Blog Archives

Massive Number Websites in Botnet

Read this article here

Massive Number Websites in Botnet

Massive Number of Hacked USA Websites Participate in WordPress Botnet Attack

website botnet thumbnail imageFor the past couple of days we’ve been watching a customers WordPress site being attacked by a botnet of websites trying to access site admin with user name “admin” and a variety of simple passwords.

Most of these attacks are coming from USA based web hosting services. One particular top level service provider, Provo Unified Layer, stands out above the rest as the most hacked network. Many 2nd tier providers use Provo Unified Layer infrastructure including Bluehost and Hostmonster. Of the hosts using Provo Unified Layer infrastructure, Bluehost is ahead of the pack in having hosted sites participating in the botnet.

CartPress Sends no-cache Headers

WordPress Plugin News Feed Stops Website Caching

It’s hard to believthecartpress sends no-cache headers icone a simple news feed from the CartPress e-commerce plugin for WordPress prevents WordPress from caching pages. This is apparently what happened to a website recently.

The website was caching fine up to early 2013, then stopped caching. In March we provided some pro-bono help, and the bug seemed to be fixed. 6 weeks later the bug had returned. After trying every possible cache plugin, the owner was getting desperate.

We had a quick look at the website, and found http headers had no-cache parameters set. Read more.

CartPress Sends no-cache Headers

Roubaix Ovh Systems

This post has moved to

Roubaix Ovh Systems

Is Roubaix Ovh Systems, a hosting and Internet Service Provider in France, one of the most dangerous ISPs and hosts in the world? We could be justified in thinking so. At least out of ISPs and hosting companies in the Western economic zone, outside of former Soviet Union states.

When you see a spambot active on your site, a hacking attempt, or a trackback spammer, there’s a pretty good chance it’s coming from an IP registered to Roubaix Ovh Systems, or another Ovh Systems IP.

We have seen so much bad activity from IPs traced back to Roubaix Ovh Systems we now ban all their IPs as soon as I find them. Activity from all other OVH Systems networks are watched carefully.

Website Down for Visitor Safety

Website Offline after DoS Attack

My Drupal website,, remains offline today following yesterdays JavaScript injection / denial of service attack. I decided to take the site offline to ensure the safety of visitors while I check the site for any malware. My hosting service technicians are also examining the server for any possible faults or configuration problems. Other sites on sub-domains of were affected at times, and further disruptions of service are expected.

website affline after dos attack graphic imageThe DoS (denial of service) attack began in the early hours of January 24 2012 and continued for nearly 2 hours. During this time thousands of attempts were made to inject JavaScript redirect code into the website (there are too many related entries in the log to count). Although initial inspection showed no successful hack, I felt it prudent to take the site down until certain no malware or other bad stuff had been included.

Read the rest of this entry

Auto Hyperlinks

Now we Get Auto Hyperlinks – Bad News automatic hyperlinks thumbnail imageText gets turned into hyperlinks automatically. I just discovered this annoying thing that’s part of the latest version of WordPress used by – WordPress 3.5. Type the text for a URL and the darn thing turns into a hyperlink when published. That’s right, you don’t have to click on the link function in the editor, so no options to add target info and title… No options not to create the hyperlink…  Arrgghhh!

Maybe it’s handy for the terminally lazy, but it’s bad news for SEO. And what about the bloggers who write about malware and bad websites, and want to tell readers about these bad addresses? They don’t want visitors to click a hyperlink, just want to inform people about the bad address. With auto-hyperlinks the information becomes an active link! Read more

Auto Hyperlinks

Banned IPs

Banning the Bad Hosts

banning bad ips bad boy iconI’m a no-compromise banner. It doesn’t take much effort to get an IP banned from my websites. A single bad event will normally be enough to block access to my sites from an IP address. Several attempts from a range of IP’s with a common service provider will get the entire IP range banned, the hostname or domain banned.

Currently there are about 700 entries in the banned list – representing millions of IPs, and the list gets longer daily. I cannot recall a day this year when at least one new bad IP was not added to the list.

Sharing the Bad IP Info

Mostly these IP’s were simply denied access, and no record was kept about the reason for the ban. At one time I started keeping a record, then lost interest and lacked time to continue. So I decided to start again, this time publishing the info where I can get to it, and other bloggers can also find the details. So now it’s published as a page on this blog…

button link to list of banned ips

Read the rest of this entry

Stop Timthumb Attacks at Server

Stop timthumb attacks wordpress iconAll owners of busy, and not so busy, self-hosted WordPress sites and blogs will know all about timthumb scripting attacks on their site. If the site has the latest up to date version of the vulnerable files, that’s as far as the attack will go.

But constant timthumb attacks are still annoying and use up resources with 404 page not found responses.

Here’s a way to stop these annoying attacks at the front door, before they even get to WordPress. Read more here.

Stop Timthumb Attacks at Server

FreeWebMonitoring SiteChecker/0.1

Hacker Bot FreeWebMonitoring SiteChecker/0.1 Pays a Visit

FreeWebMonitoring SiteChecker/0.1 bad botBad bot “FreeWebMonitoring SiteChecker/0.1 (+” paid a visit to one of my websites yesterday from IP address which belongs to Canadian service provider: Canada Montreal Thst Golf Inc.

The full range of IP’s owned by Canada Montreal Thst Golf Inc. is –

Only used by Hackers.

The “FreeWebMonitoring SiteChecker/0.1 (+” User agent is not used by any legitimate bot, it’s only used by hackers. Read more here.

FreeWebMonitoring SiteChecker/0.1

WPOnlineStore PHP Fatal Error ‘function.require’

Googlebot Error with WPOnlineStore Plugin

Googlebot triggers a PHP Fatal Error ‘function.require‘ error causing the bot to receive a “500” internal server error when trying to crawl the pages created by the WordPress WPOnlineStore plugin. In my previous post I mentioned this ongoing problem. Today I can provide some additional information.

The problem is not unique to my shop site; initial searches of the internet found only a few references to this problem. for the past two days the hosting company server engineers have been looking into the problem, unfortunately without any success. After disabling. Read the fill article here.

WPOnlineStore PHP Fatal Error ‘function.require’

Beware Panasonic Recorder Driver Downloads

Panasonic Recorder Driver Downloads are Malware

Drivers are simply not available online for most of the range of Panasonic digital audio recorders with model numbers rr-US***. Included are Panasonic rr-US430,  Panasonic rr-US450 and Panasonic rr-US500.

Although a quick Google for Panasonic driver rr-US450 or any of the models numbers mentioned will produce hundreds of search results, NONE of the links will lead the searcher to a driver file for this range of products. “Downloads for Panasonic DVC USB Driver” will produce the same negative result.

All of the links will eventually take you to one of a small handful of “download” sites. The majority will send you to Driver Guide ( and several mirror type sites that look the same and do the same. Fake Driver Software

Driver Guide ( packages are fakes and a way of spreading Babylon software. They do not have the required Panasonic Recorder driver in their packages, or even in their library. Claiming they do is false advertising. should be blacklisted for distributing rubbish software under the guise of drivers for well-known products.

Read the rest of this entry