Results 1 to 7 of 7

Thread: The whole Malicious files/buy sitelock thing...

  1. #1
    Registered
    Join Date
    Mar 2016
    Location
    Vancouver
    Posts
    5
    Rep Power
    0

    The whole Malicious files/buy sitelock thing...

    I've received an email from powweb - in fact a few - referencing malicious files found on my site then pitching me some paid service to deal with them. I looked at the files they referenced and saw nothing that concerned me - there was a mention about old or outdated files possibly being a problem so I updated my wordpress files as well as all my plugin and template files and thought I was good to go.

    Got another email today - AND - they have shut down my site. Again this new email basically is a pitch for some paid service - I made a call to powweb (to billing first thinking I had an account issue) and they (obviously reading from a scripted flowchart/template) basically tried to sell me this same service. It was basically a boiler room call center with a very specific response script.

    Now I'm not a power user - the site is mine - I run it, only I use it (and probably only me and my wife read it). In this instance I actually used a really good commercially available responsive template (that I paid for) and it's been running perfectly with little hassle for years and years.

    So what's going on? Is this some massive company scam to get stupid people to pay for something out of fear? Is it some sort of extortion (my site is actually suspended)? How can I believe anything when all the evidence seems to suggest this is about selling me a product. I saw one other thread on this site from earlier last year talking about this same thing but at this point I can't be the only one dealing with this and trying to make sense of it so anyone who can chime in please do.

    What I've done since getting the email -- deleted whole directories of old beta sites and unused beta installations----- then asked them to rescan and tell me specifically what they think the issue is and how to resolve it. The files they reference look like standard files - and most of them have not been altered for ions.

    Any help in understanding this would be appreciated.

    Rob

  2. #2
    Thinkin' out loud again Builder's Avatar
    Join Date
    Nov 2002
    Location
    Illinois
    Posts
    2,088
    Rep Power
    19
    If you haven't already, read the first 5-6 posts in this thread:
    http://forum.powweb.com/showthread.php?t=97268

    EDIT: Well, that's what I get for skimming your post. Apparently you have already read it...
    But... That thread shows how to stop this thing in it's tracks once your site is back up.

    Good luck,
    Kevin
    A good friend will come and bail you out of jail...
    but a true friend will be sitting next to you saying,
    "Damn... that was fun!"

  3. #3
    Registered
    Join Date
    Mar 2016
    Location
    Vancouver
    Posts
    5
    Rep Power
    0
    Quote Originally Posted by Builder View Post
    If you haven't already, read the first 5-6 posts in this thread:
    http://forum.powweb.com/showthread.php?t=97268

    EDIT: Well, that's what I get for skimming your post. Apparently you have already read it...
    But... That thread shows how to stop this thing in it's tracks once your site is back up.

    Good luck,
    Kevin
    I did - didn't look like anyone actually resolved their issue beyond mass deletion and an exodus for other hosting companies. Yes - I'm looking forward to stopping it from happening again. Going around in circles with the girl on the phone where I kept saying "I don't believe you - this whole thing sounds like a scam" and she'd say "yes I understand that trying to sell you services sounds like a scam.... would you like to buy some services?".... she seemed to imply that if I responded to the email directly that I'd get a better result - that they could only offer to sell me something.... almost as if she was saying - respond to the email and the problem might go away --- as if (and this is a leap on my part) she was hinting that because I was firm in not buying this sitelock service they'd fix it and leave me alone..... just bizarre -- are like 1000's of people getting this shakedown?

  4. #4
    Registered
    Join Date
    Mar 2016
    Location
    Vancouver
    Posts
    5
    Rep Power
    0
    Quote Originally Posted by Builder View Post
    If you haven't already, read the first 5-6 posts in this thread:
    http://forum.powweb.com/showthread.php?t=97268

    EDIT: Well, that's what I get for skimming your post. Apparently you have already read it...
    But... That thread shows how to stop this thing in it's tracks once your site is back up.

    Good luck,
    Kevin
    Thanks Kevin -- I wont say too much until others chime in but it was extremely concerning to me that tier one support could only talk to me about "selling" me something. The circular discussion I had I could literally map out the call response template. This is so disturbing to me and has me questioning everything -- and I've been with Powweb for maybe 10 years now so this blows my mind.

  5. #5
    Custom User Title entrecon's Avatar
    Join Date
    Aug 2006
    Location
    Michigan
    Posts
    2,742
    Rep Power
    16
    I had some old code on some domains I wasn't using anymore and got hacked and subsequently shut down. Unless you look close at the files it can be difficult to see where the malicious code is. The real tell tale sign is to look at the last modified date on the files. When you haven't updated your site recently and you see that the files have been updated, it is a good sign that someone hid some code in your files.
    ________________________________
    Find me on twitter: @entrecon

  6. #6
    Registered
    Join Date
    Mar 2016
    Location
    Vancouver
    Posts
    5
    Rep Power
    0
    Thanks entrecon ---- I'm still awaiting a response on my tech ticket - particularly addressing my concerns about the validity of the approach and how it looks like a strong arm sales tactic. The fact I've heard nothing from them since the 16th despite several followups on my part does nothing to make me feel that they are concerned with the state of my files and more concerned that I appear to be unwilling to pay for additional services.

    To be clear - I deleted/removed many old files listed on their scan list and cleaned up my directories -- I've asked for a recheck and acknowledgement - none of which have happened so my site is still down.

  7. #7
    Registered
    Join Date
    Mar 2016
    Location
    Vancouver
    Posts
    5
    Rep Power
    0
    So here's how this resolved: I deleted the files. After several back and forth exchanges, including re-scans on their end & newly suggested files to delete I was able to delete and/or replace all files. Were all the files I deleted actually "maliciously infected"? That is a good question that I can't answer.

    What was very clear - is that the whole organization was geared toward making this an opportunity to sell me sitelock services which themselves are a complete rabbit hole.

    Were there at least some malicious files? I'm sure there were. Was there any evidence of malicious activity from my account? None that could be pointed out to me or were called to my attention.

    What I really didn't like was how this whole incident, which must have occurred across the whole hosting platform affecting 1000's if not 10's and 10's of thousands of customers was so heavy handed and devoid of any information or assitance on their part to even help people understand what was going on.

    I feel that people were held hostage and had they not had the skillset to navigate through the byzantine circular "buy sitelock" sales pitches trying to figure out what to do, they would have been in effect strong armed into purchasing services out of ignorance. That's not cool.

    So I'm back up and running but now I'm very wary of powweb as a host - I'm scared for my data and my site, and fearful of future heavy handed practices like this.

    If anyone else is experiencing similar issues feel free to post in this thread and ask for some assistance and I'll do my best to help you.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •