Gizmokid2005

If any of you are like me, you like to game.  And being so, you probably like racing games, especially the Need For Speed series.  So I’m sure you all got excited for the newest release of Need For Speed…Undercover!  I know I was.  I happened to come across it at a local video store for PS2 and I HAD to have it for PC.  My fiancee got it for me as a gift and I was stoked.

However, all good things must come to an end right?  I install it and I couldn’t get it running, it kept crashing with a Windows Error window.  EA’s Support was of no help to me, it was only by happenstance I figured out what it was.  As I also play Grid, Dirt, and Test Drive Unlimited, I know that there are some really weird and stupid security modules out there.  With these other games, chances are you will NOT be able to run Process Explorer while trying to launch the game.  I like to leave this Task Manager replacement running to keep track of my system.  It just so happens that NFS:Undercover has the same issue.  I closed Process Explorer and Undercover started right up.  YAY!  Three days back and forth with support wasted, only for me to not need their help to begin with.  Ok, Fine.  Time to play!!!

Or is it?  It’s hard to play when you get a frame per second rate comparable to the turn signal on a vehicle…it’s just impossible to play the game, not too mention tedious and NOT fun.  Well, here are my specs, I never would’ve though to have an issue with this:

AMD Phenom II x4 920 @2.8GHz
4GB DDR2-1066 (PC2-8500)
Sapphire HD4870 – 1GB GDDR5
Raidmax 630W Modular PSU
2x ASUS Sata 22x DVD+/-RW
250GB WD SATA (Windows), 320GB WD SATA (Secondary/Apps), 1TB Samsung SATA (Backups)
2x 19″W ASUS LCD Monitors

But apparently I was wrong.  I Googled for an answer and nothing came up that I could use…the normal “update your drivers” bs…well it’s hard to update them when they are as up to date as can be.

So here I sit, I have NFS:Undercover that I want to play…and I can’t…so it sits, for almost 2 months before I get the itch to play again and decide that I need to figure SOMETHING out to play the game in a way I can actually play it.  So I looked and found something that might be useful.

There seem to be two possible fixes out there, assuming that your hardware is sufficient enough to run the game:

1. (This is the fix that worked for me).  After you launch the game, ALT+TAB out of it, and open up your Task manager, and set the affinity for nfs.exe to just use one CPU (core) instead of all of them.  For instance, I have 4 cores, so I unchecked CPU0, CPU1, and CPU2, while leaving CPU3 checked to do the work for me.
2. (I have NOT tested this).  This is out there on a few sites, while I haven’t tested it, and it seems to work for some people, it seems to apply more to people who have a cracked version of the game, or who are using a hacked version of the EXE that gets rid of the DRM crap that is loaded on the computer with NFS:Undercover.  What you need to do, is replace the paul.dll file that you have with one from a legit copy of the game.
3. (Here’s a bonus).  One more thing to check for, if you have some type of messaging program, or email program that has popups in the bottom right of your PC or something, turn it off, as it popping up will slow down the game while it opens and closes

I hoped this helps some more people get their game running so they can enjoy it like I am!

If this helped, please comment and/or digg it!

My story with ManobanWeb’s Hosting service

This is a lengthy story about my recent experience with ManobanWeb (http://manobanweb.com) (MBW). I believe everyone should read this as a warning about this company. Now I’m not saying that this is a bad company as they’ve been great up until now, but this is something I hope nobody ever goes through so I am going to document it here. Enjoy.

(This is going to be exactly as the ticket is with them, with the exception that I removed any personally identifying information, and anything that could be used harmfully, ie – the phishing scripts that I showed them. I’ll give a quick summary at the end).

Gizmokid2005.com (Me)
Tuesday, May 19, 2009 @ 9:56 EDT:
Guys, I need help, bad and fast.

I went to login to my FTP and cpanel today to upload some files, and couldn’t get in. My password had been reset to a random character password again….also, my last login was from 41.191.108.130, which is most certainly not my IP address, in fact it traces to Nigeria somewhere.

Can you help me figure out what happened? And if any files were changed before 5/19/2009 @ 1355 (9:55am EDT). I’m kinda worried this time…something happened and I’m not sure what.

Thanks guys.
==========

MBW – D.C.
Tuesday, May 19, 2009 @ 10:10 EDT:
Hello,

I will now look into this and block that IP range from our network.

Thank you for your patience.

Kind Regards,

D.C.
==========

Gizmokid2005.com
Tuesday, May 19, 2009 @ 10:13 EDT:
D.C.,

Thanks. There seems to be some router interface hosted at that IP and from what I can see on there, either they are some type of hosting company or have a major pipe to the internet for something…looks like 30M/s in bandwidth pretty consistently.

-Michael
==========

MBW – A.H.
Tuesday, May 19, 2009 @ 10:18 EDT:
Hi Michael,

I am currently in-touch with the African Network Information Center which is where the IP is being used. If I could ask you to please change all your passwords to avoid them getting into your account again.

Kind Regards,

A.H.
==========

Gizmokid2005.com
Tuesday, May 19, 2009 @ 10:23 EDT:
A.H.,

I will start right now. If I might add, there seems to be something…odd happening. I just looked in the recent visitors log and found this:

Host: <ip>
/irs.gov.coookies287484.html?743985=dummyvar
Http Code: 200 Date: May 19 10:11:16 Http Version: HTTP/1.1 Size in Bytes: 25039
Referer: -
Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)

Host: <ip>
/irs.gov.coookies287484.html
Http Code: 200 Date: May 19 10:11:03 Http Version: HTTP/1.1 Size in Bytes: 25039
Referer: http://us.mc330.mail.yahoo.com/mc/welcome?.gx=1&.rand=4b319dba97bqe
Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 1.1.4322; .NET CLR 3.0.04506.648; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)

/image/efile_size2.gif
Http Code: 404 Date: May 19 10:11:03 Http Version: HTTP/1.1 Size in Bytes: 16117
Referer: http://gizmokid2005.com/irs.gov.coookies287484.html
Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 1.1.4322; .NET CLR 3.0.04506.648; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)

/image/electronic_irs_small_logo.gif
Http Code: 404 Date: May 19 10:11:03 Http Version: HTTP/1.1 Size in Bytes: 16117
Referer: http://gizmokid2005.com/irs.gov.coookies287484.html
Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 1.1.4322; .NET CLR 3.0.04506.648; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
==========

Gizmokid2005.com
Tuesday, May 19, 2009 @ 10:57 EDT:
It looks like it was about 3:20AM EDT that they were in my hosting. They uploaded two files (both to the public_html folder):
internalrev.php
irs.gov.coookies287484.html

Looks like they are trying to use my domain for phishing…
==========

Gizmokid2005.com
Tuesday, May 19, 2009 @ 10:59 EDT:
Here’s the good data you’d need from the php file, it’s a hacker file, just to get data about bank logins and whatnot, and here contains the email address and whatnot:

“————ALAFONSO-Hacker from DARK————–
<PHP REMOVED>

SEE the actual php file for more info. I’m going to move the files to the root of the account, out of the public_html folder so they can’t be used anymore.
==========

Gizmokid2005.com
Tuesday, May 19, 2009 @ 11:43 EDT:
Guys – I have uploaded the file back to my site, modified. Please leave this one on my site until we can figure out more. I have removed all of the code and script from the file.

Thanks!

*****[NOTE: I modified the html file with the following text:
I AM NOT THE ONE THIS ORIGINATED FROM!! I AM A VICTIM TOO!!
If you are here, I am TRULY very sorry for the email you were sent. This was blatant hacking of my site and files. If you have reached this page, I have stopped you from giving away your identity to a hacker. If it sounds too good to be true, it is. REMEMBER!! ALWAYS check the URL of your links!! You NEVER know what you are clicking on. If the IRS has money to give you, they will NOT email you to say you have money. EVER.
If you were unfortunate enough to have made it to this page BEFORE I got this page up, PLEASE contact ALL of your banking institutions, and credit bureaus and let them know that you gave away all of your information. It would also be wise to contact the FBI and let them know the same. I have already contacted the email provider of the address this info was sent to, as well as my hosting company to find the originating person.
I'm sorry to anyone who's clicked this, and if you've made it here, please forward the email you got with this link to your email provider as a phishing scam.
END NOTE]*****
==========

MBW – A.H.
Tuesday, May 19, 2009 @ 16:08 EDT:
Michael,

We are still looking into this and decding on what action to take.

We will keep you updated.

Kind Regards,

A.H.
==========

Gizmokid2005.com
Tuesday, May 19, 2009 @ 16:10 EDT:
A.H.,

Thanks for the help! Just let me know what you guys figure out. I’d love to help shut down the person that did this.

-Michael
==========

Gizmokid2005.com
Thursday, May 21, 2009 @ 10:54 EDT:
Any updates?
==========

MBW – A.H.
Thursday, May 21, 2009 @ 12:29 EDT:
Michael,

I am still awaing a reply from the IP provider who the hacker used. I am doubtful that we will catch him as most hackers will mask their IP’s.
We have set-up a new firewall on the server which went online earlier today, which should help keep some of them from hacking into accounts.

Kind Regards,

A.H.
==========

Gizmokid2005.com
Saturday, May 23, 2009 @ 14:10 EDT:
I’m changing my password again…I have a new different login IP: 203.206.67.79
Everything is in the folder “paypal.co.uk.login”
This is REALLY getting ridiculous…password changes in progress again.
==========

Gizmokid2005.com
Saturday, May 23, 2009 @ 14:18 EDT:
It looks like in the process of moving the files out of the public_html folder, they were blown away by my FTP client, or they were deleted on your end at the same time.
==========

Gizmokid2005.com
Saturday, May 23, 2009 @ 14:20 EDT:
And I refreshed, and there is ANOTHER login from a different IP: 97.91.188.232. My ISP is also charter which is where this is from, but this is NOT my IP, in fact it’s not even in the right state.
==========

Gizmokid2005.com
Saturday, May 23, 2009 @ 14:31 EDT:
OK…NOW I’m pissed.

I just reset my password for cpanel and my subsequently my FTP to a 31 character password….I can login to my FTP with the first 8 characters only. WHY?

*****[NOTE: Yeah....I was getting a bit frustrated here, but do you blame me? END NOTE]*****
==========

MBW – A.H.
Saturday, May 23, 2009 @ 16:42 EDT:
Dear Michael,

If you check the forum you will see we are in the middle of securing another server which will be made public within the next 48 hours. This server has been completly locked down and we have set up a number of checks to run daily. If you would like I can ask one of the techs currently working on the new node to transfer your account within the next two hours.

Kind Regards,

A.H.
==========

MBW – J.A.
Saturday, May 23, 2009 @ 18:25 EDT:
Hi,

I have been checking node2 and have noticed some issues that need fixing. I have now started moving 50% off accounts on node2 over to our newer node.
This is will stop the High CPU usage and should help relieve your account problems. As the list is rather large and most accounts are 2 – 3 GB it will take some time.

I will update this ticket as soon as your account has been transfered.

– New Nameservers –
NS3.MANOBANWEB.COM
NS4.MANOBANWEB.COM

Login details can be reset on request. Once your account has been transfered you can access it by going the the following IP: <IP removed>

Kind Regards,

J.A.
==========

MBW – J.A.
Saturday, May 23, 2009 @ 20:03 EDT:
Hi,

Your account has been copied to the new node. It should be safe to change your nameserver details now.

Kind Regards,

J.A.
==========

Gizmokid2005.com
Saturday, May 23, 2009 @ 20:37 EDT:
A.H. & J.A.,

Thanks for the help. Sorry about the remark, I was just getting frustrated by this. Its just a bit irritating to deal with issues like that, especially when it blacklists my site on places such as http://mywot.com.

I want to thank all of you for being so transparent on the issue and not just covering it up with generic BS like a lot of places would.

I’m going to have to change my A records for my website now too aren’t I, considering the IP changed? Do you have this rsynced also, or are any changes that were made on the old server after the move not transferring over?

Thanks,

Michael
==========

MBW – A.H.
Sunday, May 24, 2009 @ 05:46 EDT:
Michael,

Most DNS settings and account settings are carried over. I’ll have Jake take a look as soon as he comes in.

Kind Regards,

A.H.
==========

MBW – J.A.
Sunday, May 24, 2009 @ 08:28 EDT:
Hi,

All details in the DNS zones are updated on our server. I have noticed some rather odd entries that I am requesting permission to delete.

paypal
paypal.co.uk.login
www.paypal.co.uk.login

Kind Regards,

J.A.
==========

Gizmokid2005.com
Sunday, May 24, 2009 @ 13:03 EDT:
PLEASE delete that record. I didn’t check to make sure they didn’t add any DNS. that’s from the latest phishing scam that was added.

As my DNS isn’t hosted with you, I have to repoint my A records to the new IP for node1 correct?
==========

MBW – J.A.
Sunday, May 24, 2009 @ 13:11 EDT:
Hi,

I have now removed the records.Yes you will have to change the A records to the new IP which is: <IP Removed>

Kind Regards,

J.A.
==========

Gizmokid2005.com
Sunday, May 24, 2009 @ 13:18 EDT:
Thanks Jake!

Are the files rsynced from the old server (ahoban) to the new one (node1) or are any changes made to the old server that I”m currently on going to be lost on the new one? (I don’t think there are many except for maybe in the /public_html/files/portableapps/ folder).

Thanks,

Michael
*****[NOTE: At this point I'd assumed that my issues were fixed and I was set going forward...boy was I in for a surprise. END NOTE]*****
==========

MBW – J.A.
Sunday, May 24, 2009 @ 13:28 EDT:
Hi,

The files were transfered last night which was just before I updated the ticket. any files uploaded after that time may be lost.

I have recently been in your account under the IP <IP Removed>, I have cleared all visable illegal files including a number of paypal sites and also a few email scripts that are not allowed on the server. The Email scripts were a form clearly used for sending spam.

Kind Regards,

J.A.
==========

Gizmokid2005.com
Sunday, May 24, 2009 @ 14:02 EDT:
J.A.,

Thanks. I’m not worried about anything else then. I kept looking for files that may have been not allowed, but the only folder I saw yesterday was the paypal folder and it disappeared when I was trying to move it out of the public domain for you guys. Thanks for the help Jake.

What did you guys ever come up with about the 8 character limit on the FTP password?
==========

MBW – J.A.
Sunday, May 24, 2009 @ 14:17 EDT:
Hi,

Michael I will look into this issue over the coming days for you.

Kind Regards,

J.A.
==========

Gizmokid2005.com
Monday, May 25, 2009 @ 16:48 EDT:
First off, I don’t know what you guys did with the rest of this ticket….second, it’s happened AGAIN! This time they didn’t log into my cpanel though…here’s the link:

<ACTUAL URL REMOVED>

The FTP password issue needs to be solved. ASAP. If it’s not being FTP’d onto my server, then it’s something within your security…..This has to stop. I’m on the new “more secure” server and this is the THIRD phishing attempt from my site in the last week…

This needs to stop. You guys have to figure out what is going on and stop it.

/public_html/images/on is the folder these files are in…THEY HAVE BEEN THERE SINCE 5/18/09….which means they weren’t taken off when the account was cleaned up before by Jake either.

Guys, PLEASE FIX THIS!!

*****[NOTE: At this point, they had deleted over half my ticked from 5/21 - 5/25 in the server move they did...but I requested it back later, you'll see the entry in the ticket and pasted back in chronological order here. END NOTE]*****
==========

Gizmokid2005.com
Monday, May 25, 2009 @ 17:41 EDT:
I just moved the files from the /public_html/images/on folder to the root in “on”
==========

Gizmokid2005.com
Monday, May 25, 2009 @ 18:20 EDT:
GUYS…SERIOUSLY?? I got an email from you as follows:

——– Original Message ——–
Subject: [Ticket ID: 559192] “spoofed” PayPal.com pages
From: ManobanWeb | Internet Services Abuse
To: Michael
Date: 5/24/2009 8:44 AM
> Michael,
>
> I have just recieved this Email from our service provider. I have removed the folder in question, however if this issue comes up again I’m afraid we will have to suspend the account until we can investigate the issue further.
>
>
> <——————–>
>
> We have just learned that your service is being used to display false, or “spoofed,” PayPal.com pages, in an apparent effort to steal personal and financial information from consumers, and defraud PayPal users. Specifically, it appears that a Solar VPS user is sending unsolicited messages which misrepresent the sender as PayPal, and making false statements that encourage the recipient to go to a page hosted by you at
>
><IP REMOVED> – <URL REMOVED>
>
> <DOMAIN REMOVED>
>
> asking to enter personal and account information. The purloined information is then sent to an email account and, based on our investigation of similar schemes, used to steal accounts and commit other fraudulent acts including international credit card and wire fraud.
>
> This matter is urgent – we believe that consumers have been falsely directed to this page and may be fooled into divulging personal information to a criminal, if the page is not immediately disabled. We ask that you immediately disable the site at <URL REMOVED>, as well as any associated email addresses, so that this fraudulent scheme can be stopped. We further request that you provide us with all contact information that you have for this user so that we may provide this information to the proper law enforcement authorities.
>
> While we believe that the above information gives your company more than a sufficient basis for disabling the page immediately, out of caution we note that your user’s unauthorized reproduction of PayPal’s trademark and copyrighted materials violates federal law, and places an independent legal obligation on your company to remove the offending page(s) immediately upon receiving notice from PayPal, the owner of the copyrighted materials. Accordingly, the information below serves as PayPal’s notice of infringement pursuant to the Digital Millennium Copyright Act, 17 U.S.C. Section 512
> (c)(3)(A):
>
> I, the undersigned, CERTIFY UNDER PENALTY OF PERJURY that I am the agent authorized to act on behalf of the owner of certain intellectual property rights, said owner being named PayPal, Inc. I have a good faith belief that the website located at URL <URL REMOVED> has its copyright in each page of its website and associated source code. Please act expeditiously to remove or disable access to the material or items claimed to be infringing.
>
> We sincerely appreciate your immediate attention to this important matter. We would also appreciate if you would take steps to confirm the accuracy of any contact information that your user may have provided to you in establishing the account. Should you have any accurate information that could assist PayPal and law enforcement in tracking this individual, we would greatly appreciate your assistance, as we know that you do not condone the use of your services for such criminal purposes.
>
> Finally, please be advised that we have referred this issue to the Federal Bureau of Investigation for their investigation. The F.B.I. has requested that we convey to you in this message their request that you preserve for 90 days all records relating to this web site, including all associated accounts, computer logs, files, IP addresses, telephone numbers, subscriber and user records, communications, and all programs and files on storage media in regard to all Internet connection information, pursuant to 18 U.S.C. section 2703(f). While we do not act as an agent of the FBI in conveying this request, we do intend to fully cooperate with their investigation, and encourage you to do so as well.
>
> eBay Inc.
> Audit and Investigations
> securityalerts@ebay.com
—————————————————————————

HOW can you have this much disconnect in your systems? THIS ticket should’ve flagged anything like this that came into to you. If this affect gizmokid2005.com and betatalk2.org is on the same hosting account, it should be common sense that this could be affected too….come on guys!

*****[NOTE: Yeah, I was mad again...this is the SAME crap that's happening with my main domain, just on one of my add-on domains I was hosting for a friend...END NOTE]*****
==========

MBW – D.C.
Monday, May 25, 2009 @ 18:39 EDT:
Micheal,

It is in our policy that we forward and investigate any abuse email we receive, so this staff member has taken the correct steps.

We are aware of the current situation so i will remove the abuse flag from your account.

Kind Regards,

D.C.
==========

Gizmokid2005.com
Monday, May 25, 2009 @ 19:00 EDT:
Thanks Dan. What happened to the rest of this ticket?
==========

MBW – A.H.
Monday, May 25, 2009 @ 19:02 EDT:
Michael,

In regards to the files in which you found. I know J.A. did a general check and removed most visable content. We have never seen them hide their files in the images folder before so I’m guessing thats why it was missed.
We have configured this node for secure usage, changing SSH ports, new firewalls etc…

Can you please just confirm the last date you believe files were uploaded on, so I can check the logs and compare them to the old server?

