • R. S. McCain on Missing White Woman Syndrome:

    That’s the thing about a Missing White Woman story — the damsel-in-distress angle only works, in terms of TV news ratings, if the missing woman is young and attractive, preferably blonde. Males can and do go missing, but those disappearances never dominate national news. It’s always a woman, and a young, attractive woman — if she’s old, fat or ugly, nobody cares if she goes missing. But the nubile blonde? Oh, yeah, that’s nationwide headline stuff, because she’s Prime Rape Bait, and sex is the secret ingredient in the Missing White Woman story.

    Beyond the cynical calculations of ratings-hungry TV news producers, however, what’s really wrong with Missing White Woman Syndrome is not the kind of “social justice” concerns Joy Reid is talking about. No, what’s wrong is that it feeds the public’s distorted ideas about crime.

    How many people are murdered in America annually? Nearly 14,000 in 2019, according to the FBI, and about 78% of the victims were male. In terms of statistical risk, then, males were nearly four times more likely to be murdered than women, but how many of those murdered men become national news? Not many. And how many murder victims are white? About 5,800 in 2019 — 42% of the total — whereas blacks were 54% of the total murders. There were 1,759 white women murdered in 2019 — 12.6% of the total, according to the FBI — compared to 6,446 black males, 46.3% of the total. So the death of Gabby Petito was anomalous, a comparative rarity in the overall crime situation in America.

    A blonde, blue-eyed “social media influencer” is not typical of murder victims, who are disproportionately male and black. During the month of August, when Gabby and her boyfriend were on their excursion across the West, 87 people were killed and 424 were wounded in Chicago. Did any of those Chicago victims make national news? Well, about 83% of the victims in Chicago were black, and none were blonde, blue-eyed 22-year-old “social media influencers.” Not newsworthy, you see?

    The selectivity of the news media in deciding which murders deserve national attention is a sort of bias that most people never notice. Why does the death of one black in police custody become a cause célèbre, while the vast majority of murdered black men — about 125 a week, on average — never get any national media attention? Because the death of George Floyd fit a specific political narrative. And why does the disappearance of a blonde girl with an Instagram account get hourly updates on the cable-news networks? Because it’s a convenient distraction from the disastrous failure of Joe Biden’s presidency.

  • Twitter is so scared of Nikki Minaj’s cousin’s balls that they suspended her account.
  • In fact, there were at least 46 reports of swollen balls (and another 76 of testicular pain) in the VAERS database of adverse reactions.
  • People who wanted Biden to win to see a “return to normal” are being gravely disappointed:

    In traditional Washington fashion, Biden has ignored that message voters sent and delivered the opposite. In less than seven months, we have found that Biden is far from that empathetic persona he has crafted over the years, and we have not returned to anything near normal.

    And Biden lies. Not tiny little lies, but ones that affect events that are deeply tragic. Last week, he told leaders in the Jewish community that he visited the Tree of Life Synagogue in Pittsburgh, where 11 people were slaughtered during a service in 2018.

    Synagogue officials said he was never there.

    One can only guess he said this as an attempt to continue the manufactured empathy he allegedly possesses. Forgetfulness is not an excuse anyone should accept.

    Nor is it normal.

    In fact, the only thing the Biden presidency has done most effectively is prove that we are not on the path to normality under his administration.

    From the uneven overall economy to soaring inflation to the humiliating debacle in Afghanistan, and from Biden’s insistence to spend our money like a drunken sailor to the crisis at the Mexican border that he has blatantly ignored and to how he has politicized the pandemic: None of this is normal, none of this promotes stability, none of this is what an exhausted electorate bargained for.

  • “18 Months of Ammo Sales during a Pandemic, Protests, and the Biden Presidency.”

    Over the past 18 months our overall sales have increased as follows:

    • 590% increase in revenue
    • 604% increase in transactions
    • 271% increase in site traffic
    • 77% increase in conversion rate

    This data is from February 23, 2020 – August 23, 2021, when compared to the previous 18 months (August 24, 2018 – February 22, 2020).

    Leading the way: Texas, with a 736% increase.

    9mm was the most popular ammunition just about everywhere, followed by .223 and 5.56 NATO.

  • “Maspeth High School [NYC] created fake classes, awarded bogus credits, and fixed grades to push students to graduate — ‘even if the diploma was not worth the paper on which it was printed,’ an explosive investigative report charges. Principal Khurshid Abdul-Mutakabbir demanded that teachers pass students no matter how little they learned, says the 32-page report by the Special Commissioner of Investigation for city schools, Anastasia Coleman.”
  • “A Chinese student in Canada had two followers on Twitter. He still didn’t escape Beijing’s threats over online activity.”
  • Alexandria Ocasio Cortez’s gambit to have funding for Israel’s Iron Dome missile defense system stripped backfires, with the funding passing 420-9. Now there’s principled case to be made against the U.S. funding Iron Dome, as part of a broader initiative to eliminate all foreign aid because it’s not an enumerated responsibility of the federal government, because we’re already running huge budget deficits, and because Israel is a prosperous, modern country that shouldn’t need our charity. But we all know that not why The Squad presented this bill.

  • Austin Police Chief Joseph Chacon drops the interim from his title.
  • Word is that pick isn’t popular with the rank and file:

  • Speaking of APD, they’ve announced that staffing problems means that they won’t be responding to non-emergency calls. All the more reason to vote for Prop A.
  • In the UK: “Our eco-obsessed government is sleepwalking into an energy crisis….we could be facing a hard winter of higher energy bills and even blackouts.”
  • More children have died from gunfire in Chicago than have died from Flu Manchu nationwide. (Hat tip: Instapundit.)
  • Some inconvenient truths:

  • Islamic terrorist dirtnapped in Indonesia. “The military earlier said the militants killed late Saturday were Ali Kalora, leader of the East Indonesia Mujahideen network that has claimed several killings of police officers and minority Christians, and another suspected extremist, Jaka Ramadan, also known as Ikrima.” (Hat tip: Rantburg.)
  • “Family Farms Won’t Escape Biden’s New Tax.”
  • Why freight rail makes money, and passenger rail doesn’t. (Hat tip: Borepatch.)
  • Round Rock ISD school board tries to censure dissenters.
  • Speaking of people on the Round Rock ISD enemies list, here’s the legal fee fundraiser page for Dustin Clark and Jermey Story.
  • “Does a professor have the right to say ‘China virus’? At UDallas, the answer is no.”
  • “Black People Who Oppose Critical Race Theory Are Being Erased.”

    Our current moment is often described as a “racial reckoning.” In reality, what this often means is that a narrative about Black victimization has gone mainstream. We hear endlessly about systemic racism, white supremacy, the black/white income gap, and police brutality. So powerful an ideology has this narrative become that those of us who pose a credible counter-narrative—black anti-woke writers, for example—frequently find our words being misconstrued in an effort to stanch their impact.

    This doesn’t happen to everyone who opposes the Critical Social Justice narrative of black victimization. White dissenters are simply called “racist” while many black dissenters are considered tragic victims of internalized racism. But things get ugly when woke Critical Social Justice proponents encounter a certain kind of black person who does not align with their preferred victim narrative and instead emphasizes his or her own individuality or self-regard. Such people present a threat to the woke narrative, since that narrative insists that all black people are victims of white supremacy, meaning anyone who insists on their individuality and their own power proves the falsity of that victim narrative; if the woke narrative were true, such people should not be able to exist.

    Which means that when we claim to exist, antiracist woke warriors need to erase us, using a logical fallacy I call “erase and replace.” Erase and replace is a combination of the strawman and ad hominem logical fallacies. The move involves taking the argument someone is making and substituting it for one that fits more neatly into the woke victim narrative by specifically targeting the character of the challenger—since it is, in part, their character that is the greatest challenge.

  • “Chris Cuomo accused of sexually harassing former boss at 2005 party.” “A former ABC executive producer has accused Chris Cuomo of sexually harassing her at a 2005 work party after he grabbed her butt in front of her husband and co-workers.” If she was his boss, does that technically count as sexual harassment? In New York, I believe such an offense would fall under the statute for “forcible touching,” which is a class A misdemeanor. Do you think that this is coming out now because, with his brother out of office, Fredo is no longer of any particular political use to CNN?
  • ACLU alters Ruth Bader Ginsberg’s words to eliminate #Wrongthink.

  • Shatner…IN SPAAAAACE! (Hat tip: Ed Driscoll at Instapundit.)
  • “CDC Cautions Against Taking The Red Pill.”
  • “I hope I’m getting union scale for this!”

    • Also, a technical note: Bluehost will be doing server maintenance Friday night and Saturday morning, so the blog might be temporarily down then.

    Tags:, , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
    Posted in Austin, Border Control, Communism, Crime, Democrats, Elections, Foreign Policy, Guns, Jihad, Media Watch, Social Justice Warriors, Texas | 2 Comments »

    Technical Difficulties

    Tuesday, September 7th, 2021

    My blogs were down this morning (both BattleSwarm and https://www.lawrenceperson.com/), and some features (like tag auto-population) still don’t seem to be working. No explanation from BlueHost for the outage except “There are too many process, I killed all the process but it keeps re-generating,” which is a symptom of the issue, not the issue itself.

    Anyway, the upshot is no real blog post this morning, so instead enjoy a compilation of random Golden Retriever videos.

    Tags:, , , ,
    Posted in Uncategorized, video | No Comments »

    Blogging and Its Discontents

    Tuesday, November 17th, 2020

    The good news: Yesterday, I got linked from Instapundit twice! Since the purpose of a blog is to communicate, this means a big bump in daily visit statistics!

    The bad new: Yesterday, I got linked from Instapundit twice! The increased traffic displayed, yet again, how creaky and unreliable BlueHost’s services have become.

    Pretty much every time I’m linked from Instapundit, people complain “Oh, we killed Lawrence’s server again!” Variegated 404, 500 and Site Unavailable errors abound.

    Every time I point out to BlueHost that they seem to be running my blog on a severely resource-constrained server (most likely a virtual cloud server of some sort, time-shared with a whole bunch of other websites/blogs), they always go “Well, it’s not our problem! Your site is just too unoptimized!” and point me to gtmetrix. Evidently embedded Tweets use up a huge number of resources, which makes me wonder why Twitchy doesn’t seem to have these problems at much higher loads.

    Keep in mind that I’m running an old stock version of WordPress, with the bare minimum of necessary plugins (like AntispamBee) with BlueHost’s stock tools. So it’s not like I’m doing something wacky and unorthodox.

    When I mention these problems on Twitter, other hosting companies come out of the woodwork and say “Yeah, you could improve some things, but there’s no reason for BlueHost to suck so bad.”

    To improve speed, I’m looking at several different cache plugins for WordPress, including:

  • WP Super Cache
  • Autoptimize
  • Jetpack
  • WP-Optimize
  • WP fastest Cache

    • All are rated between four to five stars, all have a majority of users who say “Wow, this really sped up my site,” and all have a small number of reviewers who say “Agggggh, this trashed my site! Stay far away!”

