So at this point I would like to record where the negative results (due to the credit card and identity theft) are turning up so I can track how well the good results are percolating up. I should have started tracking these earlier as I’ve already had 1 reference successfully removed (it no longer shows up in any of these search engines), and some new pages I’ve created have shown up in the top 3 pages.
Page 1: bad results at #5,7 (out of 10)
Page 2: #1, #7
Page 3: #5, #10
Page 1: result #6, #9 (out of 10)
Page 2: result #4, #9, #10
Page 3: result #3, #6
page 1: result #6, #9 (out of 10)
page 2: result #4, #9, #10
page 3: result #3, #6
page 1: result #1, #5 (out of 10; excluding my ads inserted between 1 & 2, and at the end. The abandoned blog beats my ad!)
page 2: result #5
page 3: result #1
page 1: result #5, 6, 7, 11, 21 out of a total of 28 results. Clearly I’m not popular enough on duckduckgo.
I still have my work cut out for me!
Part of the point of this blog itself of course is to improve the quality of information that exists online about me, and outweigh the misinformation brought about by the identity theft incident. As a part of ensuring that this blog remains well ranked, I am trying to submit it to all major engines that accept submission – Google, Bing, Yahoo, Ask; some of which required me to put an authentication file in the root of the web server. A secondary part is including a sitemap.xml file for pre-indexing information. I have installed a plugin to WordPress to see if that will do the job automatically rather than me having to generate one separately and then upload it. Conveniently, the plugin advertises itself in the sitemap.xml file it generates.
So I thought I would try the simplest (or apparently simplest) approach first. Ask people nicely to remove my name – not their article as their work has much value as an example of what to look out for in spam that might indicate phishing attacks. The more information out there about not trusting every detail of unsolicited email from strangers (even if they purport to be from familiar places), the better.
I decided on the top 4, which covered the first 3 pages of google results. A blogspot blog, and 3 personal blogs. Here is what has happened with them so far. Bad news first.
The Blogspot blog appears to be abandoned. The post containing my name is the last post on there, and it is now 7 months later. While I have asked on there to have my name removed, I doubt it will have much impact, but I shall try again. Asking the hosting service to edit or remove the page isn’t an option at this point. Blogger is owned by Google, and as such will only take down pages if there is a matching court order. I will pester again. Sadly, this is a very prominent result.
One blog allowed me to submit an email to the author, however, it then disappeared in to a black hole. I will have to bug this one again.
One blog had no way of contacting them at all. I tried to guess email addresses but they all bounced or were undeliverable. I will need to rethink this one.
The one that worked….
So one of the bloggers I contacted understood immediately, and removed my name, replacing it with the word ‘redacted’. Perfect! Of course this now needed Google to know about the change, so luckily he had a sitemap.xml already present, so I could just add a bit of link juice and after about a week it was updated and no longer showing. Thank you Geoff Fox for appreciating the situation, and responding so quickly!
This was a little more overt and quite frankly faster than I expected. They were nice enough to sign it though.
[Sun Sep 18 08:09:48 2011] [error] [client 18.104.22.168]
Â File does not exist: /var/www/w00tw00t.at.blackhats.romanian.anti-sec:)
[Sun Sep 18 08:09:49 2011] [error] [client 22.214.171.124]
Â File does not exist: /var/www/phpMyAdmin
[Sun Sep 18 08:09:50 2011] [error] [client 126.96.36.199]
Â File does not exist: /usr/share/phpmyadmin/scripts
[Sun Sep 18 08:09:50 2011] [error] [client 188.8.131.52]
Â File does not exist: /var/www/pma
[Sun Sep 18 08:09:51 2011] [error] [client 184.108.40.206]
Â File does not exist: /var/www/myadmin
[Sun Sep 18 08:09:52 2011] [error] [client 220.127.116.11]
Â File does not exist: /var/www/MyAdmin
Well, the script was written by Romanians (according to a quick search). The list of attempted hacks seems remarkably short for a brute force scripted attack. Just for the record, the whois owner of that address is currently:
Taiwan Taipei Chtd Chunghwa Telecom Co. Ltd
although, as I know far too well now for all the wrong reasons, the whois data isn’t always useful, helpful or correct.
So the first step to drawing up a plan of attack is to work out what is the outcome I am after.
So what do I want?
It would be awfully convenient if none of these pages ever turned up again, but that isn’t going to happen and may not even be what I want.
My primary goal is to ensure that if my name is searched on any major search engine, the first 2-3 pages of hits do not associate me with any of the negative fallout of having my name misappropriated. Once that has been achieved, I can see whether I can do better than that.
As I mentioned previously, I do want the bulk of the information in these pages to remain available, but without the reference to my misappropriated details. For brevity, I’ll refer to these negative references caused by the abuse of the misappropriated details as “the fallout”.
So then what are the possible angles of attack to recover my name?
- Increase ranking of positive references to my name over the other pages.
- Removal of my name from the inappropriate and negative pages from search results.
Where do I want these removed or rank lowered?
- Search engines: Google, Bing, Yahoo
- Metasearch engines:
- People profiling sites: Pipl
- More amitious targets: DuckDuckGo
So now that I have an indea of what it is I want to achieve, what are my options?
Based on feedback from my very good friends, there are a few things I will try.
- Build a site to explain the situation and link to the good material on the internet
- Use Google ads to improve site ranking of a site describing the situation
- Ask the people to remove my name from the offending pages
- Get people to go on a clicking campaign on my behalf to help the good results turn up first
- Remove my name from people indexing aggregators that associate me with the fallout
As I implement these, I will write up caveats, hits, misses and take on any extra ideas from you!
In February this year, my Credit Card details were stolen. I received a phone call from Citibank identifying a fraudulent transaction (kudos to them!). I confirmed this, the card was cancelled and replaced, and the money re-credited. I also found another transaction on there at about the same time, where someone had purchased something from a Russian domain registrar. I was surprised at the time about how much you could spend at the registrar, but I filled out the paperwork for Citibank, had the money re-credited immediately, and all was right with the world. Or so I thought.
So it turns out that my credit card details were used to register a lot of websites. These websites were used as some kind of presumably honeypot scams via email spam, directing them to dodgy URLs offering free upgrades to Skype and Adobe products. How do I know this? My name is rather rare (I suspect unique world-wide), so when I Google searched my name a little while ago, rather than seeing a list of interesting and good deeds I may have done, I saw websites like “stupid scammers” come up. Now I’m very much in favour of these sites remaining up, because I would like people to be generally aware of such scams and be able to easily identify them as such. What adds insult to injury for me is that not only did the scammers use my stolen credit card to pay for the domain name registration, they also used my name as the technical contact, administrative contact and company name. This means that when people went to investigate the scam sites using whois, my name came up.
Why do I care?
At the moment I am looking for work, and so my Google search profile is very important to me. I would like the first impressions to be good. So when I started checking in to my current profile and found my good name to be associated with these scams above any other things that I’ve done, I was less than impressed. Secondly, as an IT professional, these scams are particularly badly done and make me look bad in my own field of broader expertise.
How do I know that every time I apply for a job, someoneÂ isn’t Google searching my name and ruling me out just-in-case? I want to reclaim my name.
What am I doing about it?
I”ll be trying quite a few options, and I’m also soliciting other ideas from the internet at large (that includes you!) I do not expect this to be a fast process, but something I want to see how far I can get; with the intent of sharing my experiences and what to do if the same thing happens to you. I will also look at issues around Bing and sites like Pipl, but luckily the stupid scammer stuff is buried much deeper on those.
So apparently it doesn’t take long for someone (Google?) to find you. I don’t believe I’m linked from anywhere yet, but I did ask an online site to create a sitemap.xml for me.Â With timestamps only minutes before the timestamp on my sitemap.xml file this is in my error.log:
[Fri Sep 16 13:37:39 2011] [error] [client 18.104.22.168] File does not exist: /var/www/robots.txt
[Fri Sep 16 13:49:31 2011] [error] [client 22.214.171.124] File does not exist: /var/www/robots.txt
A quick googling of those IPs seems to show that the first one is owned by googlebot.com, and the second one is an anonymous looking box on bluehost.com. Friend or foe?
This is indeed my first post! It has been fun getting this up and running on a Lucid build of Ubuntu.
These are some of the things I discovered so far:
- ufw out-of-the-box prevents apt-get from working
- installing the wordpress package via apt-get resolves some dependencies: it downloads the dependencies for mysql-client but does not include any mysql-server
- wordpress on Ubuntu works very easily once you find the special configure for Debian files inside /usr/share/docs/wordpress
- of particular use is /usr/share/docs/worpress/examples/setup-mysql which doesn’t quite work as described, but boy did it make everything work
- I still haven’t figured out the timezone for this yet
- Bitvise Tunnelier is awesome for ssh sessions under Windows7 64-bit
So far things have worked rather well! On to the next bits….