I have also checked 2 of my personal accounts with passwords longer than 8 letters and it will not let me in without the full thing.
I will open a ticket with Cpanel first thing in the morning, it’s 24:00 now and I was in the middle of sleeping before Dan called.

Kind Regards,

A.H.
==========

Gizmokid2005.com
Monday, May 25, 2009 @ 19:10 EDT:
A.H.,

The majority of the files that I had moved were uploaded on the 18th, there were a few more that I’d noticed today that were uploaded sometime yesterday or early today.

Sorry to have you awoken, but this is getting really excessive now. Please let me know as soon as you have more info about the FTP passwords too. At this point, that looks to be the weak point, as there wasn’t a new login from cPanel.

-Michael
==========

MBW – D.C.
Tuesday, May 26, 2009 @ 09:06 EDT:
Hello,

I’m afraid this matter is now out of our hands. The FBI have requested your details and they will now begin investigating this matter.

We have been asked to suspend your account for the time being.

Thank you for your co-operation throughout this matter.

We wish you every success with the FBI investigation.

Kind Regards,

D.C.
==========

Gizmokid2005.com
Tuesday, May 26, 2009 @ 09:10 EDT:
This is COMPLETELY unacceptable. I need a call from one of you ASAP. YOU should be the ones to help with the investigation, ESPECIALLY since this did NOT originate from me. You are passing this off, and have been as if it’s a non-critical issue…Your own technicians BLATANTLY said there were security issues with your servers…so somehow it’s MY fault?? This is NOT acceptable in ANY way.
==========

MBW – A.H.
Tuesday, May 26, 2009 @ 09:22 EDT:
Michael,

Our new server which you have been moved to has been hardened to industry standards and has enterprise class firewalls installed. SSH access is locked to ManobanWeb IP’s only. I understand where you are in this situation, however as stated in our TOS. This was requested and we must comply with these orders.

Responsibility for Content:
You, as ManobanWeb’s customer, are solely responsible for the content stored on and served by your ManobanWeb account.

Regards,
A.H.
==========

Gizmokid2005.com
Tuesday, May 26, 2009 @ 09:23 EDT:
But how am I responsible for a BLATANT security failure on your end?
==========

Gizmokid2005.com
Tuesday, May 26, 2009 @ 09:24 EDT:
Not too mention that over half this ticket was /conveniently/ deleted….
==========

MBW – A.H.
Tuesday, May 26, 2009 @ 09:55 EDT:
Michael,

We we’re in the process of moving our website when that ticket was submitted. Hence why some parts may have been lost. All are however in our email logs for our records.

We have done our best to try resolve this issue without taking action against your account, however at this time we can not afford to have abuse emails coming in every other day from both banks and also our provider.

On another note: we are only having this problem with your account, so it’s the security of your account which has been compromised, nothing to do with our server. I have also checked the logs and matched an IP upto your IP address.

Kind Regards,

A.H.
==========

Gizmokid2005.com
Tuesday, May 26, 2009 @ 09:59 EDT:
I am hereby requesting a copy of this ENTIRE ticket for my records also.

I told you what the issue was, and you failed to resolve it. The eight character FTP password is where the security failure was for sure in the last issue. You probably matched an IP to my address, I MOVED those files OUT of the public eyes AND uploaded COMPLETELY unrelated files in the meantime…

Please fulfill my request for the full copy of this ticket asap.

-Michael
==========

MBW – A.H.
Tuesday, May 26, 2009 @ 10:31 EDT:
Michael,

The thing we don’t understand is how it’s only your FTP account that has been affected with this 8 letter password problem…

< Ticket 449209 SNIPPED – You see it all chronologically above>
==========

Gizmokid2005.com
Tuesday, May 26, 2009 @ 10:37 EDT:
A.H.,

Thanks for the ticket. I don’t either…but that’s where the weak point is now…as the last login has been from my IP.

-Michael
==========

Gizmokid2005.com
Tuesday, May 26, 2009 @ 13:44 EDT:
Is there any reason why my traffic is now blocked?

*****[NOTE: This entry and the last one were updated via email...I can no longer access their site or any sites that are hosted on the same server, I just get a timeout. END NOTE]*****
==========

Gizmokid2005.com
Tuesday, May 26, 2009 @ 16:26 EDT:
Hello?
==========

MBW – A.H.
Tuesday, May 26, 2009 @ 18:43 EDT:
Michael,

I’m afraid I don’t quite understand what you mean.

Regards.
A.H.
==========

Gizmokid2005.com
Tuesday, May 26, 2009 @ 16:26 EDT:
I don’t know how else to explain
it….Anytime I try to go to your site, or any of people I know hosted
on your server, the connection times out.

