WordPress.org

Ready to get started?Download WordPress

Forums

Has my website been hijacked? (12 posts)

  1. PaintBird
    Member
    Posted 3 years ago #

    I have been receiving spam comments to my blog from Speedy DNS (http://speedy-dns.net).
    They use the commenter name of wrenaissance-art.com (which is the name of my site). The comment alert email that WordPress sends when I get a comment shows the commenter's URL as http://speedy-dns.net/www/permanent/wrenaissance-art.com/
    They use the commenter name of wrenaissance-art.com (again, the name of my site.) The email addresses vary.

    Has my website and URL been hacked/hijacked? What kind of action do I need to take to make these people stop using my website's name? Should I contact my hosting company? It is also the name of my illustration/design business, so I do not want it besmirched.
    Thanks for your consideration!

  2. It's just a standard comment spam tactic. Make sure that you're using the Akismet plugin or some other anti-spam measures.

  3. PaintBird
    Member
    Posted 3 years ago #

    Thanks for your answer.
    So you are basically saying that I should be prepared to have multiple spam companies take my good name and destroy it by using it as the file name for one of their pages on their spam sites?

    My anti-spam measure at the moment is that all comments must be personally approved by me before appearing. Once approved, a commenter may post comments freely.
    This spammer has not been approved and his/her comments are marked as spam and deleted as they arrive. This is the first spammer I've had who has created a page on their self-hosted WordPress blog that incorporates the name of my site/blog in the page name.

    Again, my concern is that this unrelated page of spam on a spam company's site is going to mess up the value/reputation of my own site's name online. I am also concerned that Speedy DNS will use this page on their site as some kind of beach head to commit fraud using my business name.

    Thanks again for your help!

  4. So you are basically saying that I should be prepared to have multiple spam companies take my good name and destroy it by using it as the file name for one of their pages on their spam sites?

    Are they using your name elsewhere or just in spam comments on your site?

    Again, my concern is that this unrelated page of spam on a spam company's site is going to mess up the value/reputation of my own site's name online. I am also concerned that Speedy DNS will use this page on their site as some kind of beach head to commit fraud using my business name.

    I took a look at the page, and I'm honestly not sure what it is. It could be just a simple attempt to use your sitename to avoid your comment blacklists.

    If you're concerned, contact the owner of the domain:

    http://whois.domaintools.com/speedydns.net

  5. PaintBird
    Member
    Posted 3 years ago #

    Thank you, James/MacManX, for taking time to respond.

    Are they using my name elsewhere?
    Yes, they are using it to create a bogus page on their site. When I looked this morning, I saw that they are also uploading my images onto their site, without my permission.
    Here is my site address:
    http://wrenaissance-art.com
    Here is the bogus page address:
    http://speedy-dns.net/www/15/46/172/wrenaissance_art_com.html

    When I look up their home domain, I get the following:
    http://reports.internic.net/cgi/whois?whois_nic=speedy-dns.net&type=domain
    This states they are registered with Enom, but no further info about the spammers themselves.
    I also get this when I check the IP address given in the notice email WordPress sends me for unapproved comments:
    http://whois.arin.net/rest/net/NET-94-0-0-0-1
    As far as I can see from the ARIN pages, the servers for the spammer are part of the RIPE network in Amsterdam. This means their host company is in the EU?

    At this point, I am going to contact Enom, as they (the spammers) are now stealing my images without permission or licensing. I am very reluctant to contact the spammers directly, as doing so could put more of my information at risk.

    Do you have any further suggestions or ideas?

    Thanks again!

  6. I agree, I think contacting eNom is a good next step.

  7. girltaristhan
    Member
    Posted 3 years ago #

    I've had this same problem - I emailed eNom and this is the response I got.

    My website is rockangel.co.uk and the address being used by Speedy DNS is http://speedy-dns.net/www/permanent/rockangel.co.uk

    Hello,

    Thank you very much for your notification. After researching the domain, we have found that eNom, Inc. only provides domain name registration for this customer. We are not the webhost, internet service provider, or administrator for speedy-dns.net. Given that we are not the webhost for the reported domain, the allegedly infringing material identified in your notification does not reside on eNom’s servers. Accordingly, we do not have the technical ability to remove or disable specific items of objectionable content.

    Again, due to the limited technical sphere in which eNom operates, we do not believe that we are the correct party to contact regarding this matter. In this instance, we suggest that you contact the party operating the website or the party hosting the website to have this matter properly resolved. A "ping" of the website you indicated often reveals the IP address of the party which probably hosts this website. You may then use https://ws.arin.net/whois or another similar tool to identify this party.

    With regards to your spam complaint, before we can take action on your report we will require some sort of evidence that substantiates the reported abuse. Depending on the form of abuse being reported, evidence can take different forms. Examples of useful evidence include, but are not limited to spam email with full headers, web/server logs, and web links to the reported content.

    Thank you again for your report, and please do not hesitate to contact us should you have any further questions.

    Regards,

    eNom

    Is there anything else we can do?

  8. Sorry about that, don't know why I didn't recommend contacting the hosting provider earlier.

    Here's some details on their hosting provider:

    http://www.whoishostingthis.com/speedy-dns.net

    You may also find some useful things in this article:

    http://lorelle.wordpress.com/2006/04/10/what-do-you-do-when-someone-steals-your-content/

  9. PaintBird
    Member
    Posted 3 years ago #

    James (MacManX) and girltaristhan,
    Thanks very much for the comments, help and ideas.
    So far I have contacted my hosting provider, who said (of course!) that unfortunately they couldn't do anything, as the spam site is not hosted with them. The tech did say that it looked like the spammer might be using my images on a page to test download and upload speed, since every image on the bogus page is accompanied by file size and name, download and upload times.

    Looks like I'll now be contacting the host provider that James (MacManX) has found.

    Thanks much. I'll post a coda to let you know how it turns out! :-)

  10. Another thing to consider is hotlink protection, which will prevent unauthorized domains from downloading your files (like those images).

    If you're interested, here's a handy generator:

    http://www.htaccesstools.com/hotlink-protection/

  11. PaintBird
    Member
    Posted 3 years ago #

    Thanks for the link to the code generator!
    I went into my site's cpanel today and banned the IPs in question and also banned ability of other sites to hotlink image files.
    The bogus page now shows the little ? squares where the images were, although the file names and directory paths remain in the text.

    The ARIN "whois" indicates a different IP than the speedy-dns homepage. When I enter that number into the Who Is Hosting This search, I get
    http://www.whoishostingthis.com/94.75.229.251

    So, curioser and curioser.

  12. theobroma
    Member
    Posted 3 years ago #

    I just noticed the same thing in my spam comments, posted a few days ago:

    Name: www. mydomain.com
    URL: speedy-dns.net/www/permanent/www.mydomain.com/
    Email: alest.pe@ gmail.com
    IP address: 94.75.229.251 (same as IP in message above)

    The comment said "Posted it to Twitter. Greetings from the Speedy DNS.

    When I viewed the URL with mydomain in it (using Proxify), I got a page that listed the following:

    title_key_XXXXXXXXXXXXXXXXXX (18-digit number)
    Summary:
    ginfo_key_ (18-digit number)
    dinfo_key_(18-digit number)
    time_key_(18-digit number)

    It appears to be a wordpress blog.

    Any idea what's going on with this type of spam?
    I just banned the IP, and already had hot-link protection enabled...

Topic Closed

This topic has been closed to new replies.

About this Topic