FEDERAL BUREAU OF INVESTIGATION SEEKING TO WIRETAP THE INTERNET.

ROBERT MUELLER III
EXECUTIVE DIRECTOR FBI
FEDERAL BUREAU OF INVESTIGATION FBI.WASHINGTON DC.
Email: fbi.state-gov@live.com
FBI SEEKING TO WIRETAP INTERNET
FEDERAL BUREAU OF INVESTIGATION SEEKING TO WIRETAP THE INTERNET.

Attn: sir,

We believe that this notification meets you in a very good present state of mind and health. We the Federal bureau of investigation (FBI) in conjunction with some other relevant Investigation Agencies here in the United states of America have recently been informed through our Global intelligence monitoring network that you presently have a transaction going on with you and Dr Usman Shamsudeen as regards to your payment which was fully endorsed in your favor accordingly.

They further informed us that we should warn our dear citizens who must have been informed of the payment, which was awarded to them from the Dr Usman Shamsudeen, to be very careful prior to these irregularities so that they don’t fall victim to this ugly circumstance. And in case you are already dealing with anybody or office claiming to be from the Central Bank of Nigeria, you are further advised to STOP further contact with them in your best interest and then contact immediately the real office of the Offices only with the below information’s accordingly:

Dr Usman Shamsudeen
Email: drusman_shamsudeen31@yahoo.dk
TEL: +234- 702-542-8716

NOTE: In your best interest, any message that doesn’t come from the above official email address and phone numbers should not be replied to and should be disregarded accordingly for security reasons. Meanwhile, we will advise that you contact the Dr Usman Shamsudeen office immediately with the above email address and request that they attend to you payment file as directed so as to enable you receive your fund accordingly.

Ensure you follow all their procedure as may be required by them as that will further help hasten up the whole procedures as regards to the release of your fund to you as designated. Also have in mind that the Dr Usman Shamsudeen equally has their own protocol of operation as stipulated on there banking terms, so delay could be very dangerous. Once again, we will advise that you contact them with the above email address and make sure you forward to them all the necessary information’s which they may require from you prior to the release of your fund to you accordingly.

All modalities has already been worked out even before you were contacted and note that we will be monitoring all your dealings with them as you proceed so you don’t have anything to worry about. All we require from you henceforth is an update so as to enable us be on track with you and the Dr Usman Shamsudeen. Without wasting much time, will want you to contact them immediately with the above email address so as to enable them attend to your case accordingly without any further delay as time is already running out.

If you are in need of any more information’s in regards to this notification, feel free to get back to us so that we can brief you more as we are here to guide you during and after this project has been completely perfected and you have received your fund as stated. Thank you very much for your anticipated co-operation in advance as we earnestly await your urgent response to this matter.

BEST REGARDS
Robert S. Mueller III
Federal Bureau of Investigation
J. Edgar Hoover Building
935 Pennsylvania Avenue,
NW Washington, D.C.
20535-0001, USA
Email: fbi.state-gov@live.com

CONFIDENTIALITY NOTICE: This communication and its attachments may contain non-public, confidential or legally privileged information. The unlawful interception, use or disclosure of such information is prohibited. If you are not the intended recipient, or have received this communication in error, please notify the sender immediately by reply email and delete all copies of this communication and attachments without reading or saving them.

BEST REGARDS

Robert S. Mueller III
Federal Bureau of Investigation
J. Edgar Hoover Building
935 Pennsylvania Avenue,
NW Washington, D.C.
20535-0001, USA

CONFIDENTIALITY NOTICE: This communication and its attachments may contain non-public, confidential or legally privileged information. The unlawful interception, use or disclosure of such information is prohibited. If you are not the intended recipient, or have received this communication in error, please notify the sender immediately by reply email and delete all copies of this communication and attachments without reading or saving them.

Ohhh, I love it.

Yeah, because the FBI always works “in conjunction with some other relevant Investigation Agency here in the United states of America” and because the FBI is very interested in seeing that I get *my* money, and because the FBI always emails and inquires about your health rather than busting down doors, AND because the FBI always uses a live.com email address… rofl!!

You Have One New Private Message.

To view your message, please download the form attached to this email and open it in a web browser.

Thank you, Pay,Pal.

And a file – PP-ACC.html – was attached.

There’s no virus in the file or anything like that but if you download it and run it, you’re presented with a contact form, of sorts:

So it looks pretty professional, but it’s running from your hard drive and if you fill out the form and submit it, it uses http://sosetephpone.com/tmp/bar-on.php or possibly http://sosetephpone.com/tmp/netsol-form.php to process. So if you send the form through, you’re sending all your info to those people – then you’re redirected to PayPal’s About Us page. (I did send the form through with false information telling them how much they sucked after removing the verification part of the code from the html so it would send through whatever I want. Otherwise, it tries to prompt you to enter in a valid pin, etc.)

Of course, we know from the email itself that this is NOT from PayPal. Remember, you can always tell right away because PayPal will ALWAYS ALWAYS address you as Dear First Name Last Name….

If you got this email, just spam it and/or delete it. And don’t fret, they don’t have your info already!

This has been another public service announcement, brought to you by the letters S, F, and the number 4.

There’s a scammer out there who wants my PayPal login information! The only link in this email is a supposed “cancel this transaction link” and, strangely enough, it currently doesn’t point to a PayPal wannabe site as is typical of these emails. The link points to resultagreeent.tk, but visiting that site gives me a, “yes, this domain has already been registered,” notice and that’s about it. The thing about this guy is not just that he’s a spammer but apparently a stupid one. How can he possibly benefit from sending out these emails?

Typically these emails contain links to PayPal look-alike sites that are only set-up to steal your login information and from there your balance, credit card info, etc. So don’t click those links! They may be disguised inside of domain names, stupid things like, my–paypal–com.info or something, or they may be IP addresses and just look like random numbers, or they could be anything. I’ve heard tale of a certain get-a-phone-call-from-Santa website out there hosting PayPal scams, actually… If you are ever unsure about the veracity of a PayPal email, go to your PayPal account by typing in the address in your browser, not clicking email links!

But take a look at the email, if you’ve gotten one. Whenever you get an email that claims to be from PayPal, always look first at who is addressed. If it says, “dear Member,” like this one does, then delete it – it’s completely fake and you have nothing to worry about. A valid PayPal email will always, always, always greet you by your first and last names!

Now, that right there is enough evidence, but there is one other thing I notice about this email. In fact, I notice it before seeing the whole “dear member” thing. They hid the “to” field. My address and name are not listed as being who the email is to.

There are many more, what do YOU see? :)

This morning, the first thing I saw in my email box was a trackback to my most recent entry (which, btw, I was on the way to make private). Visiting this site, I was presented with my whole entry, complete with every little word I wrote, every page I linked to. Looking at the bottom of the page for a comment form or contact information, I found one, but also found links to other entries of mine. It lists 440 total. They ripped off my whole site!

And not only this, but they plaster the website with Google ads. (Oh, trust me, as soon as I finish this post, I’m contacting Google. They also have a Gmail login box from their main page.)

Yes, they do link back to my site with the titles, but only because they stole my complete HTML and that’s what my site does: links to itself. And since they ripped off my complete HTML, they also have my Flickr photos on there. That, also, really ticks me off. Those photos are not to be used by anyone who’s not friend/family, and here they have not only stolen photos of my kid, but hotlinked them as well. Therefore, if I hadn’t been using Flickr for all my photos (or nearly all), they would be stealing my bandwidth as well. Along these lines, as well, they are violating Flickr’s terms by using these photos and not linking back to the photo’s page on Flickr as is required by the tos. They are also doing with Flickr photos from everyone what they are doing with blog content. They have a search where you end up searching Flickr photos and then each one has its own page at bitacle.org before you can get to the actual Flickr page. Furthermore, they want you to Digg the articles on bitacle.org rather than the real, true website. How sneaky/suspicious is that!?

Their “sitemap” is a list of sites they have ripped off with links to those posts within bitacle.org, not the true blog.

To top it all off? At the bottom of each page is a Creative Commons license! My blog is not Creative Commons, I have never said it was, I honestly never will. It’s my personal blog site, it is licensed All Rights Reserved and NO ONE has permission to reprint it, especially without asking, and especially in whole part like this!

There’s a “help” link at the bottom, that gives no help at all. Here’s what some of their questions, answers are (since they ripped off my content, I can rip off theirs):

#1 – What is ‘Bitacle Search Cache’?

‘Bitacle Search Cache’ it’s the specific technology for blogs developed by Bitacle.

Bitacle has faith in the autoedition publishing phenomenon that supposes the use of blogs. We hoped that ‘Bitacle Search Cache’ help our users to explore the universe of blogs of more effective way, and perhaps obtains that many users follow this revolution. As much if it’s looking for books, political commentaries, travels or any other thing. ‘Bitacle Search Cache’ allows you to find what the others think about any subject that you wish to inquire.

Our index of blogs is updated constantly to always obtain the most precise and updated results. In addition we look for blogs written in French, Italian, German, Spanish, Chinese, Korean, Portuguese, Japanese and other languages.

#3 – What type of blogs are inlcuded in the search?

All blogs that has a feed. This it can be RSS or Atom.

#7 – What happens if I don’t wish to appear in the list?

If you doesn’t publish feed, it won’t be included in the blog’s search. Nevertheless, if you previously has published feed of the site that was indexed, the old entrances will remain in the index, although the new ones aren’t added.

The blog search don’t follow the archives ‘robots.txt’ or META labels like NOINDEX, NOFOLLOW.

Reminiscent of Stalker Girl, these guys actually want me to block all search engines via Meta tags to keep out their sticky fingers? Ha, little do they know.

Solution?

Step #1, I emailed them (not from my “real” address):

It has come to the attention that you have ripped off content from my ENTIRE website, spoken-for.org. Some examples:

http://en.bitacle.org/blogs/viewblog/-txl7did0/440

http://en.bitacle.org/blogs/viewblog/-txl7did0/439

http://en.bitacle.org/blogs/viewblog/-txl7did0/1

The list goes on and on.

My blog is NOT Creative Commons and you did and do NOT have permission to reprint it. There’s a reason those posts can only be found at spoken-for.org – I WANT IT THAT WAY. You have also stolen my photos which are licensed All Rights Reserved and not allowed to be used by ANYONE, especially the likes of you.

This is your official notice to remove any and all of my posts, IMMEDIATELY, or I will be having a chat with your host and then taking legal action.

Thank you,
valerie

I doubt I’ll receive a response, of course.

Secondly, Owen has written me a little script and made some htaccess rewrite rules so that these idiot people should only be able to access a bad feed saying they’ve stolen information, etc. Thanks, Owen. :)

UPDATE: Check out Owen’s post on this, and if you’re a WordPress user, download his new plugin that will do the same thing I mentioned above for you!

For reference to you all out there, this is what was in my access logs:

212.22.59.251 – - [01/Sep/2006:09:17:08 -0400] “GET /feed/ HTTP/1.1″ 200 47584 “http://bitacle.org” “Bitacle bot/1.1″
212.22.59.251 – - [01/Sep/2006:18:16:23 -0400] “GET /feed/ HTTP/1.1″ 200 47591 “http://bitacle.org” “Bitacle bot/1.1″
212.22.59.251 – - [02/Sep/2006:04:19:21 -0400] “GET /feed/ HTTP/1.1″ 200 47961 “http://bitacle.org” “Bitacle bot/1.1″
212.22.59.251 – - [03/Sep/2006:03:43:18 -0400] “GET /feed/ HTTP/1.1″ 200 47570 “http://bitacle.org” “Bitacle bot/1.1″
212.22.59.251 – - [04/Sep/2006:03:42:23 -0400] “GET /feed/ HTTP/1.1″ 200 45858 “http://bitacle.org” “Bitacle bot/1.1″
212.22.59.251 – - [05/Sep/2006:17:14:47 -0400] “GET /feed/ HTTP/1.1″ 200 45098 “http://bitacle.org” “Bitacle bot/1.1″
212.22.59.251 – - [06/Sep/2006:14:18:32 -0400] “GET /feed/ HTTP/1.1″ 200 46540 “http://bitacle.org” “Bitacle bot/1.1″
212.22.59.251 – - [07/Sep/2006:02:48:09 -0400] “GET /feed/ HTTP/1.1″ 200 46568 “http://bitacle.org” “Bitacle bot/1.1″

See a pattern there? It goes on and on.

Has this happened to you? Do you want to keep them from stealing your content?

WordPress user? Install Owen’s AntiLeech plugin to take care of the likes of Bitacle for you!

Not a WordPress user? Try some of these solutions:

1. Block that IP address in your htaccess and redirect the bot to a 403 (Forbidden) page for your feed:

Put this in your htaccess:

RewriteBase /
RewriteCond %{REMOTE_ADDR} ^212\.22\.59\.251$ [OR]
RewriteCond %{HTTP_USER_AGENT} Bitacle
RewriteRule .? – [F]

Thanks, Owen!

2. Block the bot via your robots.txt

I’m not exactly sure what the bot’s name is (I’m not too up on all this), but this should cover your bases:

User-agent: Bitacle bot/1.1
Disallow: /
User-agent: Bitacle bot
Disallow: /
User-agent: Bitacle
Disallow: /

If you’re new to robots.txt files and don’t already have one, just take that text there, put it in a blank txt file and save it to your site so that it is yoursite.com/robots.txt

NOTE: Regarding above, their FAQ #7, there seems to be some confusion on what exactly they mean… in English. At first I read it that they do listen to the robots.txt and such while others have interpreted it to mean the opposite (see comments). I have no idea what they truly mean, but it can’t hurt to try and block them there, can it?

3. Email Google Adsense

Here’s their standards for abuse emails:

1. Draft a new email. If possible, please use the email address currently associated with your AdSense account
2. Write ‘AdSense Policy Violation’ as the subject of your message
3. Please include all of the following in the body of your message:
— The URL of the violating website
— A description of the violation
— The specific location of the violation, if applicable
4. Send this email to adsense-abuse at google.com

This is basically what I sent to Adsense. A bit… choppy, but it gets the job done:

It has come to my attention that the site bitacle.org is ripping off content in whole from blogs and re-licensing it under Creative Commons. They took my complete website, images and everything, and reposted it though my blog is All Rights Reserved.

