DDoS Attacks

It seems that my blog has been the victim of some DDoS attacks, and more specifically the WordPress xmlrpc exploit that is currently wreaking havoc on many wordpress installations around the world.

The basic concept is that the hacker… wait, i’ll use the term script kiddy… anyway the person doing the attack abuses the xmlrpc.php file shipped with WordPress. XMLRPC is meant to be used to connect to the blog from 3rd party apps and publish content. Here is a great blog from Sucuri on the exploit.

Anyway, i’ve installed a XMLRPC Attack Defence Blocker plugin, that should hopefully help stop the attacks from happening and i’m having a friend look into log files to see if he can find the source of the issue.

Some of my most recent blog posts have been about a certain company called BES Utilities, and the last post indicated that they may be using certain underhand tactics trying to silence anyone speaking out against them. Would be messed up if it was them doing the attacks but then if I was them, I’d  be pissed off too;

Lesson 1 - dont screw with an SEOer

Share: Share on FacebookShare on Google+Tweet about this on TwitterPin on Pinterest

BES Utilities / Energy – Follow up – SCAM

Spoke to a like-minded individual regarding BES and their tactics yesterday, and during the conversation I noticed that the original blog post I wrote didn't contain anything relating to the saga that came after the initial mis-selling.

I managed to find the email complaint I sent to the Energy Ombudsman, so this should fill you in regarding the level of BS I've had to deal with thanks to BES Utilities AKA BES Commercial Electricity, BES Commercial Gas and BES Telecom;

"I have just been called by a guy called Craig in "Pre-disconnections" at BES Energy.

He has rung to inform me that our energy supply will be disconnected due to non payment of an overdue amount.

To summarise – I'm not paying an amount to BES that they seem to have fabricated from thin air. I have asked for proof in the form of a statement more than 3 times now but the people i have spoken to from BES have been unwilling to progress my call to customer services and simply want to steal my money from me. Let me go into more detail…..

I have spoken to;

Chelsea on 2/12/13 @ 10:00am and informed her a bill for £299.98 for ONE MONTHS usage was ridiculous, and that I had got my bank to return the money and cancel the direct debit until a bill with ACTUAL readings came through. I gave her actual readings at this point.

Then I spoke to Mia on 3/12/13 @ 11:30am as she was chasing non payment of this initial invoice despite my hour long conversation with Chelsea the day before – i ended up paying £70 off over the phone, and informed her i wouldn't pay more until our invoices were based on ACTUAL readings, not hugely over-ESTIMATED readings.

On 12/12/13 i received another invoice, this time the charge for "this period" was -£5.99 which to my understanding was due to the fact I'd already paid £70, and my usage since day dot until the 15/12/13 was overpaid by £5.99 hence the negative balance.

We received another invoice on 15/01/2014 with an amount owing of £44.92 which was based on an ACTUAL reading, and was one i was happy to (and did) pay.

Similarly with the invoice 21/01/2014 – the amount was (a big high, but) based on ACTUAL usage, so we cleared this one up (as far as I'm aware anyway)

I then spoke to Laura on the 24/01/2014 @ 13:47 as she was chasing non payment of an amount owing in the region of £200 – i explained to her, and subsequently THREE other people that called, that i wasn't prepared to send £200+ to BES energy, unless i could clearly see how this amount had been accrued on a statement based on actual usage (not estimated usage)

Both Laura and the other people that rang me were stubborn, unfriendly and would not transfer me to customer services so i could get them to issue me with a statement of actual usage and one showing where this amount had come from.

I have tried over 10 times to call BES but i can only come to the conclusion that their lack of customer service skills and disgusting sales tactics result in their phone lines being jammed all day every day.

I have raised this situation with the energy ombudsman because i feel that BES are bullying me into paying them an amount of money – of which they are not prepared to prove to me how and when this apparent debt was accrued.

I think i have been very accommodating and reasonable with this situation, and simply want to see a statement from the start of this farce until the present day showing actual usage of energy. If i receive this information, and based on the meter readings it states (and that i will cross reference with photographs i took of the meter every single Monday morning before any appliances were turned on) if this indicates to me that an amount is actually owed to BES i would be happy to get this resolved.

I am – in no way – prepared to send my hard earned money to BES without the aforementioned document."

Email 2;

"Just to let you know, i got the termination letter this morning and the amount it said we owed was £71.41, not the £229.98 they had previously suggested.

I rang early and actually got through to customer services to question why this amount had changed, she said it was still £229.98 owed and wasn't sure where the £71.41 had come from, so looked into it and when she came back to me i was informed that she had noticed an issue on the account and it appears that their "system" had not recalculated my bill properly when they got actual readings about 5 months ago.

I am now awaiting another letter or phone call from them to let me know what they find. I have also asked Sarah in customer services that if it does turn out to be an error on their end and i don't owe them the £229.98 (as i have been saying all along) then i want a full written letter of apology from their management. 

I would still very much like to move away from them though, and move to a company that have better systems in place for dealing with issues like this if they are to arise in future."

After my complaint was lodged, they then fumbled about trying to silence me with pointless spreadsheets that claimed to be the information i seek. They also took £100's out of my bank account which i managed to get returned from my bank but that got more threats from BES Energy/Utilities including phone calls from pushy "Disconnection agents" and letters left right and center.

All I wanted was Energy bills with ACTUAL readings on – I wasn't asking for blood!

