Scammers , Hackers, and Scum – It’s Time to Take Security Seriously

The last 5 days have been some of the worst in my time online. I seem to have been targeted by a series of scammers and hackers, the worrying thing is it’s not like it’s a concerted campaign it just a series of people who have decided that it’s easier to try and scam and hack their way to an income than work at it. Luckily for me all I lost was about 6 hours getting my sites back to normal but it could have been much worse.

First off lets look at 4 types of scams that people have tried to catch me out with.(and caught me with!)

1. Domain Renewals.

I got an invoice today for a domain renewal for $75, Luckily I know that my domain renewals cost me $8.19 and that as I am my own domain registration company I get notifications when they are due and this domain wasn’t due for renewal until October.  If I had been new to IM or just had 1 domain then this might have caught me out.

2. Search Engine Registration

I got An email once again asking for $75 telling me that my search engine registration was due to expire.

The full text below including the small print.

 

Dear ,

This solicitation is to inform you that it’s time to send in your search engine registration for Domainname.COM. DRS is a search engine ranking and submission service company.

Failure to complete your registration by Sep 14, 2011 may result in the cancellation of this offer.

Your registration includes search engine submission for domainname.COM for 1 year. You are under no obligation to pay the amount stated above unless you accept this offer by Sep 14, 2011. This notice is not an invoice. It is a courtesy reminder to register damonain name.COM for search engine listing so that your customers can locate you on the web.

3. Domains Available.

I’ve been getting a few of these recently, they involve an email telling me that a domain is available that is very similar to one I already own. They then ask me to make a bid on it.  The thing about this scam …and it is a scam,  is that the domains are due to expire in 1 or 2 days and they can get picked up for normal prices if you wait for them to become available. the people offering the domain to me don’t actually own it , they will do exactly what you can do and either wait for it to become available of bit for it on TDNAM or Freshdrop.

4. Refund Fraud

I’ve been a victim of this 3 times, I won’t go into this too deeply but it involves buying a product with instant affiliate commissions then doing a refund afterwards, the end result is that it ends up costing the vendor money. I’ve recently had over 150 people apply to become affiliates using the tell tale signs that they are going to commit refund fraud ..in my book it means that it widespread.  Oh an while I am here this is to the person that bought a product a few weeks back and issued a charge back 3 minutes after they bought it, charge backs cost vendors far more in fees than the cost of the product … karma will get you!

Being Hacked

Now onto the hackers. There are several types of hacking, there is the type that exploits a plugin or theme and then leaves some malicious code and then there is the more despicable type where your site is accessed and then defaced.

One of my WPG members had his site hacked last week and was then sent a ransom demand telling him that if he paid his sites would be returned to him. This is the first time I’ve heard of this happen and it takes the hacking we as site owners normally experience from an annoyance to a criminal act.

Last week I had 2 sites compromised by an exploit in a Theme I was using. The theme was from Woo Themes and the exploit was via the TimThumb plugin.  Luckily for me this hacking happened on a mass scale so there was lots of information about how to deal with it.  One greatt site I found to help check your sites for malware was Sucuri.net and in particular their malware scanner. I’ve since added their blog feed to my iPad feed reader so I get updates daily (I use Pulse for iPad and iPhone highly recommended!)

It seems that incidences of scamming and hacking are growing and it’s no longer if you’ll be a target but when. There are certain things you can do to prevent being a victim.

  • Verify the source of all emails asking for payment.
  • Never Never Never follow a link in an email that asked you to login one of your accounts.
  • Use a Tool Like Lastpass to set your passwords. It’s free so use it!  3a?h8u^g4  is a good password, jimmysue isn’t
  • Do not use the same password twice. If you use a password there is always someone who can access it.  I could go to flippa today and buy a forum or a membership site and I guarantee I would have peoples username and passwords that are used on more than 1 site.  Now Imagine if I was a hacker…scary thought isn’t it!
  • Have a proper backup process.  Test it.
  • If you use Admin as a Username change it.
  • Keep all themes and plugins unto date.

Consider buying LockDown WordPress – It will show you how to secure your wordpress sites tighter than a ducks ass

It really is time to take take your security seriously Don’t be a victim.

If you have any advice, experience  or tips please share them via the comments

Comments

  1. Maria Redman says

    Mark – I’ve been locked out of wp goldmine. Sent you an email but don’t know if you got it?

    [Reply]

    Mark
    Twitter:
    Reply:

    Replied about an hour ago Maria.. try now

    [Reply]

    Maria Redman Reply:

    Thanks so much for your very fast and effective action. :)

    [Reply]

  2. says

    Also I was approched by someone offering to buy my domain name.I did quick search on google and his name is all over the net as a scammer. He offers to put you in touch with someone who will give you a valuation ( for a fee) yes you’ve eguessed it. Its his partner in crime ….and when you have paid the fee you never hear from him again

    [Reply]

    Mark
    Twitter:
    Reply:

    I’ve not come across that one yet…thanks for the heads up

    [Reply]

  3. bobby says

    Of course this was all just leading to an affiliate link.. Instill fear and them give them the anti-dote via your affiliate link. Is it time to unsubscribe from your list??

    [Reply]

    Mark
    Twitter:
    Reply:

    Sorry you think that.

    There are several links in the post that point you to very useful resources only 1 is an affiliate link , and thats only because it will show you how to secure your sites and is the book that most of my members recommend. As for the post instilling fear, if you are a member of wpg just check out the threads from people who have been hacked and even had paypal accounts hacked in the past week. If you think i wrote this post just to promote something then please unsubscribe from my list it wasn’t my intention

    [Reply]

  4. says

    Hi Mark,

    Got the exact same email today that I should renew my domain before Sept 14th for a whopping $75 from martafanning at 0371nk.com.

    A similar scam is some firm that is “in the proces of trademarking” part of all of yoru domainname, never answered them, so not sure how they actually make money.

    [Reply]

    Mark
    Twitter:
    Reply:

    Yep thats the one… the email address cam from stillstones.com

    [Reply]

  5. says

    Quite amazing Mark – ransom demands? Yikes!

    The only type of exploit here that shocked me was your influx of instant payment refunds. It undermines a very nice incentive for affiliates and product owners.

    BTW you have 3 live links to the scammers site in your second point where you quote their email!!

    All The Best

    Alex

    [Reply]

    Mark
    Twitter:
    Reply:

    whoops missed those links… thanks

    [Reply]

  6. says

    Hi Mark,

    Am with you on this one – I use Mailwasher Pro for email scams, also I got through snail mail a request to renew a domain and it was from the one you mention, luckily I have a shredder by my desk… :)

    For my wordpress stuff I have a little script that checks my IP address for access to the admin and so far it has worked.

    Cheers

    Mike

    [Reply]

  7. says

    Hi Mark

    Sorry to hear of your experiences. I too have been a victim of a hacker this week and have lost a popular tutorial site through it. I have had several emails about a security breach in “timthumb,” an open source php script used by millions of sites to resize images automatically. Although there is now a patch available my site was compromised before I could apply it – it was using one of “Elegant Themes” themes, which sadly I no longer trust.

    I tried to remove the bug manually but it attaches itself to a javascript library and it is the devil’s job to locate; to avoid contaminating anyone else’s machine I copied all the content and deleted the entire site. I will rebuild it, but in the meantime I have put up an optin form linked to a free “Cheat Sheet” for anyone upgrading from Excel 2003 to 2007. I have several of these Quick Reference Guides that took me many hours to compile and everyone who has had one has been very positive about them, so there’s a link here if anyone is interested:

    http://www.exceltutorial.co.uk

    Just tring to get something positive from the misfortune, and at least I can let people know when the site is back up!

    [Reply]

    Mark
    Twitter:
    Reply:

    Dave,

    I found it quite easy to locate all the code. I found it in the header.php file and also it created a file wp.php in the theme folder. After i deleted the bits of code in the header and the file it was all clear.

    I applied the patch before I removed the files.

    [Reply]

  8. Gail says

    Here’s one that drove me to distraction, but in a different way. There is a scammer that advertises a company name similar to one that I own. He calls people to tell them they won xyz and gives them a phone number to call back (the phone number apparently is garbled at times). Interestingly, no one ever talks to him…he only leaves voice mail.

    Anyway, I’ve had people contact me trying to hold of said person and also get information more information on xyz. I checked the web, this guy’s name is all over the place as a scam.

    I doubt that he is targeting me (the name of his “company” is similar to a lot of other domains as well), but it’s highly ffrustrating that people might think he is associated with me.

    Anyway, that’s my scam story, with a different twist.

    (Oh and Bobby — Mark is the real deal — I’ve known him for about 3 years now and he’s one of the good guys.)

    [Reply]

  9. says

    Mark, I know you use DigiResults.com to sell your products, as do I. Over the last few weeks I’ve noticed a lot of people applying to my affiliate program … they all have Yahoo email addresses. DigiResults strongly recommends contacting potential affiliates before approving them … so that’s what I do. I ask them to very briefly tell me about their website(s) and promotional methods. Of course 95% never respond. The 5% that do can barely write and have websites written in Chinese or other languages that have nothing to do with my ebook topic.