    If you’re a WordPress blogger reading this, let me know if you have experience with any of those and how well the worked for you.

    I just did a manual backup of my WordPress database, but I should probably install some sort of backup plugin as well. Here’s another area WordPress users can tell me what works best for them.

    During Instalanches, some worried whether I’d been deplatformed, since WordPress is evidently kicking Conservative Treehouse off their platform. The answer is no, it’s just BlueHost sucking, and the Treehouse guys get a lot more traffic than I do. I’m sure I would be irritating enough to deplatform if Big Tech were more aware of me, but right now I seem to enjoy security through obscurity.

    Some have asked whether they can donate to get me a new server. While that would be swell (and see the donation button below), my immediate preference would be for BlueHost to stop sucking so I don’t have to go through the pain of transferring my blog to a new provider.

    BattleSwarm is, at best, a break-even proposition for me, after donations and Amazon affiliate links are factored in, specially since I haven’t let anyone put their crappy adware on my site. For several years now, I’ve managed to put up a blog post every single day. I started blogging due to outrage during the Obama Administration (and because Dwight took the plunge first), and if Biden manages to make his stolen election stick, I certainly don’t see less reason to blog. But it would be nice to get paid more for it.

    In the past I’ve done the occasional piece in places like National Review or Reason, but I’m not sure any of the legacy paying outlets is a good fit or substitute for regular blogging. (And I’m sure as hell not going to write for a sadness factory like The Bulwark.) Ideally I could get paid to contribute to a multi-contributor blog like Instapundit or Legal Insurrection, or some site like Empower Texans. But thus far no one has asked me to contribute to such.

    I don’t ask for donations as much as some blogs because financially I’m doing fine, and technical writing pays well. (Between my house, library and various 401Ks, I’m probably an Almost Millionaire in net worth.) (Maybe I’ll even get enough to move off the default WordPress theme.) But I didn’t get into blogging to get rich, much like one doesn’t become a Trappist monk for the kinky sex and hard drugs.

    Alas, I’m being laid off from my current technical writing job in December. So maybe I should ask for more donations. But I have the sort of skill sets (documenting programming APIs, among many other things) that’s very much in demand, so I don’t expect to be unemployed long. Plus I have another small income stream in the book business. There other Vast Right Wing Bloggers out there much more in need of donations than I.

    So, that’s sort of my State of the Blog roundup. I’m still here and I don’t plan on going anywhere.





    Tags:, , ,
    Posted in Uncategorized | 11 Comments »

    Most Sophisticated Bluehost Phising Scam Yet

    Sunday, November 17th, 2019

    So, a few days ago I got one of the most sophisticated phising scam messages I’ve ever received. Message:

    Bluehost.com

    2:46 PM (5 hours ago)

    to me
    Hello, LAWRENCE PERSON

    We are contacting you today because we have disabled your outbound email services temporarily. The reason for this is because you've got a forum that spammers were subscribing to to get messages sent out. They used a spam trap email address that actually resulted in our mail server getting blacklisted.

    We need you to add protection to it so it isn't being exploited in the future. You will need to contact us and let us know this has been resolved for us to restore your email services.

    For protection, we ask that you require an account to subscribe to topic notifications if you haven't already. We also ask that you add protection to your sign-up page so that spammers cannot automate it. You can do this by using a captcha or something similar to that.

    To activate your account, please visit our BlueHost account reactivation center. Use the link below:
    http://my.bluehost.com.313e7d092611f0c58251064957ca6b4c.
    cajunhomeservices.com/account/58961/reactivation.html

    Thank you,
    BlueHost.com Terms of Service Compliance
    http://www.bluehost.com
    For support go to http://helpdesk.bluehost.com/
    Toll-Free: (888) 401-4678

    Note the relatively good English and the fairly sophisticated “You have a technical spam problem” hook. The all caps name and the fact I don’t have any “forums” is the only giveaway, besides an examination of the actual link provided, that it’s not kosher.

    Note that the link actually points to “cajunhomeservices.com”.

    Raw source:

    Delivered-To: l********@gmail.com
    Received: by 2002:ac2:518f:0:0:0:0:0 with SMTP id u15csp11449403lfi;
    Thu, 14 Nov 2019 12:46:12 -0800 (PST)
    X-Google-Smtp-Source: APXvYqzeSBr4ElY5I4kaRQJbufydJ32F7GyXgzop2lpZkta8d7s7
    RkuuytltMNPtM4up1GCCTCwr
    X-Received: by 2002:aca:52c2:: with SMTP id g185mr5152898oib.45.1573764372228;
    Thu, 14 Nov 2019 12:46:12 -0800 (PST)
    ARC-Seal: i=1; a=rsa-sha256; t=1573764372; cv=none;
    d=google.com; s=arc-20160816;
    b=sPXkzlz9bAXMXM5E2CaRKG6d6ybRdOxTCNcjZNm5e5kMRkr4KWL
    2xq4PjgaGnn3KIYbVmgahiHv7Trl3QgGFzbryJNeeX5VNhxK/
    cSIumeiQnlB3aNUV/0qfNY1Cu6szqcMn890SG6r/
    7Nvq3XWQ0kGiPBdTAELDw8QS8bpgIPrSHeKPJ669ifn50yKL7KybJ
    PnrlQrJe8rWDPDAag1kkJpPhEWIzhWzETQpMW65pUVsuO4SoleoVo
    MRHR4WWZ3x4UgY+I7+s58RjcHDx+uSS5UYboFJd6n+ksMZQUNI9rq
    MmUYIdq3GLvXAekXAbIXyzUYo+24K2Z0iusbAJo
    CQGA==
    ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
    h=content-transfer-encoding:mime-version:from:to:subject:message-id
    :date;
    bh=sZf91ll1kaMuGiSLWB5C0DKuw/3r72M1cUA1iJqiuLw=;
    b=b5CGhK96w1NqMgkAhr04RJAsjO9YKteraSIV/tvZoFeuEGUhGlHF
    nxu8r3KLVTb5fNbAJXyxbLxSy+vxpXeZXhMLcS+OApLDERBmuJ9Pm
    VH9TTxayaPbpqTHvyKgCGRr6JG4aM12/7CdqWxy3aH5hRvKwYg8Y35
    xZZ0jQgnngrEXsx9glAX3S78XsCGS27BCKzoB/qA7c4245rT7rEXf3
    y6uRyZSe6Kc9FaYotV7j5VpjhVr0c+qcf7iJUFtdjLSkYW/BlY2baA
    jGq3WixP5g3y9fYZ8X636dLLFcu7PKpKsb324VRcRgKJONc356J7x0
    K4I+pEk3oLxlMa8T3
    /RLw==
    ARC-Authentication-Results: i=1; mx.google.com;
    spf=fail (google.com: domain of support@bluehost.com does not designate 192.185.143.39 as permitted sender) smtp.mailfrom=support@bluehost.com;
    dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=bluehost.com
    Return-Path:
    Received: from gateway31.websitewelcome.com (gateway31.websitewelcome.com. [192.185.143.39])
    by mx.google.com with ESMTPS id f84si4367574oig.42.2019.11.14.12.46.11
    for
    (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
    Thu, 14 Nov 2019 12:46:12 -0800 (PST)
    Received-SPF: fail (google.com: domain of support@bluehost.com does not designate 192.185.143.39 as permitted sender) client-ip=192.185.143.39;
    Authentication-Results: mx.google.com;
    spf=fail (google.com: domain of support@bluehost.com does not designate 192.185.143.39 as permitted sender) smtp.mailfrom=support@bluehost.com;
    dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=bluehost.com
    Received: from cm13.websitewelcome.com (cm13.websitewelcome.com [100.42.49.6]) by gateway31.websitewelcome.com (Postfix) with ESMTP id BD99FD53F0 for ; Thu, 14 Nov 2019 14:46:11 -0600 (CST)
    Received: from box2082.bluehost.com ([50.87.249.228]) by cmsmtp with SMTP id VM0Ji8N6s3Qi0VM0JiRiqR; Thu, 14 Nov 2019 14:46:11 -0600
    X-Authority-Reason: ss=1
    Received: from [162.248.225.8] (port=55837 helo=support) by box2082.bluehost.com with esmtpsa (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92) (envelope-from ) id 1iVM0J-003aX1-95 for l*******@gmail.com; Thu, 14 Nov 2019 13:46:11 -0700
    Date: Thu, 14 Nov 2019 15:48:38 -0500
    Message-ID: <1332064982.webi20191114154838@bluehost.com>
    Subject: Disabled your outbound email services temporarily
    To: l********@gmail.com
    From: "Bluehost.com"
    X-Priority: 4 (Low)
    Mime-Version: 1.0
    X-Mailer: Php_libMail_v_2.11(webi.ru)
    Content-Type: text/plain; charset=UTF-8
    Content-Transfer-Encoding: base64
    X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
    X-AntiAbuse: Primary Hostname - box2082.bluehost.com
    X-AntiAbuse: Original Domain - gmail.com
    X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
    X-AntiAbuse: Sender Address Domain - bluehost.com
    X-BWhitelist: no
    X-Source-IP: 162.248.225.8
    X-Source-L: No
    X-Exim-ID: 1iVM0J-003aX1-95
    X-Source:
    X-Source-Args:
    X-Source-Dir:
    X-Source-Sender: (support) [162.248.225.8]:55837
    X-Source-Auth: bh_1572749987@sandiegoslushkin.com
    X-Email-Count: 9
    X-Source-Cap: c2FuZGlmbjk7c2FuZGlmbjk7Ym94MjA4Mi5ibHVlaG9zdC5jb20=
    X-Local-Domain: no