This site uses only stolen content and then has Google ads (adsense) plastered everywhere around this stolen content. There’s an adbar at the top (horizontal) and then a block towards the bottom by content forms. Look to http://en.bitacle.org/blogs/viewblog/-txl7did0/439 for an example.

They also have a Gmail address they are using in conjunction with this site and have a Gmail login box from their main page of bitacle.org. I’ve not tried this box. I am not aware if it is legitimate or if it just steals passwords, or both, etc.

I appreciate your attention to this matter as this is not acceptible in my book. As an adsense user myself – a legitimate one – I am very distressed to see sites like this that attempt to make money from other people’s hard work.

Thank you.

I’m sure I’ll be updating this post (or making more) as time goes on and things unfold. Share your steps of combating this, if you would – and let us know if you run across any other sites like Bitacle!

More (in no particular order):

• Digg it (hey, sweet, thanks guys :))
• asymptomatic.net/…help-defeat-the-sploggers-with-antileech
• tdjc.be/…bitacleorg-stealing-content/
• allanjenkins.typepad.com/…bitacle_thieves.html
• lutrov.com/blog/80
• stopbitacleorg.wordpress.com/
• theaterofthesoul.unitybiz.net/…all-your-blogs-are-belong-to-bitacle/
• monkeynotions.com/blog/…how-much-is-bitacle-biting/
• monkeynotions.com/blog/…and-the-bitacle-saga-continues/
• frenchysfracas.com/…onmymind20060922/
• frenchysfracas.com/…bitacle-and-splogs-final-thoughts/
• hollywood2020.blogs.com/….bitacle_debacle.html
• arb0rv1tae.typepad.com/…bite_me_bitacle.html

So, yesterday, I got some more spam-by-mail. This time from a company who just identifies themselves as LISTINGCORP.COM and then “Website Listing Service.”

Basically these people want me to pay them to list one of my domains “to 20 major search engines” with “eight keyword / phrase listings” and “quarterly search engine position and ranking reports.” All this for the very low price of $50.00 for one year starting April 21st!! </sarcasm>

But you know what? There is no phone number for this company anywhere on this “notice.” There’s their website: listingcorp.com and the email address info@listingcorp.com. I know this because I looked all over it for a number to call and demand they take me off their list. So I look at their website and click the “contact” link. I’m presented with three email addresses and the following message:

Please contact us via Email:

General Information – info@listingcorp.com
Billing Questions – billing@listingcorp.com
Technical Support – support@listingcorp.com

Due to current large volumes of email, requests can take up to 10 business days to receive a reply.

Ten business days!?
Of course, I know that it’s pointless to try and contact them by email. For one, I’m sure that after ten days they will neither respond nor will I remember anything about them. And for two, the last thing I want to do is give them a valid email address for me.

The really ironic thing? This is for a domain that’s not mine, only registered by me – so, of course, they got my info from the whois. And the domain name has 2006 in it. If they had actually looked at the domain name, they’d see that by April 21, 2006, the function of the domain will have ceased (as it will on April 7th), this is obvious as soon as you visit the site. Just goes to show you they’re trying to get anyone and everyone to fall for this scam.

The really sad thing? There are people that will fall for this. I have a specific person in mind as I write this. I’ve done their website but they registered their own domain name, so their own info is going to be on the whois. So eventually they’re going to start getting mailings like this and the registration scam I’ve talked about before and they are the kind of people who are likely to fall for this type of thing. So, off I go to compose an email…

Oh, so you people who want to be in search engines? Try some meta tags instead:

<meta http-equiv=”Pragma” content=”no-cache” />
<meta http-equiv=”expires” content=”0″ />
<meta name=”keywords” content=”keywords here” />
<meta name=”description” content=”site description here” />
<meta name=”robots” content=”Index, Follow” />
<meta name=”robots” content=”noimageindex, nomediaindex” />
<meta name=”robots” content=”noarchive” />
<meta name=”revisit-after” content=”5 Days” />

Edit them to read the values you want. There are more, of course, but start here. I actually know very little about search engine optimization, but I do know that whatever I’m doing seems to work well. ;-)

From: Post@cia.gov

Dear Sir/Madam,

we have logged your IP-address on more than 30 illegal Websites.

Important:
Please answer our questions!
The list of questions are attached.

Yours faithfully,
Steven Allison

++++ Central Intelligence Agency -CIA-
++++ Office of Public Affairs
++++ Washington, D.C. 20505

++++ phone: (703) 482-0623
++++ 7:00 a.m. to 5:00 p.m., US Eastern time

———–

list.zip 1K

Um, yeahhhhhhhhh. Riiiiiiiight.