Posts Tagged ‘Administrative’

Another Bluehost Phishing Email

Saturday, September 2nd, 2017

Remember the previous Bluehost phishing attack I mentioned?

Today I got another one.

Here’s the raw source (with a few inserted line breaks to keep it from running into the righthand column).


Message ID
Created at: Sat, Sep 2, 2017 at 12:50 AM (Delivered after 3 seconds)
From: Bluehost
Subject: Request to reset your domain associated with this e-mail address
SPF: PASS with IP Learn more

(XXXXX added to email address here and below to defeat spambot scrappers.)


Received: by with SMTP id c145csp343693ywa;
Fri, 1 Sep 2017 22:54:47 -0700 (PDT)
X-Received: by with SMTP id t68mr4941018pgc.177.1504331447706;
Fri, 01 Sep 2017 22:50:47 -0700 (PDT)
X-Google-Smtp-Source: ADKCNb5s73v956ds860PK1kR3YVGj/j+bLV2uYQNDDlbJ/kZIPjlLkqlSdvnwz3d/dZQs6C8Ug2m
X-Received: by with SMTP id t68mr4941001pgc.177.1504331446972;
Fri, 01 Sep 2017 22:50:46 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1504331446; cv=none;; s=arc-20160816;
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed;; s=arc-20160816;
ARC-Authentication-Results: i=1;;
spf=pass ( domain of designates as permitted sender)
Received: from ([])
by with ESMTPS id a2si1461087pll.210.2017.
(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
Fri, 01 Sep 2017 22:50:46 -0700 (PDT)
Received-SPF: pass ( domain of designates as permitted sender) client-ip=;
spf=pass ( domain of designates as permitted sender)
Received: from cmgw2 ( []) by (Postfix) with ESMTP id 84A09215C39 for ; Fri,
1 Sep 2017 23:50:46 -0600 (MDT)
Received: from ([]) by cmgw2 with id 4Vqj1w00l3no00q01Vqmx1; Fri, 01 Sep 2017 23:50:46 -0600
X-Authority-Analysis: v=2.2 cv=IspuSP3g c=1 sm=1 tr=0 a=ZGpYF3R9av1KVggUQYjyig==:117 a=ZGpYF3R9av1KVggUQYjyig==:17 a=IkcTkHD0fZMA:10 a=2JCJgTwv5E4A:10 a=eLEXLPMnAAAA:8 a=cNaOj0WVAAAA:8 a=3gznCMWBZ5u3K-Cr9X4A:9 a=8jPl8b1L-dkswZAf:21 a=7g7r5GJnjx26k2DO:21 a=L4Rp5h-_gRjJhvEI:21 a=QEXdDO2ut3YA:10 a=TnA9z4vs7e96t_Vj_DNd:22
Received: from doorsofv by with local (Exim 4.87) (envelope-from ) id 1do1KN-003TIa-D2 for; Fri, 01 Sep 2017 23:50:43 -0600
Subject: Request to reset your domain associated with this e-mail address
X-PHP-Originating-Script: 1982:mail.php
MIME-Version: 1.0
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: quoted-printable
From: Bluehost
Date: Fri, 01 Sep 2017 23:50:43 -0600
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname -
X-AntiAbuse: Original Domain -
X-AntiAbuse: Originator/Caller UID/GID - [1982 1982] / [47 12]
X-AntiAbuse: Sender Address Domain -
X-BWhitelist: no
X-Exim-ID: 1do1KN-003TIa-D2
X-Source-Auth: doorsofv
X-Email-Count: 38
X-Source-Cap: ZG9vcnNvZnY7ZG9vcnNvZnY7Ym94MTE3NS5ibHVlaG9zdC5jb20=
X-Local-Domain: yes










=09=09=09=09We received a request to reset your domain associated with this=
e-mail address.

=09=09=09=09This request was generated by a user clicking the 'Domain Reset=
' link. If you want it to be reset, then you can safely ignore this message=


=09=09=09=09If you did not request to have your domain reset, or do not wan=
t it to be reset, please protect your domain. You can refuse this request a=
nd securely reset your password by clicking the link below:=20




=09=09=09=09Alternatively, you can copy and paste the link into your browse=
r's address window, or retype it there.

=09=09=09=09Thank you,
=09=09=09=09Bluehost Support

=09=09=09=09For support go to

Interestingly, even though all of that is in a code tag, part of it (including the link) is still rendered. (I don’t need to tell you not to click that, do I?) I wonder if the 3D class stuff bypasses standard rendering layers.