    SGVsbG8sIExBV1JFTkNFIFBFUlNPTg0KIA0KV2UgYXJlIGNvbnRhY3RpbmcgeW91IHRvZGF5IGJl
    Y2F1c2Ugd2UgaGF2ZSBkaXNhYmxlZCB5b3VyIG91dGJvdW5kIGVtYWlsIHNlcnZpY2VzIHRlbXBv
    cmFyaWx5LiBUaGUgcmVhc29uIGZvciB0aGlzIGlzIGJlY2F1c2UgeW91J3ZlIGdvdCBhIGZvcnVt
    IHRoYXQgc3BhbW1lcnMgd2VyZSBzdWJzY3JpYmluZyB0byB0byBnZXQgbWVzc2FnZXMgc2VudCBv
    dXQuIFRoZXkgdXNlZCBhIHNwYW0gdHJhcCBlbWFpbCBhZGRyZXNzIHRoYXQgYWN0dWFsbHkgcmVz
    dWx0ZWQgaW4gb3VyIG1haWwgc2VydmVyIGdldHRpbmcgYmxhY2tsaXN0ZWQuDQoNCldlIG5lZWQg
    eW91IHRvIGFkZCBwcm90ZWN0aW9uIHRvIGl0IHNvIGl0IGlzbid0IGJlaW5nIGV4cGxvaXRlZCBp
    biB0aGUgZnV0dXJlLiBZb3Ugd2lsbCBuZWVkIHRvIGNvbnRhY3QgdXMgYW5kIGxldCB1cyBrbm93
    IHRoaXMgaGFzIGJlZW4gcmVzb2x2ZWQgZm9yIHVzIHRvIHJlc3RvcmUgeW91ciBlbWFpbCBzZXJ2
    aWNlcy4NCg0KRm9yIHByb3RlY3Rpb24sIHdlIGFzayB0aGF0IHlvdSByZXF1aXJlIGFuIGFjY291
    bnQgdG8gc3Vic2NyaWJlIHRvIHRvcGljIG5vdGlmaWNhdGlvbnMgaWYgeW91IGhhdmVuJ3QgYWxy
    ZWFkeS4gV2UgYWxzbyBhc2sgdGhhdCB5b3UgYWRkIHByb3RlY3Rpb24gdG8geW91ciBzaWduLXVw
    IHBhZ2Ugc28gdGhhdCBzcGFtbWVycyBjYW5ub3QgYXV0b21hdGUgaXQuIFlvdSBjYW4gZG8gdGhp
    cyBieSB1c2luZyBhIGNhcHRjaGEgb3Igc29tZXRoaW5nIHNpbWlsYXIgdG8gdGhhdC4NCg0KVG8g
    YWN0aXZhdGUgeW91ciBhY2NvdW50LCBwbGVhc2UgdmlzaXQgb3VyIEJsdWVIb3N0IGFjY291bnQg
    cmVhY3RpdmF0aW9uIGNlbnRlci4gVXNlIHRoZSBsaW5rIGJlbG93Og0KaHR0cDovL215LmJsdWVo
    b3N0LmNvbS4zMTNlN2QwOTI2MTFmMGM1ODI1MTA2NDk1N2NhNmI0Yy5jYWp1bmhvbWVzZXJ2aWNl
    cy5jb20vYWNjb3VudC81ODk2MS9yZWFjdGl2YXRpb24uaHRtbA0KDQogDQpUaGFuayB5b3UsIA0K
    Qmx1ZUhvc3QuY29tIFRlcm1zIG9mIFNlcnZpY2UgQ29tcGxpYW5jZQ0KaHR0cDovL3d3dy5ibHVl
    aG9zdC5jb20NCkZvciBzdXBwb3J0IGdvIHRvIGh0dHA6Ly9oZWxwZGVzay5ibHVlaG9zdC5jb20v
    DQpUb2xsLUZyZWU6ICg4ODgpIDQwMS00Njc4

    (Note: Line breaks added on ARC lines.)

    Note the authentication fails in the raw source of the message.

    Let’s do a whois for cajunhomeservices.com:

    Domain Name: CAJUNHOMESERVICES.COM
    Registry Domain ID: 1987624026_DOMAIN_COM-VRSN
    Registrar WHOIS Server: whois.fastdomain.com
    Registrar URL: http://www.fastdomain.com
    Updated Date: 2018-12-16T00:21:49Z
    Creation Date: 2015-12-16T00:22:33Z
    Registry Expiry Date: 2019-12-16T00:22:33Z
    Registrar: FastDomain Inc.
    Registrar IANA ID: 1154
    Registrar Abuse Contact Email:
    Registrar Abuse Contact Phone:
    Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
    Name Server: NS1.BLUEHOST.COM
    Name Server: NS2.BLUEHOST.COM
    DNSSEC: unsigned
    URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
    >>> Last update of whois database: 2019-11-15T02:46:01Z <<<

    The interesting thing here is that cajunhomeservices.com is actually registered to bluehost.com. I launched a chat window with technical support (offshore, it seemed like), and they promised to alert the proper security staff.

    Lesson: If you receive a message alerting you to some sort of online fraud, never click any link in the message. If it's a domain or service you use, go there by your saved bookmark or by typing the domain URL directly into your browser.

    Eternal vigilance is the price of IT security...

    Tags:, , , , ,
    Posted in Crime | 2 Comments »

    battleswarmblog.com: Now With Added https

    Wednesday, December 20th, 2017

    I finally got off my lazy butt and got an SSL certificate for this blog.

    So the official address is now https://www.battleswarmblog.com (note the new all important “s” after “http”).

    FYI, my SSL certificate was free through WordPress and the Bluehost folks made the change for me.

    Update your bookmarks and blogrolls accordingly, since Google and Firefox are starting to get all pissy about http connections (not that I really blame them).

    Tags:, , , , ,
    Posted in Uncategorized | 1 Comment »

    Another Bluehost Phishing Email

    Saturday, September 2nd, 2017

    Remember the previous Bluehost phishing attack I mentioned?

    Today I got another one.

    Here’s the raw source (with a few inserted line breaks to keep it from running into the righthand column).

    Headers:

    Message ID
    Created at: Sat, Sep 2, 2017 at 12:50 AM (Delivered after 3 seconds)
    From: Bluehost
    To: lawrencepersonXXXXX@gmail.com
    Subject: Request to reset your domain associated with this e-mail address
    SPF: PASS with IP 74.220.222.232 Learn more

    (XXXXX added to email address here and below to defeat spambot scrappers.)