Another thing that has bothered me about the case, is the fact that every time I canceled the Direct Debit (to stop them taking chunks out my account) they would contact me and tell me that I was now on a higher rate due to my decision to pay manually. I'm pretty sure its up to me how I pay my bills and shouldn't be penalised for my choice?

I started taking my own readings each week and calculating how much I should be charged based on the rate I was given and the standing charge etc – after a few months of the Smart meter taking accurate readings and my bills coming through as expected, I backed off and allowed the process to be automated via D/D again and carried on with my life.

Last week I happened to open a energy bill that was £100+ which is much higher than normal – and so I shall once again attempt to get out of contract with BES to go with a more well-known transparent commercial energy company

If anyone would like help or assistance getting out of contract with BES Utilities or requires help on the matter, please read my other blog post about the subject too – and get in touch via the comments and I can put you in touch with people who feel as annoyed as you do about being ripped off and scammed by BES.

Share: Share on FacebookShare on Google+Tweet about this on TwitterPin on Pinterest

Facebook IS spying on you, but not with messenger

Facebook has recently rolled out its “in house” browser to “open links faster” on Android and possibly iOS devices (anyone confirm the iOS bit?) and I’ve been cool with it so far as it does seem to make things a bit faster – but then the real reason for this new feature suddenly dawned on me!

Data mining!

Now, not only do they know what you ‘like’ and what links you click on from within your Facebook app, but now they also know what you do once you are on that page. “Did you click on anything else? What else might interest you? Was the content relevant or did you bounce straight back?”

*It’s worth noting at this point that they’re not doing this so they can make a clone of you and steal your identities. They are more likely to be doing it so they can learn more about you, which in turn allows them to target their advertising better and improve their service to you… Which in turn makes you a more profitable customer for them.*

So, despite it actually being a benefit in the form of faster link opening times, it’s just a sneaky way of harvesting more of your data – and as we all know, data is the new gold.

They’ve already built a multi billion corporation with our content, now they are squeezing more out of our Facebook experience to harvest more data to use and probably sell for a huge (probably tax free) profit.

Clever move, Facebook. You sneaky little prawn.

Share: Share on FacebookShare on Google+Tweet about this on TwitterPin on Pinterest

Finally settled on a new layout

My rekindled love for blogging has also meant i’ve been spending time tinkering with my blog layout and the colour scheme trying to get it just how I want it.

For the last few weeks I was rocking an awesome theme, to be fair it was the best one i’ve ever had, proper ticked all the boxes…. apart from the fact once I started delving in and altering a few things I realised the guy who made it was a moron and had obviously coded most of the template files with his knees.

The structure of everything was a mess. I was very sad :'(

So, I started the hunt for a new WordPress Theme (you’d have thought i’d have one of the ninjas at work make me one haha) and it reminded me about how hard it was to find simple blogging themes nowadays that focus on the written content rather than huge header images and image slideshows and junk.

…Is that because no one writes old fashioned blogs any more?

I get that a picture is worth a thousand words but I often visit blogs and they’re using premium themes that are built to focus on large imagery that accompany the published articles, and the authors simply use some crappy stock image because if they don’t they break the layout of the page.

So is there really any point in having that as a main feature of the theme?

We did some work for a lady recently who was a travel blogger, and because of what she blogged about she needed large images to be part of her articles else the images of the places she visited wouldn’t get across to her readers – however not everyone blogs about “visual” things so there really should be more choice of themes out there for the rest of us! :)

Anyway, after 20 minutes or so I saw this theme, liked that it was fairly bare-bones and installed it. All credit to Per Sandström for making a great theme that is easily customisable and is made for bloggers!

Hurray for simplicity!

Share: Share on FacebookShare on Google+Tweet about this on TwitterPin on Pinterest

SCAM – Data File Google Winning Batch: UK/111/GWIN/GUK

Dave spotted this in our spam box from [email protected] with a reply to address as [email protected] – as if “the CEO of Google” would have an email address like that!

“You have Been Selected as a Winner for Using Google Services. Find attached E-mail with more details.
Congratulations,

Sincerely.
Mr. Owen Hookson.
CEO GOOGLE UK.”

And its another attachment jobbo – look at this beaut;

1

2

Here is the original file

Its of course – a Scam – stay away folks and if you see anything like this in your inbox forward it me so I can have a giggle :)

Share: Share on FacebookShare on Google+Tweet about this on TwitterPin on Pinterest

Website owners beware – terrorist attacks on your websites too

Its hard to ignore the current disputes between ISIS and the rest of the world. Every news program and social feed contains links to videos and articles about this horrible ordeal, and it looks like its now also spread to the digital world.

I was messaged by a customer who said that their website had been hacked. When I visited the website I was greeted by the message;

Hacked BY MuhmadEmad ./we are peshmarga

MuhmadEmad seems to just be the persons name, but peshmarga (peshmerga) is a term used by Kurds to refer to “Armed Kurdish Fighters” which – as far as I can work out – should be people on our side, so im really confused as to why they would hack a little wordpress website that has nothing to do with this conflict.

I’m still looking into exactly what happened but it seems to have been a Gravity Forms exploit of some description – some files within uploads/gravity_forms/tmp were VERY dodgy so they’ve been downloaded for closer inspection and removed from the site.

Ive also updated all the plugins, themes and the wordpress core. Passwords for all wordpress user accounts, FTP and MySQL users changed too.

If you’re having trouble with a hacked website then contact me through twitter or something and ill help as best I can.

Share: Share on FacebookShare on Google+Tweet about this on TwitterPin on Pinterest