Posts Tagged ‘Site Administration’

I Have Now Added and Activated WP Fastest Cache for BattleSwarm

Monday, March 15th, 2021

Instapundit readers have been complaining that they get 404 errors when Instapundit links a post. So I’ve been meaning to put up caching software for quite a while now. But since all caching software reviews said things like “Awesome! Really speed up my blog!” (98%) and “It completely destroyed my blog and erased everything!” (2%), I wanted to export/back up my blog and then do a complete backup of my Mac in Time Machine. Unfortunately, my old backup HD flaked out late last year, replacements were back-ordered for a while, and the first two replacements HDs I picked up also flaked out. (I am hoping that this new 5 TB Seagate portable external hard drive remains error free.)

With all those safe-keeping measures in place, I have finally installed WP Fastest Cache. Let me know below if the site seems faster, or if you’re still getting errors.

So let’s post some random content to test the new cache. Since Bill Burr trended last night over his appearance at the Grammys (which evidently still exist) triggering the usual suspects, here’s a short NSFW video where he take on political correctness:

And here are some tweets on the subject:

Non-cached tweets are evidently something that really soaks up the bandwidth, so let’s see if WP Fastest Cache fixes the problem.

Blogroll Additions

Sunday, March 14th, 2021

The Sunday after they’ve sucked an hour out of our lives seems like a good time to do a Blogroll update.

  • 357 Magnum: Solid gun and politics blog that’s been sending some traffic my way.
  • Austin Network: Good Austin news source, including a lot about the Austin City Council-created “Let’s make Austin bumsville” homeless crisis.
  • New Discourses: James Lindsey’s ongoing, in-depth dissection of social justice warrior thinking and tactics.
  • Not The Bee: I already had The Babylon Bee in my blogroll, but their non-satirical sister site is also proving an essential source as well.
  • The Texan: Daily Texas news source. Not free, but worth the modest monthly fee if you’re interested in Texas news and want to avoid subsidized the MSM.
  • I also pruned a few dead links or blogs that hadn’t been updated in three years…

    Blogging and Its Discontents

    Tuesday, November 17th, 2020

    The good news: Yesterday, I got linked from Instapundit twice! Since the purpose of a blog is to communicate, this means a big bump in daily visit statistics!

    The bad new: Yesterday, I got linked from Instapundit twice! The increased traffic displayed, yet again, how creaky and unreliable BlueHost’s services have become.

    Pretty much every time I’m linked from Instapundit, people complain “Oh, we killed Lawrence’s server again!” Variegated 404, 500 and Site Unavailable errors abound.

    Every time I point out to BlueHost that they seem to be running my blog on a severely resource-constrained server (most likely a virtual cloud server of some sort, time-shared with a whole bunch of other websites/blogs), they always go “Well, it’s not our problem! Your site is just too unoptimized!” and point me to gtmetrix. Evidently embedded Tweets use up a huge number of resources, which makes me wonder why Twitchy doesn’t seem to have these problems at much higher loads.

    Keep in mind that I’m running an old stock version of WordPress, with the bare minimum of necessary plugins (like AntispamBee) with BlueHost’s stock tools. So it’s not like I’m doing something wacky and unorthodox.

    When I mention these problems on Twitter, other hosting companies come out of the woodwork and say “Yeah, you could improve some things, but there’s no reason for BlueHost to suck so bad.”

    To improve speed, I’m looking at several different cache plugins for WordPress, including:

  • WP Super Cache
  • Autoptimize
  • Jetpack
  • WP-Optimize
  • WP fastest Cache
  • All are rated between four to five stars, all have a majority of users who say “Wow, this really sped up my site,” and all have a small number of reviewers who say “Agggggh, this trashed my site! Stay far away!”

    If you’re a WordPress blogger reading this, let me know if you have experience with any of those and how well the worked for you.

    I just did a manual backup of my WordPress database, but I should probably install some sort of backup plugin as well. Here’s another area WordPress users can tell me what works best for them.

    During Instalanches, some worried whether I’d been deplatformed, since WordPress is evidently kicking Conservative Treehouse off their platform. The answer is no, it’s just BlueHost sucking, and the Treehouse guys get a lot more traffic than I do. I’m sure I would be irritating enough to deplatform if Big Tech were more aware of me, but right now I seem to enjoy security through obscurity.

    Some have asked whether they can donate to get me a new server. While that would be swell (and see the donation button below), my immediate preference would be for BlueHost to stop sucking so I don’t have to go through the pain of transferring my blog to a new provider.

    BattleSwarm is, at best, a break-even proposition for me, after donations and Amazon affiliate links are factored in, specially since I haven’t let anyone put their crappy adware on my site. For several years now, I’ve managed to put up a blog post every single day. I started blogging due to outrage during the Obama Administration (and because Dwight took the plunge first), and if Biden manages to make his stolen election stick, I certainly don’t see less reason to blog. But it would be nice to get paid more for it.

    In the past I’ve done the occasional piece in places like National Review or Reason, but I’m not sure any of the legacy paying outlets is a good fit or substitute for regular blogging. (And I’m sure as hell not going to write for a sadness factory like The Bulwark.) Ideally I could get paid to contribute to a multi-contributor blog like Instapundit or Legal Insurrection, or some site like Empower Texans. But thus far no one has asked me to contribute to such.

    I don’t ask for donations as much as some blogs because financially I’m doing fine, and technical writing pays well. (Between my house, library and various 401Ks, I’m probably an Almost Millionaire in net worth.) (Maybe I’ll even get enough to move off the default WordPress theme.) But I didn’t get into blogging to get rich, much like one doesn’t become a Trappist monk for the kinky sex and hard drugs.

    Alas, I’m being laid off from my current technical writing job in December. So maybe I should ask for more donations. But I have the sort of skill sets (documenting programming APIs, among many other things) that’s very much in demand, so I don’t expect to be unemployed long. Plus I have another small income stream in the book business. There other Vast Right Wing Bloggers out there much more in need of donations than I.

    So, that’s sort of my State of the Blog roundup. I’m still here and I don’t plan on going anywhere.





    Most Sophisticated Bluehost Phising Scam Yet

    Sunday, November 17th, 2019

    So, a few days ago I got one of the most sophisticated phising scam messages I’ve ever received. Message:

    Bluehost.com

    2:46 PM (5 hours ago)

    to me
    Hello, LAWRENCE PERSON

    We are contacting you today because we have disabled your outbound email services temporarily. The reason for this is because you've got a forum that spammers were subscribing to to get messages sent out. They used a spam trap email address that actually resulted in our mail server getting blacklisted.

    We need you to add protection to it so it isn't being exploited in the future. You will need to contact us and let us know this has been resolved for us to restore your email services.

    For protection, we ask that you require an account to subscribe to topic notifications if you haven't already. We also ask that you add protection to your sign-up page so that spammers cannot automate it. You can do this by using a captcha or something similar to that.

    To activate your account, please visit our BlueHost account reactivation center. Use the link below:
    http://my.bluehost.com.313e7d092611f0c58251064957ca6b4c.
    cajunhomeservices.com/account/58961/reactivation.html

    Thank you,
    BlueHost.com Terms of Service Compliance
    http://www.bluehost.com
    For support go to http://helpdesk.bluehost.com/
    Toll-Free: (888) 401-4678

    Note the relatively good English and the fairly sophisticated “You have a technical spam problem” hook. The all caps name and the fact I don’t have any “forums” is the only giveaway, besides an examination of the actual link provided, that it’s not kosher.

    Note that the link actually points to “cajunhomeservices.com”.

    Raw source:

    Delivered-To: l********@gmail.com
    Received: by 2002:ac2:518f:0:0:0:0:0 with SMTP id u15csp11449403lfi;
    Thu, 14 Nov 2019 12:46:12 -0800 (PST)
    X-Google-Smtp-Source: APXvYqzeSBr4ElY5I4kaRQJbufydJ32F7GyXgzop2lpZkta8d7s7
    RkuuytltMNPtM4up1GCCTCwr
    X-Received: by 2002:aca:52c2:: with SMTP id g185mr5152898oib.45.1573764372228;
    Thu, 14 Nov 2019 12:46:12 -0800 (PST)
    ARC-Seal: i=1; a=rsa-sha256; t=1573764372; cv=none;
    d=google.com; s=arc-20160816;
    b=sPXkzlz9bAXMXM5E2CaRKG6d6ybRdOxTCNcjZNm5e5kMRkr4KWL
    2xq4PjgaGnn3KIYbVmgahiHv7Trl3QgGFzbryJNeeX5VNhxK/
    cSIumeiQnlB3aNUV/0qfNY1Cu6szqcMn890SG6r/
    7Nvq3XWQ0kGiPBdTAELDw8QS8bpgIPrSHeKPJ669ifn50yKL7KybJ
    PnrlQrJe8rWDPDAag1kkJpPhEWIzhWzETQpMW65pUVsuO4SoleoVo
    MRHR4WWZ3x4UgY+I7+s58RjcHDx+uSS5UYboFJd6n+ksMZQUNI9rq
    MmUYIdq3GLvXAekXAbIXyzUYo+24K2Z0iusbAJo
    CQGA==
    ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
    h=content-transfer-encoding:mime-version:from:to:subject:message-id
    :date;
    bh=sZf91ll1kaMuGiSLWB5C0DKuw/3r72M1cUA1iJqiuLw=;
    b=b5CGhK96w1NqMgkAhr04RJAsjO9YKteraSIV/tvZoFeuEGUhGlHF
    nxu8r3KLVTb5fNbAJXyxbLxSy+vxpXeZXhMLcS+OApLDERBmuJ9Pm
    VH9TTxayaPbpqTHvyKgCGRr6JG4aM12/7CdqWxy3aH5hRvKwYg8Y35
    xZZ0jQgnngrEXsx9glAX3S78XsCGS27BCKzoB/qA7c4245rT7rEXf3
    y6uRyZSe6Kc9FaYotV7j5VpjhVr0c+qcf7iJUFtdjLSkYW/BlY2baA
    jGq3WixP5g3y9fYZ8X636dLLFcu7PKpKsb324VRcRgKJONc356J7x0
    K4I+pEk3oLxlMa8T3
    /RLw==
    ARC-Authentication-Results: i=1; mx.google.com;
    spf=fail (google.com: domain of support@bluehost.com does not designate 192.185.143.39 as permitted sender) smtp.mailfrom=support@bluehost.com;
    dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=bluehost.com
    Return-Path:
    Received: from gateway31.websitewelcome.com (gateway31.websitewelcome.com. [192.185.143.39])
    by mx.google.com with ESMTPS id f84si4367574oig.42.2019.11.14.12.46.11
    for
    (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
    Thu, 14 Nov 2019 12:46:12 -0800 (PST)
    Received-SPF: fail (google.com: domain of support@bluehost.com does not designate 192.185.143.39 as permitted sender) client-ip=192.185.143.39;
    Authentication-Results: mx.google.com;
    spf=fail (google.com: domain of support@bluehost.com does not designate 192.185.143.39 as permitted sender) smtp.mailfrom=support@bluehost.com;
    dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=bluehost.com
    Received: from cm13.websitewelcome.com (cm13.websitewelcome.com [100.42.49.6]) by gateway31.websitewelcome.com (Postfix) with ESMTP id BD99FD53F0 for ; Thu, 14 Nov 2019 14:46:11 -0600 (CST)
    Received: from box2082.bluehost.com ([50.87.249.228]) by cmsmtp with SMTP id VM0Ji8N6s3Qi0VM0JiRiqR; Thu, 14 Nov 2019 14:46:11 -0600
    X-Authority-Reason: ss=1
    Received: from [162.248.225.8] (port=55837 helo=support) by box2082.bluehost.com with esmtpsa (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92) (envelope-from ) id 1iVM0J-003aX1-95 for l*******@gmail.com; Thu, 14 Nov 2019 13:46:11 -0700
    Date: Thu, 14 Nov 2019 15:48:38 -0500
    Message-ID: <1332064982.webi20191114154838@bluehost.com>
    Subject: Disabled your outbound email services temporarily
    To: l********@gmail.com
    From: "Bluehost.com"
    X-Priority: 4 (Low)
    Mime-Version: 1.0
    X-Mailer: Php_libMail_v_2.11(webi.ru)
    Content-Type: text/plain; charset=UTF-8
    Content-Transfer-Encoding: base64
    X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
    X-AntiAbuse: Primary Hostname - box2082.bluehost.com
    X-AntiAbuse: Original Domain - gmail.com
    X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
    X-AntiAbuse: Sender Address Domain - bluehost.com
    X-BWhitelist: no
    X-Source-IP: 162.248.225.8
    X-Source-L: No
    X-Exim-ID: 1iVM0J-003aX1-95
    X-Source:
    X-Source-Args:
    X-Source-Dir:
    X-Source-Sender: (support) [162.248.225.8]:55837
    X-Source-Auth: bh_1572749987@sandiegoslushkin.com
    X-Email-Count: 9
    X-Source-Cap: c2FuZGlmbjk7c2FuZGlmbjk7Ym94MjA4Mi5ibHVlaG9zdC5jb20=
    X-Local-Domain: no

    SGVsbG8sIExBV1JFTkNFIFBFUlNPTg0KIA0KV2UgYXJlIGNvbnRhY3RpbmcgeW91IHRvZGF5IGJl
    Y2F1c2Ugd2UgaGF2ZSBkaXNhYmxlZCB5b3VyIG91dGJvdW5kIGVtYWlsIHNlcnZpY2VzIHRlbXBv
    cmFyaWx5LiBUaGUgcmVhc29uIGZvciB0aGlzIGlzIGJlY2F1c2UgeW91J3ZlIGdvdCBhIGZvcnVt
    IHRoYXQgc3BhbW1lcnMgd2VyZSBzdWJzY3JpYmluZyB0byB0byBnZXQgbWVzc2FnZXMgc2VudCBv
    dXQuIFRoZXkgdXNlZCBhIHNwYW0gdHJhcCBlbWFpbCBhZGRyZXNzIHRoYXQgYWN0dWFsbHkgcmVz
    dWx0ZWQgaW4gb3VyIG1haWwgc2VydmVyIGdldHRpbmcgYmxhY2tsaXN0ZWQuDQoNCldlIG5lZWQg
    eW91IHRvIGFkZCBwcm90ZWN0aW9uIHRvIGl0IHNvIGl0IGlzbid0IGJlaW5nIGV4cGxvaXRlZCBp
    biB0aGUgZnV0dXJlLiBZb3Ugd2lsbCBuZWVkIHRvIGNvbnRhY3QgdXMgYW5kIGxldCB1cyBrbm93
    IHRoaXMgaGFzIGJlZW4gcmVzb2x2ZWQgZm9yIHVzIHRvIHJlc3RvcmUgeW91ciBlbWFpbCBzZXJ2
    aWNlcy4NCg0KRm9yIHByb3RlY3Rpb24sIHdlIGFzayB0aGF0IHlvdSByZXF1aXJlIGFuIGFjY291
    bnQgdG8gc3Vic2NyaWJlIHRvIHRvcGljIG5vdGlmaWNhdGlvbnMgaWYgeW91IGhhdmVuJ3QgYWxy
    ZWFkeS4gV2UgYWxzbyBhc2sgdGhhdCB5b3UgYWRkIHByb3RlY3Rpb24gdG8geW91ciBzaWduLXVw
    IHBhZ2Ugc28gdGhhdCBzcGFtbWVycyBjYW5ub3QgYXV0b21hdGUgaXQuIFlvdSBjYW4gZG8gdGhp
    cyBieSB1c2luZyBhIGNhcHRjaGEgb3Igc29tZXRoaW5nIHNpbWlsYXIgdG8gdGhhdC4NCg0KVG8g
    YWN0aXZhdGUgeW91ciBhY2NvdW50LCBwbGVhc2UgdmlzaXQgb3VyIEJsdWVIb3N0IGFjY291bnQg
    cmVhY3RpdmF0aW9uIGNlbnRlci4gVXNlIHRoZSBsaW5rIGJlbG93Og0KaHR0cDovL215LmJsdWVo
    b3N0LmNvbS4zMTNlN2QwOTI2MTFmMGM1ODI1MTA2NDk1N2NhNmI0Yy5jYWp1bmhvbWVzZXJ2aWNl
    cy5jb20vYWNjb3VudC81ODk2MS9yZWFjdGl2YXRpb24uaHRtbA0KDQogDQpUaGFuayB5b3UsIA0K
    Qmx1ZUhvc3QuY29tIFRlcm1zIG9mIFNlcnZpY2UgQ29tcGxpYW5jZQ0KaHR0cDovL3d3dy5ibHVl
    aG9zdC5jb20NCkZvciBzdXBwb3J0IGdvIHRvIGh0dHA6Ly9oZWxwZGVzay5ibHVlaG9zdC5jb20v
    DQpUb2xsLUZyZWU6ICg4ODgpIDQwMS00Njc4

    (Note: Line breaks added on ARC lines.)

    Note the authentication fails in the raw source of the message.

    Let’s do a whois for cajunhomeservices.com:

    Domain Name: CAJUNHOMESERVICES.COM
    Registry Domain ID: 1987624026_DOMAIN_COM-VRSN
    Registrar WHOIS Server: whois.fastdomain.com
    Registrar URL: http://www.fastdomain.com
    Updated Date: 2018-12-16T00:21:49Z
    Creation Date: 2015-12-16T00:22:33Z
    Registry Expiry Date: 2019-12-16T00:22:33Z
    Registrar: FastDomain Inc.
    Registrar IANA ID: 1154
    Registrar Abuse Contact Email:
    Registrar Abuse Contact Phone:
    Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
    Name Server: NS1.BLUEHOST.COM
    Name Server: NS2.BLUEHOST.COM
    DNSSEC: unsigned
    URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
    >>> Last update of whois database: 2019-11-15T02:46:01Z <<<

    The interesting thing here is that cajunhomeservices.com is actually registered to bluehost.com. I launched a chat window with technical support (offshore, it seemed like), and they promised to alert the proper security staff.

    Lesson: If you receive a message alerting you to some sort of online fraud, never click any link in the message. If it's a domain or service you use, go there by your saved bookmark or by typing the domain URL directly into your browser.

    Eternal vigilance is the price of IT security...

    Blogroll Updates

    Wednesday, May 15th, 2019

    I’ve gotten behind in cultivating my blogroll, so here’s some much-needed planting and pruning:

    Additions

  • No Lawyers, Only Guns And Money: Gun blog. Karl Rehn recommended them, and they’ve had a lot of good information on the NRA issues I’ve been covering.
  • Quillette: Meaty pieces of interest from academics opposed to the Social Justice Warrior agenda.
  • Tablet: News from a Jewish perspective. In Foreign Policy because it offers a lot of good information on Arab-Israeli topics.
  • Subtractions

  • Creeping Sahria: Gone.
  • Michael Totten: World Affairs Journal shut down after their sponsor died.
  • PushJunction: Gone.
  • Sipsy Street Irregulars: Stopped updating in 2016.
  • Akismet Free Ride Ends

    Tuesday, January 8th, 2019

    For almost as long as I was using this blog, I’ve been using the free Akismet spam filter. Well, the free ride has finally ended, as they actually want $5 a month to use it now. I’m not complaining, as a man’s got to eat. But this is why I had several hundred WordPress moderate comment emails today.

    Since my blog is currently a slightly-money-losing proposition, I have no desire to deepen my losses, so I just moved to the free Antispam Bee for this blog and Futuramen. Dwight is evidently paying the $5 a month for Akismet for his blog, so we can compare after a month or so and see if there’s a noticeable difference between the two.

    Anyway, on the off-chance you submitted a blog comment after, say, 11:58 AM today, you might have to repost it.

    And maybe somebody can explain why most of my comment spam seemed to come from an Omaha injury lawyer…

    Blogroll Addition: The Babylon Bee

    Monday, August 6th, 2018

    As promised, I’ve added The Babylon Bee to the blogroll. If you haven’t read it, “The Onion for Christians, but funnier” nicely sums it up.

    A few recent posts:

  • “Texas Constructs Border Wall To Keep Out Unwanted Refugees From California.”
  • “Twitter CEO Apologizes For Allowing Conservatives On Platform In First Place.”
  • “Struggling Chemistry Teacher Takes To Life Of Crime Manufacturing Plastic Straws To Sell On Streets Of Santa Barbara.”
  • They’re well worth checking out.

    Transient HTTP/HTTPS Issue

    Thursday, February 8th, 2018

    If you hit this page yesterday and ran into an Ubuntu Apache setup page, you ran into a transient cache issue because you came in on:

    http://www.battleswarmblog.com

    rather than

    https://www.battleswarmblog.com.

    I got the issue resolved with BlueHost, so now any hits coming in on http://www.battleswarmblog.com should automatically forward to https://www.battleswarmblog.com, as they were doing before this weird glitch showed up.

    But this is also a good reason to make sure your bookmarks and links point to https://www.battleswarmblog.com going forward.

    Blogroll Addition: Judicial Watch

    Thursday, September 21st, 2017

    I’ve gone ahead and added Judicial Watch to the Blogroll under Think Tanks/Etc. Judicial Watch carried out a crucial role in uncovering several aspects of Hillary Clitnon’s Emailgate scandal, and continue to discover and document misdeeds by public officials through targeted Freedom of Information Act requests. Indeed, their work was so valuable, I signed up as a donating member.

    They’re worth your time and attention.

    Another Bluehost Phishing Email

    Saturday, September 2nd, 2017

    Remember the previous Bluehost phishing attack I mentioned?

    Today I got another one.

    Here’s the raw source (with a few inserted line breaks to keep it from running into the righthand column).

    Headers:

    Message ID
    Created at: Sat, Sep 2, 2017 at 12:50 AM (Delivered after 3 seconds)
    From: Bluehost
    To: lawrencepersonXXXXX@gmail.com
    Subject: Request to reset your domain associated with this e-mail address
    SPF: PASS with IP 74.220.222.232 Learn more

    (XXXXX added to email address here and below to defeat spambot scrappers.)

    Payload

    Delivered-To: lawrencepersonXXXXX@gmail.com
    Received: by 10.129.53.151 with SMTP id c145csp343693ywa;
    Fri, 1 Sep 2017 22:54:47 -0700 (PDT)
    X-Received: by 10.99.120.71 with SMTP id t68mr4941018pgc.177.1504331447706;
    Fri, 01 Sep 2017 22:50:47 -0700 (PDT)
    X-Google-Smtp-Source: ADKCNb5s73v956ds860PK1kR3YVGj/j+bLV2uYQNDDlbJ/kZIPjlLkqlSdvnwz3d/dZQs6C8Ug2m
    X-Received: by 10.99.120.71 with SMTP id t68mr4941001pgc.177.1504331446972;
    Fri, 01 Sep 2017 22:50:46 -0700 (PDT)
    ARC-Seal: i=1; a=rsa-sha256; t=1504331446; cv=none;
    d=google.com; s=arc-20160816;
    b=QOjWmOjsvjB9+8HswySoFQOQ4lsCvpPME27NN9zJfx8
    gZofrql3IwevgfSp0e1Btxg
    aIL8DmnXCGllyd8AvPrBrN/Ly3+iKtBxdbk3oua+d9vYBYOgYWcLW
    +kMvQAcV81hB1El
    PXLWVLUV78BXenGJMUIs0voePL345QIlDhjigRRvOYs4/cOFXhr/
    0nE0A+F45lneFaUx
    oG7oYSk3QBVJtvwWUd2z1ksn24R8kTgwWfFZGqVEUm6fji4tA6J1Qv
    1IwL7GWDtmI/ab
    pdU/Dh9cvT3lR2bDOFQaSje0NQuibGyFY3ouNGDdRygJIJKjldi
    EoUsqxE1zCoCrfZU1
    l+Dw==
    ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
    h=date:message-id:cc:from:content-transfer-encoding:mime-version
    :subject:to:arc-authentication-results;
    bh=pAtFnsm7hK/sCRTeHL/WZ2Afvt74elEbNil2YQ/rHSk=;
    b=t9vALxsoLpH2sKGGjbqvx/KAJOGJQaT/2qVFWCaNXJOybuHwoMGmaRh1
    eP62jnkD5s
    nQXOsgK3wQfj/l2Nq1tuA05l+FfQgRlLFSFs/4YKSjcrIveLp/ht/ergUZGv1ydawsDk
    PdNYonJnmlykTW7HQxAhtRbbFP5dohfLGcGcdUmOsV6XjUZQK+
    9agN78MxBBfFj33V7j
    aUCkZ/BINSFb2Jt4IzOaQdnnVzoBwY8R1aLg0+GdVf26wZuYLBiN
    hAXOJY1SVCjGrrwd
    GiGw2eMbMyG5V1VjGlhJPx8Wan7eA/lXr+hrwnuEalFaGk66Ni8lV7
    nADN9StIh7AyMp
    aY7Q==
    ARC-Authentication-Results: i=1; mx.google.com;
    spf=pass (google.com: domain of doorsofv@box1175.bluehost.com designates 74.220.222.232 as permitted sender) smtp.mailfrom=doorsofv@box1175.bluehost.com
    Return-Path:
    Received: from outbound-ss-1849.hostmonster.com ([74.220.222.232])
    by mx.google.com with ESMTPS id a2si1461087pll.210.2017.09.01.22.50.46
    for
    (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
    Fri, 01 Sep 2017 22:50:46 -0700 (PDT)
    Received-SPF: pass (google.com: domain of doorsofv@box1175.bluehost.com designates 74.220.222.232 as permitted sender) client-ip=74.220.222.232;
    Authentication-Results: mx.google.com;
    spf=pass (google.com: domain of doorsofv@box1175.bluehost.com designates 74.220.222.232 as permitted sender) smtp.mailfrom=doorsofv@box1175.bluehost.com
    Received: from cmgw2 (cmgw2.unifiedlayer.com [67.20.127.202]) by soproxy7.mail.unifiedlayer.com (Postfix) with ESMTP id 84A09215C39 for ; Fri,
    1 Sep 2017 23:50:46 -0600 (MDT)
    Received: from box1175.bluehost.com ([50.87.248.175]) by cmgw2 with id 4Vqj1w00l3no00q01Vqmx1; Fri, 01 Sep 2017 23:50:46 -0600
    X-Authority-Analysis: v=2.2 cv=IspuSP3g c=1 sm=1 tr=0 a=ZGpYF3R9av1KVggUQYjyig==:117 a=ZGpYF3R9av1KVggUQYjyig==:17 a=IkcTkHD0fZMA:10 a=2JCJgTwv5E4A:10 a=eLEXLPMnAAAA:8 a=cNaOj0WVAAAA:8 a=3gznCMWBZ5u3K-Cr9X4A:9 a=8jPl8b1L-dkswZAf:21 a=7g7r5GJnjx26k2DO:21 a=L4Rp5h-_gRjJhvEI:21 a=QEXdDO2ut3YA:10 a=TnA9z4vs7e96t_Vj_DNd:22
    Received: from doorsofv by box1175.bluehost.com with local (Exim 4.87) (envelope-from ) id 1do1KN-003TIa-D2 for lawrencepersonXXXXX@gmail.com; Fri, 01 Sep 2017 23:50:43 -0600
    To: lawrencepersonXXXXX@gmail.com
    Subject: Request to reset your domain associated with this e-mail address
    X-PHP-Originating-Script: 1982:mail.php
    MIME-Version: 1.0
    Content-Type: text/html; charset=utf-8
    Content-Transfer-Encoding: quoted-printable
    From: Bluehost
    Cc:
    Message-Id:
    Date: Fri, 01 Sep 2017 23:50:43 -0600
    X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
    X-AntiAbuse: Primary Hostname - box1175.bluehost.com
    X-AntiAbuse: Original Domain - gmail.com
    X-AntiAbuse: Originator/Caller UID/GID - [1982 1982] / [47 12]
    X-AntiAbuse: Sender Address Domain - box1175.bluehost.com
    X-BWhitelist: no
    X-Source-IP:
    X-Exim-ID: 1do1KN-003TIa-D2
    X-Source:
    X-Source-Args:
    X-Source-Dir:
    X-Source-Sender:
    X-Source-Auth: doorsofv
    X-Email-Count: 38
    X-Source-Cap: ZG9vcnNvZnY7ZG9vcnNvZnY7Ym94MTE3NS5ibHVlaG9zdC5jb20=
    X-Local-Domain: yes


    =09

    =09=09

    =09=09=09

    =09=09

    =09=09

    =09=09=09

    =09=09

    =09

    3D'Bluehost'
    =09=09=20
    =09=09=09=09

    =09=09=09=09We received a request to reset your domain associated with this=
    e-mail address.

    =09=09=09=09This request was generated by a user clicking the 'Domain Reset=
    ' link. If you want it to be reset, then you can safely ignore this message=
    .
    =09=09=09=09

    =09=09=09=09

    =09=09=09=09If you did not request to have your domain reset, or do not wan=
    t it to be reset, please protect your domain. You can refuse this request a=
    nd securely reset your password by clicking the link below:=20
    =09=09=09=09

    =09=09=09=09=20
    =09=09=09=09

    =09=09=09=09https://my.bluehost.com/web-hosting/password/
    =09=09=09=09

    =09=09=09=09=20
    =09=09=09=09

    =09=09=09=09Alternatively, you can copy and paste the link into your browse=
    r's address window, or retype it there.
    =09=09=09=09

    =09=09=09=09=20
    =09=09=09=09Thank you,
    =09=09=09=09Bluehost Support
    =09=09=09=09http://w=
    ww.bluehost.com/

    =09=09=09=09For support go to http://bluehost.com/help
    =09=09=09


    Interestingly, even though all of that is in a code tag, part of it (including the link) is still rendered. (I don’t need to tell you not to click that, do I?) I wonder if the 3D class stuff bypasses standard rendering layers.

    Here’s the important segment (opening and closing greater than and less than signs omitted):

    a href=3D'http://my.bluehost.pazencore.com/web-hosting/?q=3DbG=
    F3cmVuY2VwZXJzb25AZ21haWwuY29tDQ=3D=3D' target=3D'_blank'>https://my.bluehost.com/web-hosting/password/

    Here’s the whois registrant and admin contact for pazencore.com domain:

    Name: EDOUARD VAN DE VELDE
    Organization: EDOUARDVDV
    Mailing Address: BAKKUMMERSTRAAT 37, CASTRICUM 1901 HJ NL
    Phone: +31.0615954306
    Ext:
    Fax:
    Fax Ext:
    Email:EDOUARDVDV@HOTMAIL.COM

    More interestingly, here’s the tech contact:

    Tech Contact
    Name: BLUEHOST INC
    Organization: BLUEHOST.COM
    Mailing Address: 550 E TIMPANOGOS PKWY, OREM UTAH 84097 US
    Phone: +1.8017659400
    Ext:
    Fax: +1.8017651992
    Fax Ext:
    Email:WHOIS@BLUEHOST.COM

    So here we have a Bluehost phishing scam being run from a Bluehost domain.

    I think it’s time to have an interesting discussion with BlueHost support…