    So it’s important to contact potential affiliates before approval to attempt to establish a relationship. If people don’t respond, they don’t get accepted. I did make the mistake of approving two affiliate applications instantly. Wouldn’t you know it, both immediately referred fraudulent sales and got their instant affiliate commission from me (an automated process in DigiResults). Luckily, the ebook in question is only $8 so I wasn’t out much money but PayPal couldn’t do anything about it so it’s a loss.

    Is this sort of thing happening to you too?

    [Reply]

    Mark
    Twitter:
    Reply:

    Thats exactly what happened to me. My product was $27 so i lost a bit more.

    [Reply]

  10. says

    You mentioned the Woo Hoo theme. It just made me wonder if some themes are harder or even very much harder to hack into. Worth thinking about I think. Thanks for the Heads Up.

    [Reply]

    Mark
    Twitter:
    Reply:

    woo themes used the tim thumb plugin as part of the featured image system , this unfortunately left all the themes open to attack. I will say in their defence that they did react quickly to fix the issue.

    [Reply]

  11. says

    Sound advice Mark, I didn’t mind that you put the link to the report at the bottom. It was something I was going to check out but forgot about so thanks.

    I think though it is up to us to all be doubly careful when we are dealing with these yobs. As long as some people are easily fooled they still have a business model.

    [Reply]

  12. says

    Unfortunately, wordpress sites are targeted since there are so many of them. There is a lot of info out there about how to lock one down, but even then a determined hacker can get in. It’s part of the price we pay to do business on the web.

    I’ve dealt with my own sites being hacked, and also cleaned up client’s sites and sites of people I know. I’m not sure if I’m glad that I’ve gotten very good at it.

    Re scams, I also get snailmail made to look like a bill that tells me a domain name of mine is expiring soon. If you read the fine print it says it’s a solicitation, and the price is exhorbitant. They’ve been coming for years despite my request to be taken off their mailing list. I think the company name is Domain Registry of America or something like that. It’s made to look patriotic, with a red, white and blue logo.

    [Reply]

  13. James says

    Thanks for the information on this, it is very unfortunate but extremely timely. It is the same type of people who wonder why life is so hard on them. They just do not get “what goes around comes around”.

    [Reply]

  14. says

    Hey Mark,

    Thanks for the warning, I actually did purchase Lockdown WordPress some time ago on your recomendation and it’s a damn good read and easy to implwment.

    Re “bobby” and his post….

    Mark I know your a really upfront and nice guy, but don’t wait for this nutter to un-subscribe,, just do it for him.
    If he’s to dumb to know a good thing when he comes across it he doesn’t deserve to here what you have to say, a bit harsh but true.

    Thanks for your time

    Mike

    [Reply]

    Stef Reply:

    @Mike,

    So Bobby just got a lightbulb moment,
    understands that people create mailing lists in order to sell products,
    and because he is learning, you call him names?

    If a listowner only want swallowing followers on their list that buy the listowners recommendations, then the subscriber is better of go to unsubscribe and look for a list that also sells stuff but at least is open for new ideas, exchanging opinions and discussions in order to learn all together.

    Not to mention when sales go down and at the same moment you get a few “bobby’s” making the same remark, then the listowner knows he could be in for a change of approach to his list..

    And we all know, not everybody likes other people’s opinions, but no reason here to star calling names, is there?

    [Reply]

    Mike Reply:

    @ Mark

    I didn’t mean to come across as name calling, sorry to offend you or anyone else.

    Sincere apologies

    Mike

    [Reply]

  15. John says

    Mark
    Very timely post. I got caught up in the same Woo Themes hack and some related stuff. Not once but twice in one week and I am still suffering the consequences with fixing 14 sites. I was researching ways to make my sites more secure thanks for the suggestions. One WordPress plugin I was impressed with is Bulletproof Security.

    Thanks

    [Reply]

    Mark
    Twitter:
    Reply:

    John, If you need any advice on fixing the woo themes stuff log a call via my helpdesk and i’ll show you what i did.

    [Reply]

  16. says

    On my Joomla site, I installed a plugin that allowed users to have a profile download store. Seemed great. But suddenly I had a list of spam “stores” that were getting through my captcha and manual approval system. Somehow they were creating gibberish download “stores.” I’m not sure how they benefitted from it, but I’m sure there was a way somehow. It made me think – though it may not be the case with this one in particular – that a programmer could create a great ap/plugin/ or other add-on that would be gobbled up by many site owners, while providing them with their own private backdoor to your site.

    [Reply]

  17. Dave says

    I appreciate your keeping the masses informed of these unfortunate instances. i’ve had the scammers approach and fortunately, no hacks yet. its not a matter of “if”, rather it’s merely “when”. some get lucky and never have a problem. others aren’t as fortunate.

    @bobby – if you are so incensed over a trusted top shelf internet marketer placing an affiliate link in his blog (which you do NOT have to click), you should find another path to take. obviously, internet marketing is not your strongest asset. personally, i would have already assisted you in that decision.

    [Reply]

  18. says

    Thank for the post Mark – anyone that has followed you for any amount of time knows which are true intent of sharing information is… To help people.

    I was just curious if your sites that got hacked did have the LockDown WordPress installed?
    thanks

    [Reply]

    Mark
    Twitter:
    Reply:

    Lockdown wordpress is a guide to securing your sites not a plugin. Although I have most of my sites secured using the steps because these were woo themes based sites i missed the step of keeping the sites and pugins updated as i forgot they were using the exploited plugin.

    [Reply]

    Rocktivity Reply:

    WordPress.org has a WP Security Scan plugin which will allow you to change your user name from admin and change your SQL directory name from wp. It also recommends that you put a copy of your .htaccess file in your wp-admin folder.

    [Reply]

  19. Janet says

    I think Bobby has missed the point of being a subscriber. Some information is given freely to help us on our IM journey, but guess what, sometimes people recommend products that help us and if we choose to buy, they make some money. Why is that so hard to accept??? Does he not realize that when he buys a product recommended to him in a shop the owner makes some money from the sale??

    Anyway after that little rant I just wanted to say thanks Mark for the heads up.

    [Reply]

  20. says

    Hello Mark;
    I am a newbie to IM. I do believe that my WP site has been hacked. It is a review page and my #1 spot is not the one I originally picked. I clicked the link to see if perhaps I did change it but was surprised when I clicked buy now to see someone else’s affiliate link on it. I did not think that this was possible. I am looking for my original first choice in CB to change it back to my link. Will this fix my problem?

    [Reply]

    Mark
    Twitter:
    Reply:

    It’s probably fixed it but you need to work out how he got access or he might just log in again

    [Reply]

  21. says

    Hi Mark

    For some reason I am unable to login to Wpgoldmine. I have a problem that I needed some help with.

    iriegirl

    [Reply]

    Mark
    Twitter:
    Reply:

    Probably best to log a call, but before you do can you check your access again

    [Reply]

  22. says

    Hi Mark,

    I just bought Lockdown WordPress… haven’t had time to read it yet, but I’m sure it will help me out as I too have had one of my sites hacked! SUCKS BIG TIME!!! If not for just the amount of time I had to put into getting my site back to its normal position.

    Thanks for your ever helpful posts!

    [Reply]

    quester Reply:

    We had our Paypal account hacked – the bank closed our account – opened another and then all sorts of heck broke loose – Paypal stopped MOST of the charges (coming in at the rate of one very 10-13 seconds, according to Paypal – but four months later we are still out a fair amount of money. the answer from Paypal is that they are still working on it.
    Paypal cancelled all of our subscriptions, some we were able to change to the new account with the same rate, other accounts said’too bad – you are no longer at the original subscription so if you want back in, you pay the new price’ Strangely, we found that we did not need to continue with those people any more.
    Mark, of all the people that we have dealt with IM, you are one of the few that we trust.
    Ed

    [Reply]

  23. says

    Scary stuff Mark, these people are the scum of the earth, if they put the same effort into legitimate marketing rather than scams, they would probably do better.

    [Reply]

  24. says

    Funny, i came on the forum a while ago and just put out a random request for help and you answered and I went and found the problem as you stated. So one thanks because I got busy fixing line by line and link by link. It was a300 plus pages painful. So I know the solutions you provide actually work. So thanks again for that.

    The problem is I now seems to have found a number of my sites with “pharma / viagra” bugs etc and it seems there is no easy way to to just say show me everything I don’t want(lol).

    So short of a mind reader program, is there like one quick test to tell if you have a gazillion bad links or you just started being hacked. Does the lockdown solution suggest anything.

    My problem is I can’t tell if i have one bad link or a lot and i can’t seem to find something that would let run “something” across all my blogs(50 plus) (even if I have to do them one by one and just get a solid answer as i am good or bad. This is becoming as you say a major work effort and not very rewarduig work I might add as you know.

    Frustrations abound. Thanks for the post as it an excellent one to get us oriented to dealing with this problem.
    Gregory Burrus

    [Reply]

    Mark
    Twitter:
    Reply:

    Gregory, have you tried using a spam pluigin like GASP? http://www.growmap.com/growmap-anti-spambot-plugin/ not sure if it retroactive but it will help in the long run

    [Reply]

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

CommentLuv badge