• A guy in Quebec has, in the last few weeks, begun cloning www.ads-software.com, but changing the word WORDPRESS to MAUDEPRESS. Needless to say, his domain name is maudepress.org.

    Google is now including it in search results, say by Plugin or Theme name. Is there anywhere I should be reporting this? As it seems like an ideal way to deliver malware.

Viewing 15 replies - 1 through 15 (of 15 total)
  • Wow… looks just like www.ads-software.com. It is even loading a lot of resources from www.ads-software.com. Even the forum is cloned. I am apparently a contributor ??

    No idea if anything can be done though…

    Unbelievable. It is an EXACT copy of this forum.

    Yikes.. Just came from there, and I find it more than just a little disturbing. My short term advice is that members do not attempt to log in on that site (out of sheer curiosity), by using their credentials from www.ads-software.com.

    I’m really not sure who (if anyone) should be alerted, but if you wanted to drop them a note, maybe someone at [email protected] would know if it was an issue that needed to be addressed. Heck, I’m not even sure if it technically falls under that category.

    Guidelines: Where do I report security issues?

    @claytonjames,
    Even the comments that we post here are appearing instantly in the clone site.

    It also seems that all instances of the word “WordPress” in post content and titles, is being replaced with its own brand name. The forum search is inoperative, and the site looks like a big turd in internet explorer, but yeah… I can see it being a potential problem.

    [edit] I don’t know what they’re pushing as a download, but it’s not WordPress and isn’t an archive format. Saving it gives me a single unreadable html file. That’s enough messing around for me. ??

    But it seems that members have to be alerted NOT to DOWNLOAD anything from that site or interact with it. BUT HOW? Their pages are also indexed by Google. A Who.is does not show up anything, the though host can be located using another tool.

    Moderator Jan Dembowski

    (@jdembowski)

    Forum Moderator and Brute Squad

    *Looks. LAUGHTER! Oh, that’s rich. I like that.*

    Guys? I’m Ivory Soap Sure (99.999%) that it’s just a reverse proxy with some mod_substitute.

    It’s dodgy and you absolutely do NOT want to try and log in there. But that’s all there is to it, welcome to the Internet.

    Moderator Ipstenu (Mika Epstein)

    (@ipstenu)

    ?????? Advisor and Activist

    Hmm. Well I suppose the blokes would be able to block the IP. Interesting. Downloads for plugins loop back to www.ads-software.com. *sigh*

    Moderator Ipstenu (Mika Epstein)

    (@ipstenu)

    ?????? Advisor and Activist

    Arright, the important folks know and are looking into it.

    Guys? I’m Ivory Soap Sure (99.999%) that it’s just a reverse proxy with some mod_substitute.

    Industrious little buggers, aren’t they? Haha!!

    It’s dodgy and you absolutely do NOT want to try and log in there. But that’s all there is to it, welcome to the Internet.

    Agreed. I can’t think of any other reason for a site like this to exist, if not for the sole purpose of attempting to harvest information from confused or unsuspecting users.

    Moderator Jan Dembowski

    (@jdembowski)

    Forum Moderator and Brute Squad

    Industrious little buggers, aren’t they? Haha!!

    Old tricks are best. ??

    Hey guys,

    I’m actually the owner of the domain and it was totally a joke to make a friend of mine happy.

    Its on old trick of url rewriting mixed with http get / replace. I will try to make it no-index no-follow

    @the_real_fatp

    it was totally a joke to make a friend of mine happy.

    So… the joke isn’t over? Your friend isn’t happy yet?

    Thread Starter adiant

    (@adiant)

    Hmm. Still there, and less than a minute behind the current state of the site.

    Moderator Jan Dembowski

    (@jdembowski)

    Forum Moderator and Brute Squad

    A minute? It should be milliseconds behind. ??

    It’s just a reverse proxy. It’s odd but it’s got

    <META NAME="ROBOTS" CONTENT="NOINDEX, NOFOLLOW">

    In the HTML source so it’s harmless.

Viewing 15 replies - 1 through 15 (of 15 total)
  • The topic ‘Fake clone site of www.ads-software.com’ is closed to new replies.