I realized this morning that my online life was very very messy. It took a phone call from my website’s abuse department, which was a scary phone call before 9 a.m. (although this phone call would be scary at any time).
Apparently, someone took advantage of my messy online life and created some very authentic looking web pages in order to phish account information from unsuspecting people. The pages appeared on my web site. They wanted to know if I could please delete the offending files. They were actually pretty nice about it, and the default setting wasn’t “You are guilty” but “You are a victim too.” Whew.
The suggestion was that if I was hosting a blog, my blog application was out of date, which would make my site vulnerable. I immediately logged into my blog and confirmed that I was using the latest application.
It wasn’t until I opened up the screenshot sent to me as well as my FTP that I realized it wasn’t my current blog that was the problem. It was one that I still had that was now just a redirect to the current blog. I hadn’t logged into that blog account since I combined all of my blogs into one spot and changed the name to Digital Rhetoric. And that meant that blog’s software wasn’t updated to the latest and greatest.
When I first did the redirect, I deleted all of my FTP and photo and teaching blog stuff, which left a messy “file not found” problem for the pages within those blogs. And that is when I realized I could just use a redirect, so that is what I did for my lindasherwood.com blog. And it was the lindasherwood.com blog that phishers used to create the fake pages.
The first email notifying me of the problem was sent to me at 11 a.m. yesterday. Of course, I hadn’t read my email yet. If I hadn’t got the phone call this morning, I’m not sure I would have realized it today. Or more likely, I wouldn’t have realized it until after I left the house and didn’t have the means to fix it until I returned home later today.
And as I was going through my various files for lindasherwood.com, I realized that the background stuff of my web site is very very messy. I installed WordPress in 2009, and I made my site function using blog software then. Before that, I had a regular web site with lots of pages, and you can still see some of those pages by typing the URL directly: www.lindasherwood.com/portfolio.html I had forgotten that web site version was even still available! And most of the links still work.
So, in an effort to clean up my website, I have deleted a bunch of files this morning. And in doing so, I made my main page, lindasherwood.com not work. I’ll fix it later. The important part is that I also got rid of the phishing pages.
This is also why my site’s main page: lindasherwood.com isn’t working right now.
And here is a couple of links about phishing that was sent to me by my hosting site’s abuse department:
http://en.wikipedia.org/wiki/Phishing
http://www.antiphishing.org/
Have you cleaned up your website lately?