    Payload

    Delivered-To: lawrencepersonXXXXX@gmail.com
    Received: by 10.129.53.151 with SMTP id c145csp343693ywa;
    Fri, 1 Sep 2017 22:54:47 -0700 (PDT)
    X-Received: by 10.99.120.71 with SMTP id t68mr4941018pgc.177.1504331447706;
    Fri, 01 Sep 2017 22:50:47 -0700 (PDT)
    X-Google-Smtp-Source: ADKCNb5s73v956ds860PK1kR3YVGj/j+bLV2uYQNDDlbJ/kZIPjlLkqlSdvnwz3d/dZQs6C8Ug2m
    X-Received: by 10.99.120.71 with SMTP id t68mr4941001pgc.177.1504331446972;
    Fri, 01 Sep 2017 22:50:46 -0700 (PDT)
    ARC-Seal: i=1; a=rsa-sha256; t=1504331446; cv=none;
    d=google.com; s=arc-20160816;
    b=QOjWmOjsvjB9+8HswySoFQOQ4lsCvpPME27NN9zJfx8
    gZofrql3IwevgfSp0e1Btxg
    aIL8DmnXCGllyd8AvPrBrN/Ly3+iKtBxdbk3oua+d9vYBYOgYWcLW
    +kMvQAcV81hB1El
    PXLWVLUV78BXenGJMUIs0voePL345QIlDhjigRRvOYs4/cOFXhr/
    0nE0A+F45lneFaUx
    oG7oYSk3QBVJtvwWUd2z1ksn24R8kTgwWfFZGqVEUm6fji4tA6J1Qv
    1IwL7GWDtmI/ab
    pdU/Dh9cvT3lR2bDOFQaSje0NQuibGyFY3ouNGDdRygJIJKjldi
    EoUsqxE1zCoCrfZU1
    l+Dw==
    ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
    h=date:message-id:cc:from:content-transfer-encoding:mime-version
    :subject:to:arc-authentication-results;
    bh=pAtFnsm7hK/sCRTeHL/WZ2Afvt74elEbNil2YQ/rHSk=;
    b=t9vALxsoLpH2sKGGjbqvx/KAJOGJQaT/2qVFWCaNXJOybuHwoMGmaRh1
    eP62jnkD5s
    nQXOsgK3wQfj/l2Nq1tuA05l+FfQgRlLFSFs/4YKSjcrIveLp/ht/ergUZGv1ydawsDk
    PdNYonJnmlykTW7HQxAhtRbbFP5dohfLGcGcdUmOsV6XjUZQK+
    9agN78MxBBfFj33V7j
    aUCkZ/BINSFb2Jt4IzOaQdnnVzoBwY8R1aLg0+GdVf26wZuYLBiN
    hAXOJY1SVCjGrrwd
    GiGw2eMbMyG5V1VjGlhJPx8Wan7eA/lXr+hrwnuEalFaGk66Ni8lV7
    nADN9StIh7AyMp
    aY7Q==
    ARC-Authentication-Results: i=1; mx.google.com;
    spf=pass (google.com: domain of doorsofv@box1175.bluehost.com designates 74.220.222.232 as permitted sender) smtp.mailfrom=doorsofv@box1175.bluehost.com
    Return-Path:
    Received: from outbound-ss-1849.hostmonster.com ([74.220.222.232])
    by mx.google.com with ESMTPS id a2si1461087pll.210.2017.09.01.22.50.46
    for
    (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
    Fri, 01 Sep 2017 22:50:46 -0700 (PDT)
    Received-SPF: pass (google.com: domain of doorsofv@box1175.bluehost.com designates 74.220.222.232 as permitted sender) client-ip=74.220.222.232;
    Authentication-Results: mx.google.com;
    spf=pass (google.com: domain of doorsofv@box1175.bluehost.com designates 74.220.222.232 as permitted sender) smtp.mailfrom=doorsofv@box1175.bluehost.com
    Received: from cmgw2 (cmgw2.unifiedlayer.com [67.20.127.202]) by soproxy7.mail.unifiedlayer.com (Postfix) with ESMTP id 84A09215C39 for ; Fri,
    1 Sep 2017 23:50:46 -0600 (MDT)
    Received: from box1175.bluehost.com ([50.87.248.175]) by cmgw2 with id 4Vqj1w00l3no00q01Vqmx1; Fri, 01 Sep 2017 23:50:46 -0600
    X-Authority-Analysis: v=2.2 cv=IspuSP3g c=1 sm=1 tr=0 a=ZGpYF3R9av1KVggUQYjyig==:117 a=ZGpYF3R9av1KVggUQYjyig==:17 a=IkcTkHD0fZMA:10 a=2JCJgTwv5E4A:10 a=eLEXLPMnAAAA:8 a=cNaOj0WVAAAA:8 a=3gznCMWBZ5u3K-Cr9X4A:9 a=8jPl8b1L-dkswZAf:21 a=7g7r5GJnjx26k2DO:21 a=L4Rp5h-_gRjJhvEI:21 a=QEXdDO2ut3YA:10 a=TnA9z4vs7e96t_Vj_DNd:22
    Received: from doorsofv by box1175.bluehost.com with local (Exim 4.87) (envelope-from ) id 1do1KN-003TIa-D2 for lawrencepersonXXXXX@gmail.com; Fri, 01 Sep 2017 23:50:43 -0600
    To: lawrencepersonXXXXX@gmail.com
    Subject: Request to reset your domain associated with this e-mail address
    X-PHP-Originating-Script: 1982:mail.php
    MIME-Version: 1.0
    Content-Type: text/html; charset=utf-8
    Content-Transfer-Encoding: quoted-printable
    From: Bluehost
    Cc:
    Message-Id:
    Date: Fri, 01 Sep 2017 23:50:43 -0600
    X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
    X-AntiAbuse: Primary Hostname - box1175.bluehost.com
    X-AntiAbuse: Original Domain - gmail.com
    X-AntiAbuse: Originator/Caller UID/GID - [1982 1982] / [47 12]
    X-AntiAbuse: Sender Address Domain - box1175.bluehost.com
    X-BWhitelist: no
    X-Source-IP:
    X-Exim-ID: 1do1KN-003TIa-D2
    X-Source:
    X-Source-Args:
    X-Source-Dir:
    X-Source-Sender:
    X-Source-Auth: doorsofv
    X-Email-Count: 38
    X-Source-Cap: ZG9vcnNvZnY7ZG9vcnNvZnY7Ym94MTE3NS5ibHVlaG9zdC5jb20=
    X-Local-Domain: yes


    =09

    =09=09

    =09=09=09

    =09=09

    =09=09

    =09=09=09

    =09=09

    =09

    3D'Bluehost'
    =09=09=20
    =09=09=09=09

    =09=09=09=09We received a request to reset your domain associated with this=
    e-mail address.

    =09=09=09=09This request was generated by a user clicking the 'Domain Reset=
    ' link. If you want it to be reset, then you can safely ignore this message=
    .
    =09=09=09=09

    =09=09=09=09

    =09=09=09=09If you did not request to have your domain reset, or do not wan=
    t it to be reset, please protect your domain. You can refuse this request a=
    nd securely reset your password by clicking the link below:=20
    =09=09=09=09

    =09=09=09=09=20
    =09=09=09=09

    =09=09=09=09https://my.bluehost.com/web-hosting/password/
    =09=09=09=09

    =09=09=09=09=20
    =09=09=09=09

    =09=09=09=09Alternatively, you can copy and paste the link into your browse=
    r's address window, or retype it there.
    =09=09=09=09

    =09=09=09=09=20
    =09=09=09=09Thank you,
    =09=09=09=09Bluehost Support
    =09=09=09=09http://w=
    ww.bluehost.com/
    =09=09=09=09For support go to http://bluehost.com/help
    =09=09=09


    Interestingly, even though all of that is in a code tag, part of it (including the link) is still rendered. (I don’t need to tell you not to click that, do I?) I wonder if the 3D class stuff bypasses standard rendering layers.

    Here’s the important segment (opening and closing greater than and less than signs omitted):

    a href=3D'http://my.bluehost.pazencore.com/web-hosting/?q=3DbG=
    F3cmVuY2VwZXJzb25AZ21haWwuY29tDQ=3D=3D' target=3D'_blank'>https://my.bluehost.com/web-hosting/password/

    Here’s the whois registrant and admin contact for pazencore.com domain:

    Name: EDOUARD VAN DE VELDE
    Organization: EDOUARDVDV
    Mailing Address: BAKKUMMERSTRAAT 37, CASTRICUM 1901 HJ NL
    Phone: +31.0615954306
    Ext:
    Fax:
    Fax Ext:
    Email:EDOUARDVDV@HOTMAIL.COM

    More interestingly, here’s the tech contact:

    Tech Contact
    Name: BLUEHOST INC
    Organization: BLUEHOST.COM
    Mailing Address: 550 E TIMPANOGOS PKWY, OREM UTAH 84097 US
    Phone: +1.8017659400
    Ext:
    Fax: +1.8017651992
    Fax Ext:
    Email:WHOIS@BLUEHOST.COM

    So here we have a Bluehost phishing scam being run from a Bluehost domain.

    I think it’s time to have an interesting discussion with BlueHost support…

    Tags:, , , , ,
    Posted in Uncategorized | No Comments »

    Attempted BlueHost Phishing Attack

    Tuesday, May 16th, 2017

    Just got this phishing attempt purporting to be a domain change notification.

    Raw source (slightly edited to remove my email address, and with added line breaks to keep the block from spilling into my righthand links column):

    Delivered-To: [my email address]
    Received: by 10.129.168.138 with SMTP id f132csp137359ywh;
    Tue, 16 May 2017 04:25:08 -0700 (PDT)
    X-Received: by 10.25.145.78 with SMTP id y14mr3013524lfj.182.1494933668196;
    Tue, 16 May 2017 04:21:08 -0700 (PDT)
    X-Received: by 10.25.145.78 with SMTP id y14mr3013498lfj.182.1494933666719;
    Tue, 16 May 2017 04:21:06 -0700 (PDT)
    ARC-Seal: i=1; a=rsa-sha256; t=1494933666; cv=none;
    d=google.com; s=arc-20160816;
    b=EkN54HW9eTyfd0jOfsRVNR0X/FcZbGItIa0uZOBR4HJp7/98oZ6n1B7FLmwrWmZrv4

    5dDu5xxwEZUzXOGnickvxjN/j4xeYRwg4QRKcl1oGU/sN1/28cbmMhz+cPm/9IiocabJ

    lbM3KY9yS06l8Tqks6NqCjYu37tBecVsdXCIDs97H8jlGMftPJtfHwSjp4NB8

    Atmse85rgzAUDI3VQ0heJUNaej7eJ3iQZUoO4WUrE2a83+zL1RFIxhMy

    xwuntOSRaMWqjkjUb0z pwB6DYLaFL6I4OBemO2fQ9KPAVSArN+W6yiD/

    WTdHOH80EG6taU55R0BSe3v0Cm/JSjA

    tGng==
    ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
    h=date:message-id:content-transfer-encoding:mime-version:from:subject
    :to:delivery-date:arc-authentication-results;

