First of all, we wanted to thank our loyal customers for supporting us despite the issues we’ve experienced with rogue affiliates. Some of you might be interested in how we’re dealing with this and other issues.
We’ve discovered a couple of websites gizri**.com and dealsandgiveawa**.net that contained some extremely deceptive ads that lead people to believe their computer is infected. The ads lead to this website. Because these affiliates are essentially anonymous and work via affiliate networks that do not disclose their sources we couldn’t identify the companies behind these ads. Instead we stopped all of our affiliate networks that do not disclose their affiliates.
Call Center Attacks
We have also seen an increase of prank calls to the call center we contract to support our customers. The callers proceed to harass, bully and racially abuse call center operators. Every single call, chat and interaction is recorded and will be investigated in due course.
We have also experienced an abrupt increase in brute force SSH attacks coming from all over the world which is consistent with a typical botnet attack. We have blocked over 4K IP addresses so far and hardened the server security. All the attacks have been logged for further analysis as well.
Despite disabling the affiliate networks we’re still seeing a number of websites which seem spammy or plain empty. We do not know why these websites send users (or bots) to outbyte. They most certainly are not getting paid for that. This could be a deliberate attempt to discredit the company. We have logged a massive amount of metadata (IP addresses, date and time patterns, etc) and are now investigating the source of these referrers.
In the meantime to prevent people from being misled to visit our website we decided to compile a list of these suspicious websites and ban them. Obviously we can only act where we see a referrer in the HTTP request. Unfortunately as referrers can be spoofed and are often stripped by security software and browsers (sometimes for good reasons) this temporary solution will only work for a small fraction of visitors.