PlunderHere and AlsoShop: A Web of Privacy Violations, Backstabbing, and Deceit

[BellisimaJ.]

"24 hours" must be 24 Pirate Hours not regular hours.  Pirate hours are longer and have 360 minutes.

 

[Dixie_Amazon]

  I didn't see anything on the forums either.
 

[regic]

Plunderhere.com has been moved from AQRay's server at ThePlanet to iWeb not Rackspace,  Plunderhere.eu was moved to Rackspace last week and is still there.   Maybe after paying for 1 month at Rackspace Mark decided he couldn't afford RackSpace's high rates and decided to go with the cheapo host iWeb (who have a horrendous customer service record).  If so, the PH.eu site will  be moving again in a few weeks to iWeb, and based on iWeb's track record Plunderhere.com and .eu users can look forward to prolonged outages in the future.

plunderhere.com.   SOA   IN   86400   Primary DNS server: ns1.plunderserve.com.
Responsible Name: ray@auctionquests.com.
Serial: 2008030802
Refresh: 86400 (1d)
Retry: 7200 (2h)
Expire: 3600000 (5w 6d 16h)
Minimum/NegTTL: 86400 (1d)
plunderhere.com.   NS   IN   86400   ns1.plunderserve.com.
plunderhere.com.   NS   IN   86400   ns2.plunderserve.com.
plunderhere.com.   A   IN   14400   67.205.96.153
plunderhere.com.   A   IN   14400   67.205.96.153 <--IP owned by iWeb not Rackspace

67.205.64.0-67.205.127.255 IWEB-BLK-04
67.205.96.151   ip-67-205-96-151.static.privatedns.com   PTR   A?      
ns1.plunderserve.com      A      
plunderserve.com      A      

Hello 67.205.96.153 and 67.205.96.151 are iWeb not Rackspace!  Montreal's iWeb=iCrap.  If your server goes down after 5 PM on Friday it will stay down until Monday morning.

13   62   49   *   49 ms [+0ms]   
    
   206.82.135.26 AS6453
GLOBEINTERNET    g9-1.cl-core04.teleglobe.mtl.iweb.com.    -1 miles [+0] 0 miles [+0]    243   CA   Unix: 2:09:16.465
14   49   49   *   49 ms [+0ms]   
    
   67.205.127.122 AS1660
ANS-CORP-NY    te8-2.v0707.cl-car07.mtl.iweb.com.    -1 miles [+0] 0 miles [+0]    241   CA   [Router did not respond]
15   62   49   *   49 ms [+0ms]   
    
   67.205.96.153 AS1660
ANS-CORP-NY   
[Reached Destination]ip-67-205-96-153.static.privatedns.com.    -1 miles [+0]    50   CA   Unix: 2:09:15.658

   
    

   64.39.2.33 AS10532
RACKSPACE    vl130.core1.sat.rackspace.com.    -1 miles [+0] 0 miles [+0]    245   US   [Router did not respond]
8   11   11   *   11 ms [+0ms]   
    
   64.39.2.74 AS10532
RACKSPACE    vl903.aggr3.sat.rackspace.com.    -1 miles [+0] 0 miles [+0]    244   US   [Router did not respond]
9   11   *   *   11 ms [+0ms]   
    
   65.61.140.175 AS10532
RACKSPACE   
[Reached Destination]plunderhere.eu [No PTR]       52   US   Unix: 2:10:45.894

Using 0 day old cached answer (or, you can get fresh results).
Hiding E-mail address (you can get results with the E-mail address).

Groupe iWeb Technologies inc. IWEB-BLK-04 (NET-67-205-64-0-1)
                                  67.205.64.0 - 67.205.127.255
iWeb Dedicated CL IWEB-CL-T073-02SH (NET-67-205-96-128-1)
                                  67.205.96.128 - 67.205.96.159

# ARIN WHOIS database, last updated 2008-05-11 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.

[regic]

EDIT:  betcha this is the "Core 2 Quad with a Terabyte of space" Mark was talking about: the $199 monthly "terabyte power server".  FYI,  RackSpace would have cost him $600-$1000+ and RackSpace's Quad Core servers are Xeons not Core 2s .
http://www.iweb.com/dedicated/power-servers/

[regic]

2 notes for Mark:

1. CPanel is for tards.  Any halfway competent server administrator who is planning on hosting only their own sites on a dedicated server avoids CPanel and Plesk because they limit your flexibility because of the changes they make to your server's configuration. Real women use Webmin or the command line not CPanel.

2.  While you're at it, how about updating your outdated vBulletin v3.68 with its CSRF security hole to either 3.68.10 or the current 3.70 version -- or is upgrading a forum beyond your limited technical skills?

3.68 and v3.69 contain a a CSRF cross-site request forgery vulnerability.

Advisory issued on April 23rd.  Mark must not take his forum users' security very seriously since he chose to ignore the alert

The CSRF problem potentially enabled an administrator who had been lured to a third-party site to unknowingly submit forms located on the forum he or she administers, resulting in potential damage to the forum. Actions performed via the Admin Control Panel are not vulnerable.

The fix for the CSRF issue involves many files and many templates, so unfortunately it is not feasible to produce a patch or a plugin to address the problem. Only a full-scale update will work.

We recommend that customers running versions of vBulletin older than 3.6.10 upgrade as soon as possible.

http://www.vbulletin.com/...268123&highlight=csrf

EDIT: add AlsoShop (using the vulnerable vBulletin v 3.69) to the list of sites that don't place a high premium on user security.

[regic]

You are right, we tried Rackspace as a cluster but
it will not work for us unfortunately due to the way
our database runs and it's size.

OMFG ROTFLMFAO

Enterprise class Rackspace can't meet his needs but small business orientated boinktards iWeb can.  He should win an award for his ability to bullsh.it.

 

The database on PH is not that large.  Fellow RScript user Wagglepop's database is even larger and they have no problems running their site on a P4 at Ezzi...if you want to see a large database (4GB) go look at our GoSearchFor directory with its 4.7 million listings and 750,000 categories (which by the way, we moved to a new server in under an hour in March).

[bargainbloodhound]

a. Do you think he would have told his users about iWeb if he hadn't been busted tonight?  As recently as Friday he was still pretending the site was moving to Rackspace.

b.

You are right, we tried Rackspace as a cluster but
it will not work for us unfortunately due to the way
our database runs and it's size.

Sneaky needs to add that quote to her Moron Hall of Fame.


edited to add:

The database on PH is not that large.

The fact that the databases for Plunderhere, AuctionQuests, AlsoShop, and several dozen other sites were able to run on the same shared server should be the first clue that PH's database isn't nearly as large as Mark is claiming.

[sneakymagenta]

You are right, we tried Rackspace as a cluster but
it will not work for us unfortunately due to the way
our database runs and it's size.

Sneaky needs to add that quote to her Moron Hall of Fame.

Bridge for Sale, Real Cheap.  Cash Payments Only. Send Unmarked Bills to Sneaky's PO Box 

[amy]

Whoo hoo! That error page on the new server at iWeb loads fast!

Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator, webmaster@plunderhere.com and inform them of the time the error occurred, and anything you might have done that may have caused the error.

More information about this error may be available in the server error log.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
Apache/1.3.41 Server at plunderhere.com Port 80

They have another problem: the forum on the new server is using a backup from December 2007
http://plunderhere.com/community/

ANNOUNCEMENTS
!Forum description
   
News, Features, Updates & More
Keep current with important and exciting news and events.
   
Plundy's Big Adventure Update...
by Mojavelyn
11-23-2007 08:41 AM Go to last post
   21    682
   
Press Release / Media Announcements
Press Releases and Media Announcement Area.
   
Alexa Ranking
by xxxxxxxxxxxxxxxxx
08-07-2007 12:53 PM Go to last post
   4    31
   
Newsletter
Our Newsletter issues, suggestions and comments area.
   
Newsletter by e-mail
by xxxxxxxxxxxx
10-28-2007 12:00 PM Go to last post

   

[regic]

Whoo hoo! That error page on the new server at iWeb loads fast!

One of the new features that Plunderhere users can look forward to with the server move is an old version of Apache that lacks many of the features of the current Apache release.  The new server is using the ancient  1.3.41 version of Apache while the old server used the more recent 2.2.26 version.

The internal server error could be caused by the differences between the mod_rewrite rules on v2.2.x and v1.3.x or it could be a result of the moron not setting the file permissions correctly.

HTTP/1.1 301 Moved Permanently Date: Mon, 12 May 2008 06:32:56 GMT Server: Apache/1.3.41 (Unix) PHP/5.2.5 mod_perl/1.30 mod_log_bytes/1.2 mod_bwlimited/1.4 mod_ssl/2.8.31 OpenSSL/0.9.8b Location: http://www.plunderhere.com/auction/cgi-bin/Auction Transfer-Encoding: chunked Content-Type: text/html

HTTP/1.1 200 OK Date: Mon, 12 May 2008 06:34:44 GMT Server: Apache/2.2.6 (Unix) mod_ssl/2.2.6 OpenSSL/0.9.7a mod_auth_passthrough/2.1 mod_bwlimited/1.4 PHP/5.2.5 X-Powered-By: PHP/5.2.5 Set-Cookie: PHPSESSID=d9afe2de3779de97e84a67649e18da2b Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Transfer-Encoding: chunked Content-Type: text/html

[mandy]

2.  While you're at it, how about updating your outdated vBulletin v3.68 with its CSRF security hole

If he insists on using cpanel, I'd also suggest updating it to the current version 11.18.6 

cpsrvd/11.18.3 Server at pbox.plunderserve.com

The new server is using the ancient  1.3.41 version of Apache while the old server used the more recent 2.2.26 version.

I wonder if he's also being forced to do a regression from MySQL to 5.x to 4.1.x?

it could be a result of the moron not setting the file permissions correctly.

If he had followed our 3-step guide to server moves he wouldn't need to reset permissions on the new server - the old permissions would transfer over when he untarred the site backup file on the new server.

The 500 error could also be a result of the fool FTPing files in binary mode instead of ascii..

The source of the problem could easily be discovered by looking at the site's error logs.

Whoo hoo! That error page on the new server at iWeb loads fast!

His downtime would have been limited to a few minutes if he had taken us up on our offer a few pages back in this thread to move the site for free. 

[sneakymagenta]

MORON ALERT!

I could care less what Plunderhere uses just as long as the auction site improves the functions and ease, doesn't charge listing fee's and draws buyers. Mark is pouring lots and lots of time and money into Plunderhere and I'm sure he is going to get the most "BANG FOR HIS BUCKS" as he can get.

"SALES, SALES, SALES"! If you want Rackspace then stay off of Plunderhere. Rackspace or IWeb? Who cares! They both work.

"SALES, SALES, SALES"

$199 monthly for a server is lots and lots of money?
$6400 monthly split up among 470 storeowners is SALES SALES SALES?

I have a bridge for this one too. 

[regic]

last night:

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
Apache/1.3.41 Server at plunderhere.com Port 80

this morning:

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8b mod_bwlimited/1.4 mod_perl/2.0.4 Perl/v5.8.8 Server at www.plunderhere.com Port 80

They upgraded Apache this morning from 1.3.x to 2.0.x but it still didn't fix the problem.  Why the idiots chose to upgrade to 2.0.x instead of the newer 2.2.x version that their old site on AQ Ray's server was using is a mystery.

EDIT: They also switched IPs this morning from 67.205.96.153 to 67.205.96.151.

[bargainbloodhound]

--BEGIN SEMI-OFF TOPIC RANT--

Since Plunderhere is down and shows no signs of returning anytime soon, I thought I'd veer off topic and followup on Regi's statements about why CPanel sucks.

This blog writer states several of the reasons:

reason #1, it screws up your server's configuration:

First, cPanel sucks. It handles faults poorly, puts software in nonstandard places, can slow the server down majorly while doing backups and other simple tasks, makes the configuration files in many cases unreadable/editable by humans, … I could go on for days

reason #2, it has created an entire generation of clueless web hosts who don't know the first thing about Linux or administering a Linux server and are helpless if something goes wrong with CPanel:

The third thing that’s sad is that it’s created a generation of “system administrators” and “hosting company operators” who don’t know the first thing about administering a linux box, and are helpless when cPanel eventually wombat poo poos the bed and folds in upon itself like the house of cards it is. One of my customers’ system admins was cussing at me via instant messenger the other day. His complaint: Now that I’ve pointed out to him how many bad things cPanel does, he actually has to learn how things should work and how to do them quickly the hard way.

reason #3: Another reason from a commentator on that blog.  CPanel is slow to add operating system and other security fixes and this slowness puts users at risk of a data breach:

Just the inablilty to apply security patches alone is enough to never use this stuff. If you have any real business going on and not just a content site, you need to never use this stuff.

To add to that commentator's statement, if you install a script using Fantastico, hackers everywhere will love you because the developers of Fantastico are 10X slower than CPanel's developers when it comes to fixing security vulnerabilities in the scripts distributed with Fantastico.  The odds are the script you install from CPanel will not be the latest version that is available on the scriptwriter's website.

full blog post: http://www.karlkatzke.com...rnate-title-cpanel-sucks/

63,300 more reasons why cPanel sucks: http://www.google.com/sea...cial&client=firefox-a

--END OF SEMI OFF TOPIC--