Diving into the realms of phishing or hacking.
Recently we received the following comment on one of the social networks:
I think your website is a phishing site!
Also, we have received a few E-Mails lately accusing us of being a phishing site and frankly we’re totally confused. Perhaps people are not sure what a phishing site is? Perhaps they’re just trolling hard? Regardless, lets go with the first scenario and break it down for the people out there. Also be sure to check out this FAQ which people can read for other basic questions as well.
What is phishing?
Well, phishing is an attempt to gain sensitive data from a client or user about possible usernames, passwords, or other data which could lead to identity fraud. A phishing site asks a series of questions in order to find out more about the user. If the user fills out all of the information the person running the site can then attack their social media, bank, e-mail, and simply put be a complete asshole. Which brings up the obvious question:
ARE YOU A PHISHING SITE?
Lets look above. Any boxes asking for sensitive data like social security? credit or card info? Personal data? Did you have to login in order to gain access to information on this site? The closest you will have come (and will ever come) is if you decide to leave a comment (completely optional!.) At the bottom of this site we may ask you for an e-mail address which as you can tell from the picture above we don’t even care if its legit! If you answer that with a bogus e-mail then great! A name of alias which we would prefer you to use an Alias so you protect yourselves out there!
You are reading a blog from a person that uses a single character as a handle/alias. In other words; We would have to be the worlds best hacker in order to go off of the few data packets you leave in the comments below. Sorry guys, We just don’t have that kind of time as we’re way too distracted for– Oh, potato chips!
Phishing sites masquerading as someone important.
If this was a phishing site. S-Config.com would disguised as a trustworthy source such as a store or bank. Which we’re sorry to report that we don’t have tons and tons of domain aliases to s-config.com. We understand having a ‘dash’ in your domain name is suspect. But we don’t like run-on characters like sconfigblogsource.com. Also, single character domains to represent my handle are in the millions of dollars so that isn’t happening.
Security is important to us.
You may have seen that green lock icon in the corner of your browser address. It’s not there to just look pretty!
Most phishing sites don’t spend the kind of time and money to get an official SSL certificate like we do. This site is encrypted all the way through. Meaning that there is no way for a man-in-the-middle hacking attack to occur without something going terribly wrong with the connection to this site.
Tracking and cookies.
You’re tracking us!
Incorrect! This website has gone through considerable lengths to separate all instances of third party cookies and plugins from even touching this site. From hosting our own fonts to even hosting our own videos and saying screw you to YouTube. The only analytic we run is in-house right off of the Apache logs which the report is only run to check for errors within this very site.
Paranoia phishing levels increasing!
I don’t believe you!!
Fine!! Lets go through some plugins so you can verify it yourself.
For starters if you wondered how I got that graphical interface about my website versus all of the others connected then checkout the Lightbeam plugin for Mozilla Firefox. Don’t have Firefox and still rolling with internet explorer? Get away from internet explorer!
Don’t let the college animal mascot graphic fool you. This plugin is legit coming from the EFF themselves which are people who fight for your right to electronic privacy. This is available for both google chrome and Mozilla Firefox. Once again, if you are running internet explorer. Stop that! For those two people that visit my site running Netscape Navigator. Are you two okay over there? Anyhow, the controls are very easy to use. And it will scan for any cookies on all websites giving you the option to block them and shut them down if you so choose. Don’t make yourself a net-victim! And don’t let anyone profit off of your website visits. Duckduckgo is a nice start but once you click on a search query you’re on your own!
This is almost a necessity of being online as the majority of ways your computer can get infected from spyware is from ads. Yes, even google ad-sense is riddled with websites that attempt to hi-jack your computer. Some would argue that you’re sealing the revenue from YouTubers by blocking the Ads . To which our only response is find a way to display ads without screwing up peoples PCs and we’ll talk. We’re talking to you Google Ad-Sense!
I checked your site and Google Transparency Report says you got malware!
Malware is downloadable files that you get from a random site and you fail to have a good virus checker installed onto your PC. Once executed the file decides to go on a total rampage the moment you click it. redirecting your websites rebooting your computer and all sorts of stupid there-after. Always have a virus checker and be mindful of the files you download regardless of where you go.
If you go over to Google’s transparency report to show something like this to about the site.
On one hand you have google reporting that my site is totally safe to browse. On the other hand you have google telling people that bother to look at the transparency report that there is some pages this website that install malware. Well what the hell is it google? Does this site install malware and thus is not safe or it is safe with no malware?
Now in an attempt to see if Google was correct we performed the following tasks:
- Checked the security issues within Google Webmaster. I don’t go into it a whole lot as all it tells me is if it crawled my site or not. Nothing about any security issues.
