I spent $99 dollars to a random human being in Transylvania to get my site back online and free of MalWare. To expand, and I can’t say with full certainty, the site was infected with a virus on the same day I opened up a CoinBase account. If you don’t think that treading into Crypto currency can be dangerous, get your head checked. Essentially a Trojan horse was uploaded into my WordPress files. This caused Google to return back to anyone who tried to go to the site that it was dangerous. I’m actually waiting for a response on how it happened and I’ll return the details.
Bansheemann7 is currently offline as my account is the primary and his is an add-on. I’m told having 2 sites under one main domain is not safe and we’ll be changing it in the future. This has been a headache. Targeting this website is pretty useless. At first I thought I was providing too much racy material and I was being flagged (this is actually what the guy at Sitelock told me which was a complete lie). I removed a few posts that I thought may have gotten me in trouble but it was bullshit. Now that the trojan is all cleaned up, life can move forward. Sam and I have yet to iron any true idea of how we are moving forward so you’ll have to stay tuned. Everything would have to be more expensive and I’m not sure where we lie exactly.
Below is a humorous transcript with a company I was looking to do the website work before I found a guy who would do it for $99. Think about that carefully though if you read through it.
On Wed, 14 Mar at 1:36 PM , Tom Stortz <firstname.lastname@example.org> wrote:
We’ll go ahead with the cleanup of 2 sites, rnningfool.com & bansheemann7.com. There is a 3rd site on there (southbowlleagues.com) that I don’t care if it survives. It’s not urgent so you can bill the card for $160 (I don’t think there is anything wrong with Bansheemann7 so if you want to charge $260, I’m not for that). I don’t know if I ever intend on writing on these websites again and think I’m going to start a brand new domain and move the Wordfence API over. How do you prefer I send the access for the control panel?
Sent: Wednesday, March 14, 2018 7:00 PM
Subject: Re: [#65171] Site Cleaning Request
I am performing an initial review of your case, and I verified that I’m able to log in with the usernames/passwords you provided. I did find that there are 3 additional installations of WordPress in the hosting account. In a hosting account like yours, one hacked site can be used to infect any others, so it’s our policy to clean every site in the account. Otherwise the hackers can just undo our work after we’re finished.
You have a few options to continue with the site cleaning:
– Add the other 3 sites to your order. We have volume pricing for this service that is dependent on the number of sites. The discounted price in your case would be $75 for each additional site, which includes a one-year Wordfence Premium key for each one.
– If you don’t use them, delete them from the server.
– If you do use them but don’t want them to be cleaned at this point, you can move them or your primary site to another hosting account, such that the primary site is the only one there to be cleaned.
– You could cancel the order entirely.
Thanks and have a great day!
On Wed, Mar 14, 2018 at 7:11 PM, Tom Stortz <email@example.com> wrote:
How about this question, are the other ones currently infected? I’ll move them to another domain if they are not.
On Mar 14, 2018 9:00 PM, wrote:
To give an idea of what’s going on here. It’s a personal site that I have years of data on which is the only reason I want to clean it. I plan on buying a new domain name and moving all the info on this current site over to the new domain name. Spending hundreds of dollars to make it happen doesn’t make sense. I’ll just get a back up of the current info and then I’ll see what happens moving forward. I have to imagine you can see if the other domain names are infected the same way a random representative from Sitelock told me mine was. He wanted to sell me on a package for 140 / month if you want to know how I even got started on this path. I’m just a dude with a personal website. If you can’t do the work for the $180 I paid already, just refund me and I’ll figure it out because the whole thing seems outrageous to me to begin with. I’d create a backup and then manually delete the files the same way WordFence tells me. Rather than try to money gouge me for 2 sites that aren’t even affected, how about you just clean the site and tell me what to do. If you can’t do it, let’s move on.
On Thu, Mar 15, 2018 at 8:50 AM, Tom Stortz <firstname.lastname@example.org> wrote:
A final thought on this matter, if it’s your “policy” to do the other sites, then please refund me the $80 and I’ll figure it out myself. I’d like to get this moving.
On Thu, 15 Mar at 5:12 PM , Tom Stortz <email@example.com> wrote:
Is Wordfence a professional company or what? When I was a customer you were going to make money off of I got a reply in 5 minutes. Now that it’s not going to work like that, i’m down on the list. If you don’t want to do the work, refund the money. If you want to do the one site, do the one site. If not, refund the $80. Let’s make a decision.
On Mar 15, 2018 9:00 PM, wrote:
Chloe had presented you with several options. She explained that we can’t exclude other sites from the cleanup. The reason is simple. One malicious script can infect all 4 sites. We see this all the time. Now, if we want to exclude sites, there are ways. You could move the site you want us to clean to another server to that it is the only site in that account. In that case we can clean one site.
You asked if the other sites were infected. We don’t know. That is exactly why we need to scrutinize them in the same way as the one site that we know is infected. We do back our work with a 90 day guarantee. We can’t do that with other potentially infected sites left behind.
So again, we have a few options:
– Move the site you would like us to clean to another server
– Delete the other sites
– Add them to the order for a fee
– cancel the order and get the refund.
Please let us know what you would like to do.
On Thu, 15 Mar at 9:05 PM , Tom Stortz <firstname.lastname@example.org> wrote:
Please refund the $80.
On Thu, 15 Mar at 9:10 PM , Tom Stortz <email@example.com> wrote:
Prorate the api too. I don’t need that either. Whatever you think is fair for my use.
Nice negotiating though. Really proving your worth.
The final thought I have is that I bet you guys can fix it in 5 minutes. You see it all the time and the other sites have no infection warning. I’m going to dispute the charges with no service rendered (aside from one scan) and we can see what happens. It was never about the money to me. I just wanted it handled by professionals. Perhaps I’m wrong here, but I promise you we’ll be getting a few opinions. Thanks for the effort and I apologize for the time spent.
Sent: Friday, March 16, 2018 1:10 AM
Subject: Re: [#65171] Site Cleaning Request
It takes our site cleaners 2-6 hours to clean an infected site depending on the infection as they manually go through by hand to inspect, remove, and ensure everything is free of malware. I’ll be happy to help. We have canceled your order and issued you a full refund to your credit card. I have also went ahead and deleted your key and provided you with a full refund. You should soon receive a separate email with a confirmation of the transaction.
Thanks and have a great day!