Here is the traceroute:

C:>tracert www.manobanweb.com

Tracing route to manobanweb.com [67.222.18.130]
over a maximum of 30 hops:

1 1 ms 1 ms 1 ms DD-WRT [192.168.10.1]
2 8 ms 26 ms 5 ms 10.180.64.1
3 7 ms 6 ms 6 ms swc04aldlmi-gbe-2-1.aldl.mi.charter.com
[96.34.3
6.12]
4 6 ms 6 ms 6 ms
crr01aldlmi-tge-0-1-0-6.aldl.mi.charter.com [96.
34.32.13]
5 10 ms 10 ms 16 ms
edr01aldlmi-tge-0-0-1-0.aldl.mi.charter.com [96.
34.32.29]
6 13 ms 14 ms 13 ms 64.127.129.9
7 66 ms 65 ms 68 ms sjc-ten6-3-chi-ten3-1.wvfiber.net
[64.127.129.62
]
8 86 ms 77 ms 78 ms la-ten3-1-sjc-ten6-4.wvfiber.net
[66.186.192.57]

9 78 ms 76 ms 78 ms net2ez.any2ix.crgwest.com
[206.223.143.38]
10 86 ms 76 ms 76 ms 64.93.64.145
11 77 ms 76 ms 76 ms cr01-1-1.lax6.net2ez.com [64.93.64.30]
12 78 ms 76 ms 78 ms la-gw.privatesystems.net [72.172.66.10]
13 77 ms 87 ms 77 ms vz34-la.privatesystems.net
[67.222.15.134]
14 * * * Request timed out.
15 * * * Request timed out.
16 * * * Request timed out.
17 * * * Request timed out.

And here’s a trace from a place that can access your site:

Tracing route to manobanweb.com [67.222.18.130]…

hop
rtt
rtt
rtt

ip address
fully qualified domain name

1
1
3
4

70.84.211.97
61.d3.5446.static.theplanet.com

2
0
0
0

70.87.254.1
po101.dsr01.dllstx5.theplanet.com

3
0
0
0

70.85.127.105
po51.dsr01.dllstx3.theplanet.com

4
0
0
0

70.87.253.13
et5-1.ibr04.dllstx3.theplanet.com

5
1
0
0

63.218.23.25
ge5-3.br02.dal01.pccwbtn.net

6
35
35
35

63.218.73.50
avanz.ge5-7.br01.lax05.pccwbtn.net

7
33
33
33

64.93.64.65
br01-1-2.lax4.net2ez.com

8
36
37
36

64.93.64.30
cr01-1-1.lax6.net2ez.com

9
37
36
36

72.172.66.10
la-gw.privatesystems.net

10
36
36
36

67.222.15.134
vz34-la.privatesystems.net

11
36
36
36

67.222.18.130
host.manobanweb.com

You tell me whats going on, because from what I can see, it looks like
something on your end is blocking my IP. I can access your site fine
from other internet connections.

-Michael
==========

MBW – A.H.
Wednesday, May 27, 2009 @ 03:14 EDT:
Michael,

Our servers are loaded in our standard config and your IP address has not been blocked.
==========

Gizmokid2005.com
Wednesday, May 27, 2009 @ 09:14 EDT:
I don’t know what to say…maybe it was done without your knowledge.

But my traceroute dies at host.manobanweb.com, that’s where I start to time out. This is something on your network that is preventing a connection to your servers…

I don’t know what other proof you want that it’s on your network, but my traceroute blatantly shows it dies on your network.

-Michael
=============================

And there you have it, that’s the ticket as it stands so far.

Since I have written this, MBW has managed to get my access to their network back up and running so I can access everything again. They have also unblocked my account and have unsuspended it. I have heard nothing from the FBI nor any other agency. I am currently still diligently looking for a new host.

Quick Summary:

Last week on Tuesday, May 19, 2009 I tried to upload files to my website via FTP for a project I was working on, and couldn’t log in. I kept getting a password error. I logged into my account at MBW and noticed that my password had been reset to my cPanel hosting manager which in turn manages my FTP password. After I reset my password I was able to login to my FTP, but I noticed that there were some new files in my hosting. Seeing this I logged into my cPanel hosting manager and noticed that the last login was NOT from my IP address, and infact came from an IP address in Nigeria. I IMMEDIATELY reported this incident to MBW in ticket #449209. I told MBW where the files where, actually gave them the content of the files in the ticket so that they had the information, I also moved the files so that they could not longer be accessed via the web. MBW said that they installed a new firewall, and contacted the African Network Information Center regarding this incident. I thought all was fine until a few days later.

On Friday, May 22, 2009 I noticed that there was ANOTHER issue at hand. I logged into my cPanel and noticed the last login was NOT my IP again. I immediately contacted MBW and they said that they are looking into it again. They also said that they are setting up a more secure server and moving my account to it. I had removed the files that I found uploaded again, also letting MBW know what they were and where, AGAIN. They transferred my server over later that day, and said they removed some more files they had found that I missed as well as some DNS entries. At this point I changed my password from an 11 alphanumeric character password to a 31 alphanumeric password to ensure that it wasn’t compromised. I did notice that my FTP login only required EIGHT of the 31 characters to login. Just the first eight would allow a login, and anything after that would not matter in the slightest. I let them know that and they seemed to have ignore it. Except for the FTP password issue, I figured at this point they found the issue, and took care of it. Fast forward to Monday, May 25, 2009. I log into my cPanel and I don’t see anything out of the ordinary but I checked my “Recent Visitors” stats again and noticed that there was something new on my site. My account’s FTP access was accessed/hacked and more files were uploaded. I noticed in the same directory those files were in there were files added previously on the 19th that nobody had noticed. I move ALL of those files out of the public access area again and let MBW know what was going on. I also reiterated the fact that my FTP was able to login with only the first eight characters of my password and they said that was not normal and they were going to open up a ticket with cPanel to have that looked into. That was the evening of Monday, May 25th. Today, May 26, I received a notification from them that my hosting was suspended and they weren’t going to do anything else because the FBI requested my details regarding this incident.

