Page 1 of 2 12 LastLast
Results 1 to 20 of 28

Thread: Spammer exploits vBulletin vulnerability, GoDaddy tries to extort $75 from me

  1. #1
    Owner Dan Druff's Avatar
    Reputation
    4463
    Join Date
    Mar 2012
    Posts
    30,746
    Blog Entries
    2

    Spammer exploits vBulletin vulnerability, GoDaddy tries to extort $75 from me

    Up until today, I had respect for GoDaddy. They're the registrar for pokerfraudalert.com, and all of the other domains I own, as well.

    They are reasonably priced (especially if you're good at finding coupons/specials), and their telephone support always reaches a helpful/knowledgeable person in the US.

    That is... until yesterday.

    On Friday, I got an e-mail from Godaddy with a spam complaint about pokerfraudalert.com. It was a form letter, but demanded a response. I did not understand what they wanted:

    Dear Todd Witteles,

    We have received complaints that you are involved in sending
    unsolicited email messages for/from the following domain(s):

    POKERFRAUDALERT.COM


    If this is the case, GoDaddy requires that you cease this activity
    immediately. You are also required to respond to this notification within 24
    hours to address the situation.
    Failure to do so may lead to the suspension
    or cancellation of service.

    Please review our Universal Terms of Service for details on the nature of
    this situation: https://www.godaddy.com/Legal-Agreem...dy&isc=gdbb644

    Specifically, we recommend you review Sections 4 and 9 of this agreement.

    Again, as we stated above, you are required to respond to this notification
    within 24 hours to address the situation. We look forward to hearing from you.

    Sincerely,

    Network Abuse Department
    GoDaddy

    Not knowing any of the details of the spam or what they wanted me to "address", I called them and was told just to reply and tell them that I hadn't been spamming and needed more info. I wrote the following:

    I have not spammed anyone.

    Please give me more information about this.

    We had a hacking about 3 months ago, but I fixed the situation and it has not recurred.

    Please let me know the nature of the spam and its originating IP.

    -Todd Witteles

    In response, I got a wall-of-text form letter which did not give me all the information I was looking for. At the end of the wall-of-text, they did include the spam e-mail:

    To: *******@gmail.com
    Subject: This Machine Defies All Laws Of Physics
    From: "Poker Fraud Alert Forums Presented by Todd Witteles" <junk@pokerfraudalert.com> Date: Fri, 17 Jan 2014 13:55:31 -0500

    This is a message from Gary Lincholn ( mailto: ) from the Poker Fraud Alert Forums Presented by Todd Witteles ( <a href="http://pokerfraudalert.com/forum/">http://pokerfraudalert.com/forum/</a> ). The message is as follows:

    Hi, We know that the ultimate problem that we are facing today is energy. Now here is a machine that would overcome this problem which was designed many years ago but the blueprint was suppressed by huge oil companies and including the government for a one big reason.. their own PROFIT. To know more, please visit this site: [spam URL removed]

    Have a good one. Gary .

    Poker Fraud Alert Forums Presented by Todd Witteles takes no responsibility for messages sent through its system.

    So at this point I knew that someone was exploting vBulletin in some way to send out spam, but I didn't know how.

    I e-mailed again asking for the IP of the offending spam message, just to be sure it was really coming through my forum and wasn't being spoofed in some way.

    They completely ignored my e-mail and sent me the following obnoxious wall-of-text:

    Dear Sir/Madam, If you are not able to give us the opt in information we have requested this places you in violation of your registration agreement and GoDaddy's anti-spam policy. More information on GoDaddy's Anti-Spam policy can be found at https://www.godaddy.com/gdshop/no_spam.asp GoDaddy has a strict anti-spam policy, as the registrant of POKERFRAUDALERT.COM you are ultimately responsible for the use of your domain name, any email mail advertisement that is driving traffic to, or creating revenue for, your website or domain name is your responsibility. This also applies to the actions of any party generating this traffic or revenue on your behalf. This includes, but is not limited to, 3rd party marketers, business partners, mailing list providers and affiliates. Please keep in mind that it is not our intention to cause anyone's business to suffer and we do appreciate you cooperating with us on this matter. Because of your cooperation and willingness to resolve this issue thus far, your services have not been interrupted, but this situation remains unresolved. We present to you the following solution to resolve this issue: First, reply to abuse@godaddy.com with a statement that you (or your employees, affiliates, 3rd party marketers, etc.) will no longer send messages to individuals that did not ask to receive information specifically from your domain name. Second, include in this statement authorization for GoDaddy to charge a $75 non-refundable administration fee to the credit card on file for your account (you may want to log into your GoDaddy account and confirm that the card on file is valid and has not expired). GoDaddy believes this solution to be a fair one that will ensure that you will correct the problem on your end, and prevent any future violations of GoDaddy's Anti-Spam policy. Additionally your services are not interrupted and your customers and affiliates are not inconvenienced. If you reply with this statement and agree to pay this fee, GoDaddy will accept this, in good faith, as proof of your commitment to correct this problem. If not, your domain name may be immediately redirected and your service suspended. Please be aware that GoDaddy will continue to monitor this situation. If in the future it is determined that this problem persists, your domain name may be immediately redirected. We do realize additional complaints resulting from this mailing may come in and we will of course consider this, and contact you before taking any action. Thank you for your cooperation. Regards, Domain Name Abuse GoDaddy Hotline 480-624-2505 ARID 1024
    The bolded part is the important stuff.

    So basically their "compromise" was for me to promise not to spam anymore (completely ignoring my statements that I wasn't guilty and that this was the work of either a hacker or spoofer), as well as a demand that I pay $75 as a commitment that I won't be spamming anymore!

    Obviously I wasn't sending them a dime.

    This was awful timing because I was extremely sick yesterday (read about it here: http://pokerfraudalert.com/forum/sho...-last-24-hours ..), but
    I called them immediately, afraid they would suspend PFA if I didn't act quickly.

    I spoke to some bitchy young woman there who, despite looking at the message and it being fairly obvious I was hacked/exploited, kept repeating, "It's impossible to tell if you were spamming or if someone else was."

    When I asked why I was not given the information I was requesting, she had no answer.

    I told her that I'm a programmer and would track down this exploit once I felt better.

    She said that I had until Monday (LOL 2 days) to solve it.

    We then got into a frustrating time-negotiation session, where I kept asking for a week, and she slowly moved up from 2 days to 4 days, and then 5 days.

    When I explained how sick I was and that it would likely take a few days to resolve, she made the obnoxious statement:

    "You've been responding to our e-mails. So you're telling me you are healthy enough to answer e-mails but not solve this problem?"

    I blew up at her and asked, "Do you think writing a 1-liner back to you guys on my phone is the same level of effort as going through a complicated software package and looking for e-mail exploits? Do you really think those two require anywhere near the same level of concentration? Seriously?"

    She paused and said, "Okay, we will give you a week."

    Today I went and found the exploit and closed it. It was something stupid in the vBulletin blog system that allowed you to "e-mail blogs to a friend", which made it incredibly easy for spammers to abuse. There is no way to turn that feature off, so I had to modify the software myself to remove it.

    I e-mailed GoDaddy today with the details and hopefully they will accept it.

    Zero chance I am paying them a penny for this.

    Really shady, especially how they ignore my e-mails and offer me this "compromise" where they take $75 from me in order to "show a commitment" not to spam.

    I bet a lot of people just pay the $75, terrified that they will lose their domain accessibility, especially businesses that can't afford any kind of service interruption.

  2. #2
    Diamond Hockey Guy's Avatar
    Reputation
    1044
    Join Date
    Mar 2012
    Location
    Canada
    Posts
    7,085
    So, did you figure outt who was spamming from here?
    (_) ..
    ∫\ \___( _)
    _∫∫ _∫∫ɯ \ \

    Quote Originally Posted by Hockey Guy
    I'd say good luck in the freeroll but I'm pretty sure you'll go on a bender to self-sabotage yourself & miss it completely or use it as the excuse of why you didn't cash.

  3. #3
    Owner Dan Druff's Avatar
    Reputation
    4463
    Join Date
    Mar 2012
    Posts
    30,746
    Blog Entries
    2
    Quote Originally Posted by Hockey Guy View Post
    So, did you figure outt who was spamming from here?
    It wasn't a user. It was just a spammer who knew that all vBulletins with blogs could be exploited in this way.

  4. #4
    Serial Blogger BeerAndPoker's Avatar
    Reputation
    1372
    Join Date
    Mar 2012
    Posts
    9,944
    Blog Entries
    20
    I'm sure GoDaddy knows all about this exploit with as many sites they host and they know about it right away so this is clearly an extortion attempt to get $75 out of clueless people who will pay them in fear of losing their website.

  5. #5
    Quote Originally Posted by BeerAndPoker View Post
    I'm sure GoDaddy knows all about this exploit with as many sites they host and they know about it right away so this is clearly an extortion attempt to get $75 out of clueless people who will pay them in fear of losing their website.

    I would say unlikely.

    Too many vulnerabilities paired with too many different types of open source applications means it isn't even worth the effort for GoDaddy to stay on top of these things.

  6. #6
    Diamond Hockey Guy's Avatar
    Reputation
    1044
    Join Date
    Mar 2012
    Location
    Canada
    Posts
    7,085
    Is there any way to blame garrett for this?

     
    Comments
      
      Deal: unfortutately we are not looking for a peabrain at this time
    (_) ..
    ∫\ \___( _)
    _∫∫ _∫∫ɯ \ \

    Quote Originally Posted by Hockey Guy
    I'd say good luck in the freeroll but I'm pretty sure you'll go on a bender to self-sabotage yourself & miss it completely or use it as the excuse of why you didn't cash.

  7. #7
    Serial Blogger BeerAndPoker's Avatar
    Reputation
    1372
    Join Date
    Mar 2012
    Posts
    9,944
    Blog Entries
    20
    Quote Originally Posted by abrown83 View Post
    Quote Originally Posted by BeerAndPoker View Post
    I'm sure GoDaddy knows all about this exploit with as many sites they host and they know about it right away so this is clearly an extortion attempt to get $75 out of clueless people who will pay them in fear of losing their website.

    I would say unlikely.

    Too many vulnerabilities paired with too many different types of open source applications means it isn't even worth the effort for GoDaddy to stay on top of these things.
    Sure they have a ton to deal with but I bet they could pin point a lot of these exploits with the given information. I get why they wouldn't want to waste time without trying to make some money but at the same time this is terrible customer service giving a consumer the run around like this.

    Druff knows programming but a lot of people who don't might just cave an pay them.

  8. #8
    Quote Originally Posted by Hockey Guy View Post
    Is there any way to blame garrett for this?
    LOL.

    And cla too.

  9. #9
    75 dollar fee is highway robbery. Wouldn't be surprised if Godaddy got in major shit for this in future.

  10. #10
    Owner Dan Druff's Avatar
    Reputation
    4463
    Join Date
    Mar 2012
    Posts
    30,746
    Blog Entries
    2
    Quote Originally Posted by BetCheckBet View Post
    75 dollar fee is highway robbery. Wouldn't be surprised if Godaddy got in major shit for this in future.
    This would actually be acceptable if they caught someone in a borderline spam case where they're essentially paying a fine for violating the policy and getting another chance.

    But for them to ignore my requests for info on finding out who is exploiting my software/server, and then to demand the $75 as a "compromise" is a joke.

    I think this is their go-to response whenever an accused spammer denies doing it. "Pay $75 and we'll give you one more chance", and most probably cough up the money.

  11. #11
    Banned
    Reputation
    95
    Join Date
    Mar 2012
    Location
    Mississauga
    Posts
    2,316
    Ask anyone that hosts many sites and they will tell you GoDaddy is the worst possible choice.

    I feel dirty just knowing that shit I type is being stored on their Servers. Please move providers.

  12. #12
    Serial Blogger BeerAndPoker's Avatar
    Reputation
    1372
    Join Date
    Mar 2012
    Posts
    9,944
    Blog Entries
    20
    Quote Originally Posted by Deal View Post
    Ask anyone that hosts many sites and they will tell you GoDaddy is the worst possible choice.

    I feel dirty just knowing that shit I type is being stored on their Servers. Please move providers.
    True! Also, what should we expect much from a site that hires annoying and goofy looking broads like Vanessa Rousso?


  13. #13
    I bought a domain for my cousin back in 2005 that she never used and I still auto renew each year. According to go daddy appraisal its worth $160-400. Should I hold on to it or sell? It's a business name.

  14. #14
    Quote Originally Posted by Dan Druff View Post
    Up until today, I had respect for GoDaddy.

     
    Comments
      
      sonatine: had to be said

  15. #15
    Owner Dan Druff's Avatar
    Reputation
    4463
    Join Date
    Mar 2012
    Posts
    30,746
    Blog Entries
    2
    Quote Originally Posted by Deal View Post
    Ask anyone that hosts many sites and they will tell you GoDaddy is the worst possible choice.

    I feel dirty just knowing that shit I type is being stored on their Servers. Please move providers.
    It's not.

    The hosting is a different site.

    GoDaddy is just the registrar.

     
    Comments
      
      Deal: Should be an easy migration then. What is stopping you from doing it?

  16. #16
    Holy shit what a genius business plan. Sell software with exploit in it. Charge people when other people use that exploit. PROFIT

  17. #17
    Owner Dan Druff's Avatar
    Reputation
    4463
    Join Date
    Mar 2012
    Posts
    30,746
    Blog Entries
    2
    Quote Originally Posted by BeerAndPoker View Post
    Quote Originally Posted by Deal View Post
    Ask anyone that hosts many sites and they will tell you GoDaddy is the worst possible choice.

    I feel dirty just knowing that shit I type is being stored on their Servers. Please move providers.
    True! Also, what should we expect much from a site that hires annoying and goofy looking broads like Vanessa Rousso?

    Funny watching this video, you can totally tell Danica Patrick is uncomfortable doing the "sexy model taking off her clothes for the camera" thing, even though she's just taking off a jacket.

  18. #18
    Owner Dan Druff's Avatar
    Reputation
    4463
    Join Date
    Mar 2012
    Posts
    30,746
    Blog Entries
    2
    Quote Originally Posted by nunbeater View Post
    Holy shit what a genius business plan. Sell software with exploit in it. Charge people when other people use that exploit. PROFIT
    The exploit was not GoDaddy's fault. That was vBulletin's fault, and I didn't buy vBulletin from GoDaddy.

    But the $75 charge was offensive given that I was fully cooperating and their blanket policy is just to judge you guilty and charge you regardless of what you say.

  19. #19
    From the content of the spam email I'm thinking Micon? Didn't he used to be on about perpetual motion machines?
    SOBCHAK SECURITY 213-799-7798

  20. #20
    Banned
    Reputation
    95
    Join Date
    Mar 2012
    Location
    Mississauga
    Posts
    2,316
    Mod should move this to appropriate forum:

    http://pokerfraudalert.com/forum/for...-and-Shadiness

Thread Information

Users Browsing this Thread

There are currently 2 users browsing this thread. (0 members and 2 guests)

Similar Threads

  1. Extort or disbar from this scumbag attorney
    By PhilipLanderer in forum Flying Stupidity
    Replies: 5
    Last Post: 08-11-2013, 12:06 AM
  2. GoDaddy "nerd kiss" ad took 45 takes
    By Dan Druff in forum Flying Stupidity
    Replies: 17
    Last Post: 02-05-2013, 02:03 PM
  3. Godaddy $0.99 coupon code on dot com
    By mulva in forum Flying Stupidity
    Replies: 1
    Last Post: 02-03-2013, 08:44 PM
  4. Godaddy's Down
    By Yebsite in forum Flying Stupidity
    Replies: 32
    Last Post: 09-15-2012, 05:06 AM
  5. Smart grid vulnerability could give hackers free electricity
    By WillieMcFML in forum Flying Stupidity
    Replies: 4
    Last Post: 07-24-2012, 10:49 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •