Investigations so far suggest that there is some type of conditional redirect exploit/hijack being planted on many WordPress websites redirecting search engine referred visitors to fake award/survey sites such as “applefacetook”, “hurryexpectsugar”, “mouthtroubleask”, “ondiesmall”, “thendownmeat”, “makemodernfive”, “sayhitome”, “whateyeweight” among several others typically ending in a “.live” address. While this Hijack, as far as I have seen appear to predominantly affect WordPress websites, I wouldn’t be surprised to learn that this possibly affects other types of websites as well.
In my experience, for sites that are affected, to replicate… (These most certainly could differ depending on the site affected)
Needs to be done from an IP address that has yet to access the site in question. (e.g Mobile Data Connection, activate and deactivate airplane mode to get a new IP address)
Chrome or Firefox browser (Win 10 or Android) in Incognito Mode (No plugins). Reportedly in other variations of the exploit, it only occurs on Safari under iOS
Search for your site in Google search
Click on the search result that points to your website. Instead of loading up your website as expected, you get redirected to a hijack site.
The hijack will not fire If you access your site directly. This appears to be some conditional exploit based on visitors coming from Search Engines. (e.g by typing the site URL directly into the Address bar, you won’t get redirected) and it looks like it will only fire once per IP Address.
I probably should add that many so called WordPress vulnerability scanners online I’ve discovered aren’t even set up to detected this sort of hijack. The scanners based on “Securi” certainly will not detect this exploit, I’ve found.
Apparently when someone appears as deactivated in one’s friends list, this may not always be the case and can sometimes mean they’ve been thrown into Facebook Jail. Usually the first thing I noticed when a friend has their account deactivated (voluntarily or not) is that their profile picture has disappeared and then when you click on the friend’s profile, this message comes up…
Have had some friends over the years mentioning they were blocked without any sort of warning and it has taken ages, sometimes a month before they are allowed back on. Often they show up as being deactivated in my friends list.
This is a timely reminder that we shouldn’t rely solely on Facebook, run by a single for-profit company, as our sole means of staying in contact with Friends and Family, ever.
Remember, you aren’t the customer here (you don’t pay anything financially towards using Facebook), you’re the product being milked for your personal data.
I have been hearing more and more of these anecdotes and in behoves that people ensure they maintain a separate means of contact, least you end up like this guy mentioned in the Elliot Advocacy article, who has been unable to ever get his account back.
As an aside, a mass concerted movement off of Facebook I strongly feel is long past overdue. I would also even go as far as to state there is perhaps a moral obligation for the more tech inclined among us to lead the way and make the effort to make ourselves available on other (preferably federated, decentralized) platforms and gradually remove our dependence on Facebook for the purposes of staying in contact with friends and family.
I will also confess that I did buy shares in Facebook Inc. a few years go as a mental analgesic. As contradictory as this may be, my indignation and moral displeasure towards the company’s conduct started growing to the point where it began impacting an increasing part of my life and the purchase was designed to take the edge off of this.