Search Engine Optimization & Web Hosting Solution

TOKYO (MacHouse) - It’s not uncommon that websites hosted under the same company are systematically exploited. For example, we reported back in January that several client websites of Spoono Host were exploited for phishing. We actually thought that websites hosted only by small web hosting companies are targets of exploitation. Today, we know that’s not true.

PowWeb is one of the largest web hosting companies that we know. Back in April, 2007, they claimed they hosted more than 100,000 websites. What we found today is a list of more than 110 websites hosted at PowWeb that are currently under exploitation or were under exploitation before.

customersupportteam.com

crookedhands.com

mnagriwomen.org

primecolorphoto.com (See Screenshot 01.)

krcweb.com (See Screenshot 02.)

blissfulbulldogs.com (See Screenshot 03.)

tonihenson.com (See Screenshot 04.)

mallardpointe.com (See Screenshot 05.)

bsbc.org (See Screenshot 06.)

tubsntea.com (See Screenshot 07.)

turlo.com (See Screenshot 08.)

pettus.com (See Screenshot 09.)

fresources.com

taylorphoto.net

avoice.info

careonecard.com

slcumc.org

vfbands.com

designerimages.net

scenicbaymarina.com

houseofties.com

thefixmassage.com

zipko.net

espsupply.com

santacarver.com

fourseasonsguideservice.com

adultmentor.com

cassidyscasuals.com

prezentsinc.com

substratanetwork.com

heatseekeronline.com

gsrcny.org

hoksales.com

salussoliaassociates.com

hybco.com

skyemar.com

djtoddpelio.com

gbaircraft.com

thehis.com

livingwaterteaching.org

patricksdreams.org

hardycatering.com

prolearning.com

soulfitness.com

multiculturalfest.com

environmentcare.com

putinbayislandclub.com

youngnak.org => BizLand

californiakayaks.com

hornsunlimited.com

rockcitygardens.com

ccfred.com

tomlegoff.com

melighting.com

andersenillustration.com

vgsupply.com

baucumpottery.com

brettell.org

nemesisgroup.org => BizLand

treasuredteddys.com

myhappyphotos.com

livingstreamhealth.com

cutandshoot.org

norfolkfop.com

carlosbarbosa.com

juliovaldez.com

hawgzotic.com

madonnaperinatal.com

k2systems.com

northcoastbeds.com

copiesmart.com

carerecordings.com

consulthts.com

chesterfieldtaxi.com

kenosisfilms.com

eautomoto.com

partydesigns.com

ibritt.com

robertsontechnologies.com

newthought.com

kidsconn.com

cyberhaze.com

gastoniafirstassembly.org

modelstudio.com

broadwayelectric.com

signetpress.com

cardinalboosters.com

dsdc.org => BizLand

burdettecamping.com

sslcwest.org

rawhite.com

jamesdaniel.com

purespace.org

theministryofthree.com

heartlandtalent.com

otfl.ca

racingheroesonline.com

koolkidstuff.com

marchettieng.com

fiolablum.com

gouget.com

sweeneymedia.com

waabi.org

flowsolutionsinc.com

itcsd.com

componentkiosk.com

jonestackle.com

bardsong.com

seatonscarpentry.com

capfurniture.com

dobdesign.com

faevs.com

tgs-packequip.com

mik-a-low.com

urban-wildlife.com

em-systems.com

fitnessnw-owf.com

elec-troninc.com

roland-photography.com

spectrum-bd.com

x-tremesports.com => Suspension or deletion

rub-n-tug.com

color-tech.net

We checked the nameservers of all the websites in the list above. All the websites except 10 of them still hosted by PowWeb. Some of the websites listed above (shown in italiic) are no longer hosted at PowWeb. For example, the website of gsrcny.org is now possibly hosted by SiteSteward, Inc. Other websites like those of youngnak.org, nemesisgroup.org and dsdc.org appear to have moved to BizLand. BizLand? We have heard of it, right? A funny thing is that websites hosted at BizLand are also under systematic exploitation.

Screenshot 01 - Source: MacHouse

Screenshot 02 - Source: MacHouse

Screenshot 03 - Source: MacHouse

Screenshot 04 - Source: MacHouse

Screenshot 05 - Source: MacHouse

Screenshot 06 - Source: MacHouse

Screenshot 07 - Source: MacHouse

Screenshot 08 - Source: MacHouse

Screenshot 09 - Source: MacHouse

By the way, where does this exploitation list come from? We certainly did not exploit any of the websites in the list. It comes from a website hosted at blogspot.com. The title of the website is ‘mp3 music.’ The websites shown there have nothing to do with MP3 music. Our suspicion with no proof is that exploiters use this blogspot website share information.

Actually, anyone can get a list of websites hosted by PowWeb, right? That’s right. WhoIs data at some search engines like ComleteWhoIs are available only in real time. That is, their data cannot be indexed by search engines like Google and Yahoo! On the other hand, WhoIs data at other WhoIs search engines including Domain Tools (www.domaintools.com) and Who.is (www.who.is) are available at any time. So their data are indexed by Google and others. For example, if you ask Google about ns2.powweb.com, you can get a long list of websites hosted at PowWeb.

We don’t check exploitation history for every domain shown in the list above. We can say some of them in the list (the websites of crookedhands.com, blissfulbulldogs.com, tubsntea.com and pettus.com) are still under exploitation.

Finally, what should the webmaster do if he or she finds their website in the list above? We can’t tell them to move out of PowWeb because some of them have moved and are now possibly under exploitation at new hosts. There are so many tips to give out in protecting websites. And we have mentioned some in the past. We aren’t necessarily experts in this field. It’s quite possible that we will fall a victim to website exploitation in the future. Or we possibly are. In the meantime, I can say that there is nothing more important than to patrol the website constantly twice or three times a day for sure.

Paul from the website of researchclinic.co.uk indirectly contributed to this report.






References:

Warning: Fake Anti-Virus Scan and Common Characteristics Among 4 of Victimized Websites

********** ********** ********** ********** ********** ********** ********** **********

MacHouse is not funded by tax payers' money. We have limited resources. We also need time to sleep and eat just as others. So we will not act as the International police to contact all victims of website abuse. All you have to do is to subscribe to spam messages and spam posts. If we can, why don't you?