    bh=3vPc/J8rnDJTfIYUKavWvnMr/

    efHU9EsfJ+Vu6fidbs=;b=fgaxPBNn1/vQIC45obi02J30mqqvoJ8yrp

    N9bGIHG2rvWt1Qmtxt4ik7dyARWJDqzvOQnNMHX+

    4bC1fVD1qcmjntpe0fkMR8HbYywI8r3k3rZArnj79fVoWJX

    wzb0akib3zyGGSFLS+nZ1fkCdPfmU96JmPYevKmB3l0v86yU/

    aj2WqNE+Olvc6s14wuBXia8rzGtWtsLHIlm2zmqS2NFLNTv

    CapcNPx8ZQvOQEA37pv6oRmlnz/XOg7Rwi4dIrzaAbtY8wv0sI/29

    EjXFkxsVgvXKHIRVc685xWXYuYKATJGIzfccUNJaP/

    TBuhLI7uS8uo7QBkm+B21jhl0x

    AnNw==
    ARC-Authentication-Results: i=1; mx.google.com;
    spf=pass (google.com: domain of cq99590@annika.timeweb.ru designates 2a03:6f00:1::5c35:605f as permitted sender) smtp.mailfrom=cq99590@annika.timeweb.ru
    Return-Path:
    Received: from annika.timeweb.ru (annika.timeweb.ru. [2a03:6f00:1::5c35:605f])
    by mx.google.com with ESMTPS id p5si688773lfp.49.2017.05.16.04.21.06
    for
    (version=TLS1_2 cipher=AES128-SHA bits=128/128);
    Tue, 16 May 2017 04:21:06 -0700 (PDT)
    Received-SPF: pass (google.com: domain of cq99590@annika.timeweb.ru designates 2a03:6f00:1::5c35:605f as permitted sender) client-ip=2a03:6f00:1::5c35:605f;
    Authentication-Results: mx.google.com;
    spf=pass (google.com: domain of cq99590@annika.timeweb.ru designates 2a03:6f00:1::5c35:605f as permitted sender) smtp.mailfrom=cq99590@annika.timeweb.ru
    Delivery-date: Tue, 16 May 2017 14:21:06 +0300
    To: lawrenceperson@gmail.com
    Subject: Domain: BATTLESWARMBLOG.COM. Warning 5946
    From: Bluehost
    X-Priority: 4 (Low)
    Mime-Version: 1.0
    X-Mailer: Php_libMail_v_2.0(webi.ru)
    Content-Type: text/plain; charset=UTF-8
    Content-Transfer-Encoding: base64
    Message-Id:
    Date: Tue, 16 May 2017 14:21:06 +0300

    RGVhciBCbHVlaG9zdCBjdXN0b21lciBMQVdSRU5DRSBQRVJTT04s
    DQoNClRoaXMgbm90aWZpY2F0aW9uIGlzIGdlbmVyYXRlZCBhdXRvb
    WF0aWNhbGx5IGFzIGEgc2VydmljZSB0byB5b3UuDQpXZSBoYXZlI
    HJlY2VpdmVkIGEgcmVxdWVzdCB0aGF0IHRoZSBuYW1lIHNlcnZlcn
    MgYmUgY2hhbmdlZCBmb3IgdGhlIGZvbGxvd2luZyBkb21haW4gbm
    FtZShzKToNCg0KQkFUVExFU1dBUk1CTE9HLkNPTQ0KDQpJZiB5b3U
    gYXJlIG1vbml0b3JpbmcgdGhpcyBuYW1lIHdpdGggRG9tYWluIEJh
    Y2tvcmRlcnMsIHRoZSBhYm92ZSBjaGFuZ2UgaXMgYWxzbyBkaXNwb
    GF5ZWQgaW4gdGhlICJNb25pdG9yaW5nIGFuZCBCYWNrb3JkZXJpbm
    ciIHNlY3Rpb24gb2YgeW91ciBBY2NvdW50IE1hbmFnZXIuDQoNCmh
    0dHA6Ly9teS5ibHVlaG9zdC5jb20uNjczMjcxY2M0N2MxYTRlNzdm
    NTdlMjM5ZWQ0ZDI4YTcuZm9vb3BlcnRvLmNsaWVudC5jb29wZXJ0a
    W5vLXRlc3QucnUvZG9tYWluL2x4eHZrbWhtem8uaHRtDQoNClRo
    YW5rIHlvdSwNCkJsdWVob3N0DQpUb2xsIEZyZWU6ICg4ODgpIDQw
    MS00Njg4DQpPdXRzaWRlIFVTOiAxKyg4MDEpIDc1Ni05NTAw

    And here’s the non-encoded message payload:

    Dear Bluehost customer LAWRENCE PERSON,

    This notification is generated automatically as a service to you.
    We have received a request that the name servers be changed for the following domain name(s):

    BATTLESWARMBLOG.COM

    If you are monitoring this name with Domain Backorders, the above change is also displayed in the “Monitoring and Backordering” section of your Account Manager.

    http://my.bluehost.com.673271cc47c1a4e77f57e239ed4d28a7.foooperto.
    client.coopertino-test.ru/domain/lxxvkmhmzo.htm

    Thank you,
    Bluehost
    Toll Free: (888) 401-4688
    Outside US: 1+(801) 756-9500

    Note the .ru address in the phishing link, and the phishing URL suggests this attempt is geared at Mac users.

    I don’t think I was personally targeted, I think this was probably sent out to every BlueHost domain contact email address the spammers could target.

    I’m posting this as a warning to other BlueHost domain owners (and, in fact, anyone else that has a hosted domain): 1. Don’t click suspicious email links. 2. When in doubt, every email link is suspicious. Log into your domain hosting control panel directly like your normally would and contact your hosting company that way.

    This was a clumsy attempt. Additional phising attacks are likely to be more sophisticated. Let the blogger beware…

    Tags:, , ,
    Posted in Uncategorized | 10 Comments »

    « Older Entries