I didn’t write this, I just found it, and found it VERY appropriate and so true.  Enjoy!

1. They will always smell good even if its just shampoo
2. The way their heads always find the right spot on our shoulder
3. How cute they look when they sleep
4. The ease in which they fit into our arms
5. The way they kiss you and all of a sudden everything is right in the world
6. How cute they are when they eat
7. The way they take hours to get dressed but in the end makes it all worth while
8. Because they are always warm even when its minus 30 out side
9. The way they look good no matter what they wear
10. The way they fish for compliments even though you both know that you think she’s the most beautiful thing on this earth
11. How cute they are when they argue
12. The way her hand always finds yours
13. The way they smile
14. The way you feel when you see their name on the call ID after you just had a big fight
15. The way she says “lets not fight anymore” even though you know that an hour later you will be arguing about something
16. The way they kiss when you do something nice for them
17. The way they kiss you when you say “I love you’
18. Actually … just the way they kiss you…
19. The way they fall into your arms when they cry
20. Then the way they apologize for crying over something that silly
21. The way they hit you and expect it to hurt
22. Then the way they apologize when it does hurt . (even though we don’t admit it)!
23. The way they say “I miss you”
24. The way you miss them
25. The way their tears make you want to change the world so that it doesn’t hurt her anymore…..

Yet regardless if you love them, hate them, wish they would die or know that you would die without them … it matters not. Because once in your life, whatever they were to the world they become everything to you. When you look them in the eyes, traveling to the depths of their souls and you say a million things without trace of a sound, you know that your own life is inevitably consumed within the rhythmic beatings of her very heart. We love them for a million reasons, No paper would do it justice. It is a thing not of the mind but of the heart.

PERFECT parody of Abbott and Costello!

YouTube – Apple or Microsoft.

Specs:

AMD Phenom II x4 920 @2.8GHz

4GB DDR2-1066 (PC2-8500)

Sapphire HD4870 – 1GB GDDR5

Raidmax 630W Modular PSU

2x ASUS Sata 22x DVD+/-RW

250GB WD SATA (Windows), 320GB WD SATA (Secondary/Apps), 1TB Samsung SATA (Backups)

2x 19″W ASUS LCD Monitors

The Most EPIC Drive-thru video I’ve EVER seen!

YouTube – Fast Food Folk Song at the Taco Bell Drive-Thru.

YouTube – HOME BUILT TANK DESTROYS TOWN The Rooster.

So, I’ve been meaning to write this update for about 3.5 weeks now…and I figure its about time that I do that…where to start..there is so much to update about…

Lets start first off with the whole trailer thing.  I did finally manage to get a trailer.  I hadn’t talked about this one at all in any of my previous blogs.  I had come across this one as it was on my way home through the park.  It was originally listed on sale for $4500, so I didn’t even think to look twice at it.  Now it was listed for quite a while and it didn’t look like a half bad place, but i didn’t know much about it or the guy that owned it.  Well, after a while I noticed that it had gone from being listed at $4500, to Make Offer.  So that piqued my interest very quick.  I looked at the place and it was trashed…I mean, livable trashed, but this guy lived here…alone, as a bachelor, for more than 10 years…there was ONE path from one end of the trailer to another…and it was CLUTTERED, DIRTY, SMELLY, DUSTY, and just yuck.  So yeah, I bet you can imagine just a little bit what it was like.  The guy told me that he was going to just turn the title in to the park at the end of the month if he doesn’t have it sold by then.  So I figured, to help him out, I’d offer him $200 and he could also get his security deposit back from the park, so he’d at least have $500 leaving the park instead of losing his security deposit and not getting anything from selling this place.  Well, he decided that wasn’t good enough and wanted at least $500 for it.  He was going to turn it in to the park anyways at the end of the month, so I basically told him to shove it and I’d wait.  So he moved out, and at the beginning of the next month I got in and started cleaning…and OMG…I didn’t know someone could live like he did…it was dirty and nasty and just ewww.  I was pretty much in awe at how he was living in this place.  I did manage to get moved in at the beginning of August.  It was really cool because I didn’t have to start paying rent until September because the title couldn’t be put in my name as the park was still waiting for the lost title to come back from SOS.  Another funny thing about that, I wound up not having to pay my gas bill until after October, because apparently, even though I setup an account and a start service with the gas company, because the previous owner never stopped the gas service in his name he was responsible for the bill and they were going to hold him accountable.  So that was a plus.  All in all, I like this place.  There hasn’t been much to complain about this place.  I needed a new faucet in the kitchen, and I need to replace the floor in the hallway.  There are a few small things I’d like to do, but not much.  I had to buy medicine cabinets and a fridge.  I’d like to get new toilets and faucets in the bathrooms and tub.  But other than that, things are well.  Its nice to have something that I can call my own and nobody else can tell me what I can or can’t do with it.  The only issue i’ve had, was I had to replace the burner and gas valve in my furnace because the gas valve had died and I couldn’t get a replacement because the furnace is so old.  It was only by luck I found another furnace that had the exact same burner that I needed and would fit my furnace.  Only $50 too

So, I moved out on my own into my own place   I’ve also made a few other changes.

I picked up a second job.  So now on top of working at Iserv, I also work for Coopersville Emergency Services.  So, what I do is basically I do traffic control, canteen service for fires, and storm watch.  All in all it’s fun.  Haven’t had too many fires to attend to, it hasn’t been bad.  I do enjoy doing it, plus I get paid for it too.  I wasn’t expecting that, but it’s nice. 

Mikelann and I aren’t together anymore.  She wasn’t happy here, she missed home too much, and I wasn’t going to make her stay out here just for me, its not the right reason to do it.  So her and I broke it off and she moved back home.  Best for all, and I’ve got not hard feelings, no regrets either.  Live and learn.  Everything happens for a reason.

More exciting news!!!

Nicole and I started dating.  1/1/09   This woman, is amazing.  She really, honestly, truly is.  She makes me the happiest I’ve ever been.  I’ve never felt this way about anyone before.  Ever.  It’s just completely amazing.  Everything with her is just so right, so perfect.  Even the mundane tasks of everyday life are fun to do, cleaning, shopping, etc.  I’m so in love with her, it’s unbelievable.  I mean, even love seems to disgrace what her and I share.  I truly honestly see her as the woman I marry.  I’m pretty fairly sure that I’m going to marry her.  We haven’t even been dating for a month yet, but we’ve known each other for more than 3 years, and we were BEST friends before we even thought about this…I mean, she’s been moved in 2 weeks already.  Life is amazing.  I’m sooo happy with her, it’s so hard to describe.  It’s just. PERFECT.  That’s the best I can describe her and I.

I think that’s going to be it for the update for now.  TTFN

’til next time

~Michael

Are you aware that Jeff Foxworthy is now picking on Michigan?
Read on. (pretty funny and accurate!!)

• If you consider it a sport to gather your food by drilling through 18 inches of ice and sitting there all day hoping that the food will swim by, you might live in Michigan.
• If you’re proud that your region makes the national news 96 nights each year because Pellston is the coldest spot in the nation, you might live in Michigan
• If your local Dairy Queen is closed from November through March, you might live in Michigan.
• If you instinctively walk like a penguin for five months out of the year, you might live in Michigan.
• If someone in a store offers you assistance, and they don’t work there, you might live in Michigan.
• If your dad’s suntan stops at a line curving around the middle of his forehead, you might live in Michigan.
• If you have worn shorts and a coat at the same time, you might live in Michigan
• If your town has an equal number of bars and churches, you might live in Michigan.
• If you have had a lengthy telephone conversation with someone who dialed a wrong number, you might live in Michigan.

Part 2 – You know you’re a true MICHIGANIAN/ MICHIGANDER when:

1. ‘Vacation’ means going up north on I-75.

2. You measure distance in hours.

3. You know several people who have hit a deer more than once.

4. You often switch from ‘heat’ to ‘A/C’ in the same day.

5. You can drive 65 mph through 2 feet of snow during a raging blizzard,
without flinching.

6. You see people wearing camouflage at social events (including weddings).

7. You install security lights on your house and garage and leave both
unlocked.

8. You carry jumper cables in your car and your girlfriend knows how to use
them.

9. You design your kid’s Halloween costume to fit over a snowsuit.

10. Driving is better in the winter because the potholes are filled with snow.

11.. You know all 4 seasons: almost winter, winter, still winter and road
construction.

12. You can identify a southern or eastern accent.

13. Your idea of creative landscaping is a statue of a deer next to your blue
spruce.

14. You were unaware that there is a legal drinking age.

15. Down South to you means Ohio.

16. A brat is something you eat.

17. Your neighbor throws a party to celebrate his new pole barn.

18. You go out to fish fry every Friday.

19. Your 4th of July picnic was moved indoors due to frost.

20. You have more miles on your snow blower than your car.

21. You find 0 degrees ‘a little chilly.’

22. You drink pop and bake with soda.

23.. Your doctor tells you to drink Vernors and you know it’s not medicine.

24. You can actually drink Vernors without coughing.

25. You know what a Yooper is.

26. You think owning a Honda is Un-American.

27. You know that UP is a place, not a direction.

28. You know it’s possible to live in a thumb.

29. You understand that when visiting Detroit , the best thing to wear is a Kevlar vest.

30. You actually understand these jokes, and you forward them to all your Michigan friends!

I wish everyone a Merry Christmas and a Happy New Year!!  Stay Safe out there!!

HAPPY HOLIDAYS!!!