- Let Sucuri SiteCheck scan my entire site. Nothing.
- Jumped on AwSnap and let their site scan my system as FireFox , Google Android, and Google Chrome. Outside of some minor scripting errors nothing really to be concerned about.
- Some state that it could’ve been a CPanel configuration error which checking some of the websites within my hosting provider that totally is not happening.
- Google requires access to our site via webmaster/analytic in order to prove that there is no malware existing anywhere on here. That’s not happening guys.
- Nortons web-scan shows nothing.
- Binaries on your website contain mal-ware. We downloaded the entire website back and ran Norton and Avast virus checker. Also downloaded SuperAntiSpyware and ran a deep scan on the backup of this site. No viruses or malware found.
What the hell is going on.
We don’t know. Google blindly accuses us of malware without failing to provide any information or data as to how this error even showed up. It could be some of my external links going off to sites which we have almost zero control over. If anyone has a website that goes into extreme detail as to why Google marks some things malware or not let us know. The only theory we can come up with is the simple fact that since we disallowed Google from performing any analytic on our site. This is because data goes to them that Google as well as us. Google is now unsure of what we are doing and commits defamation of character on the side of caution.
In the end it’s okay that if there is red flags about site safety details because not even Google can pass their own transparency report! Not only labeling itself as a malware site but also bringing ebay.com into this as well by listing them as a ‘Dangerous website’. This means if we link to Ebay which we sometimes do within our technical blogs then that effectively makes us a malware site as well. The downward spiral towards insanity begins within the Google thought complex! As long as the Current Status is not dangerous which we are. Then it is good to go.
Update 10/16/2017 – Like magic and without explanation my site is fine to Google.
Apparently google has decided that we pass after months of bad-mouthing us! No reason to explanation why! Apparently we’re not smart enough to deserve an answer from google as to why they changed their mind. But it does go to show that Google does occasionally check a site and verify that a site hasen’t been hacked and gone rouge.
Paranoia hacking levels increasing!!!
This site is dark! You’re a hacking site out to steal all of my megahurtz!!!
Well! We do some hacking here. But it’s not what you think!
To hack is to gain access to information by any and/or all means necessary. In essence the articles that you may read on this site do just that. This is why we cannot state that accusation is %100 incorrect. But it’s nothing of a malicious nature unless of course you’re a multi-million dollar corporation that locks your hardware down. If you are that kind of company well, screw you!
Style and image is everything. For us it’s dark and retro.
There’s a certain style I like with my blogs which is simply put I actually like feeling like a mid-2000’s site using dark colors. There’s plenty of sites in our cellar door which have a similar feel and they have been an inspiration to us here at s-config.com We’ve seen what many other sites have done by making their website feel “Clean” which is one word for it. Medical grade sterilization would be my interpretation of it. To the point where the text is just a few shades lighter then the background color. Having white colors with light grey text may make your site feel like it was put together by Mr. Clean. But it will cause so much more eye-strain.
We’re sorry that my site doesn’t make you feel like you just walked into the Apple Store ready to get your wallet raped by the latest Mac product. This is a personal blog. We don’t need your money or anything in your wallet. Just by you visiting this site I have gotten all I want which is readership.
Paranoia levels at maximum!!!!
I don’t believe anything you say!!! They’re all out to get me! Including you!
For those people who think the world is out to get them. I got bad news for you. You’re right! Both everyone and no one cares at the exact same time!!!! Welcome to the net! If you are truly that paranoid of the internet then the Tor project might be for you. Just don’t go logging into Facebook or twitter with this utility because you are being bounced through a few (anonymous) servers in the middle of Sweden, France, and Germany.
We could go on and on about being a good net denizen, having a virus checker, and a basic etiquette on how to handle yourself on the net. We’re not trying to be mean about this but when people start throwing accusations out there it tends to stick on sites which determine reputation. If thousands of people think your site is a phishing site then what’s the real difference between a false-positive and the real deal at that level?
We get why the paranoia exists. It’s a real information war happening and the internet is slowly getting eroded from what it once was which is to provide information.
If there is one thing you can take away from this article. It’s our word that unlike ninety percent of the online web-world out there. We could care less about your personal information! In order for us to care about such things we would want your money. To those ends this site currently does not sell a thing despite having a trusted security certificate.
We’re just happy you stopped by! That’s right! Our mission is accomplished the moment you clicked from that forum, or search engine, or e-mail your buddy sent you. So click around my site. Read some articles. Keep your ad-blockers and cookie trackers running if you do not beleive us. If you feel so bold drop some comments. We try to respond to as many as we can here! It is our belief that the internet is intended to share information freely. Don’t you worry about the hosting costs. That part is all covered.
Until then, don’t die. May server protect you
END OF LINE+++