Here’s the important segment (opening and closing greater than and less than signs omitted):

a href=3D'
F3cmVuY2VwZXJzb25AZ21haWwuY29tDQ=3D=3D' target=3D'_blank'>

Here’s the whois registrant and admin contact for domain:

Organization: EDOUARDVDV
Phone: +31.0615954306
Fax Ext:

More interestingly, here’s the tech contact:

Tech Contact
Organization: BLUEHOST.COM
Mailing Address: 550 E TIMPANOGOS PKWY, OREM UTAH 84097 US
Phone: +1.8017659400
Fax: +1.8017651992
Fax Ext:

So here we have a Bluehost phishing scam being run from a Bluehost domain.

I think it’s time to have an interesting discussion with BlueHost support…

Weird WordPress/Firefox Cache Issue

Monday, May 15th, 2017

So I just published scenes from the liberal freakout, but it’s not showing up on the main blog page, nor in a next link from the previous page, nor linked from any of the Index topics. Visibility is on and the publication date is today.

Edited to add: This isn’t showing up either. Something screwy is going on…

Edited to add 2: This appears to be fixed in most browsers…except my own Firefox browser, which stubbornly insists on not showing the new content despite a restart and cache clearing.

Next step: Restart the Mac.

Edited to add 3: Restarting the Mac finally fixed the problem on Firefox…but that second note above still isn’t showing up in Safari on my iPhone. I’m starting to think something screwy is going on with Blue Hosts’s caching system…

Edited to add 4: Firefox now shows this post, but not the third note added above. Safari iPhone shows only the first note, Safari Mac shows only the first two notes. All the notes are visible when you click on the post itself, but not on the main blog page. This makes me think it’s a Blue Host caching issue (though they deny it via Twitter).

Winner Winner Chicken Dinner

Sunday, January 1st, 2017

I’m proud to announce that BattleSwarm Blog has been named to The Fabulous 50 Blog List by Director Blue.


Best Grassroots Blog
Lawrence Person’s BattleSwarm: Person’s LinkSwarms extract pure wheat from chaff.”

Thanks! And there are a lot of other great blogs in the fab 50 list worth checking out.

Welcome Cal Watchdog to the Blogroll

Tuesday, September 1st, 2015

Keeping with with California’s ongoing descent into a failed state is a never-ending task. That’s why I’m adding Cal Watchdog to the blogroll, a long overdue move.

Do check them out if you like the Texas vs> California roundup…

Instead of Actual Content: Story Pipeline Deadlock Edition

Tuesday, April 7th, 2015

Right now in the Pipeline of Half-Completed Blog Posts, I have:

  • A post on the “Sad Puppies” Hugo Awards controversy
  • Another update on Greece (which supposedly runs out of money on Thursday)
  • Analysis of the Iran Nuclear Weapons Deal
  • Another Texas vs. California update
  • Unfortunately, today is going to be unusually busy, so instead of finishing those and offering up actual content, here are some Golden Retriever videos:

    Having An Intermittant Database Connection Problem

    Monday, December 29th, 2014

    I seem to be having an intermittent database connection problem for old posts. Not seeing it right now, but if you see it crop up again, let me know.

    Blogroll Addition: Rock in a Sea of Chaos

    Friday, May 30th, 2014

    One of the bloggers who showed up at Borepatch’s blogmeet was “That Guy” from Rock in a Sea of Chaos. That seems like a sufficient excuse to add another Austin gun blogger to the blogroll, so here he is…

    Administrative Note: Blog Back Up

    Thursday, May 15th, 2014

    This week I’ve been having some fairly heinous performance issues with the blog, as in “takes 30 second to a minute to load the dashboard” heinous. After some song and dance from BlueHost support (“CPU throttling! Chinese hackers!”), they took the server (and thus my blog) offline to resolve the issue.

    Both server and blog are now back up, and things are generally better performance-wise (if still not exactly snappy).

    Blogroll Addition: Zero Hedge

    Monday, January 27th, 2014

    Newly added to the blogroll: Zero Hedge, for all your DOOM-y international economic news needs.

    Also consider this your “I didn’t have time to put up an extensive blog post” post…

    Blogroll Cleaning

    Thursday, January 2nd, 2014

    It’s a new year, so here are a few long-overdue administrative updates to the blogroll.

  • Added Texas Conservative Republican News.
  • Removed Urban Grounds, since Robbie Cooper hung up his blogging gloves.
  • Removed Matt S. Dowling, because one post in the last year isn’t cutting it. Sorry, Matt…
  • Updated the link for An American Housewife.
  • Updated the link to SooperMexican.
  • Other notes:

  • I was going to add Sibyl West’s Ramparts 360, but she seems to have dropped off the map.
  • I would add Cahnman’s Musings, except he still hasn’t put up a blogroll…
  • Any Texas blogs I’m missing you think should be up here?