Have you received an email claiming you’ve infringed the Digital Millenium Copyright Act (DMCA) recently?
For people with screen readers here’s the relevant text from the screenshot
Cloudflare received a DMCA copyright infringement complaint regarding: realbasics.com
The information we received was the following:
Work: I, XXXXXXXXXXX, would like to draw your attention towards https://www.realbasics.com/ this website owner who copied the content from our website !! I did not authorize or approve this website owner to post them here. …… Kindly act expeditiously to remove this infringing or unauthorized content post from this website ASAP.
We have forwarded this complaint to your hosting provider.
The Cloudflare Team
I got one of those and turns out quite a few others have received similar notifications. I called the attorney listed on the complaint and they adamantly denied any involvement. (No surprise: the address used in the complaint is a vacant lot!). It looks like the lawyer may also be a victim of identity theft!
After reviewing the takedown request the lawyer informally (not legal advice!) told me that since he didn’t make the complaint the infringement notice is not actionable.
So what’s going on?
First of all, what they’re doing
It looks like the actors behind this behavior do this one neat trick
- Identifies a “controversial” or negative post about one of their clients
- Copies the contents and posts it on their own website…
- …using the names of attorneys (at least one) as the authors
- Manipulates the publication date to one day before the original’s published date
- Uses “no-index” methods to prevent search engines from indexing their bogus post
- Submits an infringement notification with the alleged lawyer’s name and a phony Gmail address
- Make money
They’ve got a lot of !%# gall, right?
In my case I’ve got an iron-clad “alibi.” The original post they copied and complained is actually a follow-up to a previous post. The first sentence has a link back to that post.
Both posts have very similar contents and very similar images (since I created them myself using the same tools and formats.)
The back-dated copy doesn’t link back to anything — no surprise since they’ve just copied and pasted my content.
Second of all, a strong guess about why they’re doing it
I’ve been in contact with several other people who’s posts have been similarly copied, back-dated, and then hit with infringement notices.
In each case the subjects of the target posts call companies or individuals into question. It’s not unreasonable to assume that some people might like to see negative information about their enterprises scrubbed from the internet. And some of those people might hire an “aggressive” reputation management company to try and deal with it. And some of those companies might not be above pulling “black hat PR” moves… like hacking the DMCA infringement regulations by back-dating other people’s posts and claiming the original posters needed to be shut down.
One of the other victims of this exploit contacted me and told me they’ve spoken with at least eight other site owners who’ve had the same experience. Two of them (including the one who contacted me) had not just the “offending” post but their entire websites taken offline as a result!
I’m not going to say any more about this at the moment, because other parties and possibly their lawyers seem to be getting involved.
Instead I’m just going to say if you get one of these takedown notices and you haven’t actually plagiarized someone else’s content it might be a good idea to do a little due diligence.
- Definitely push back.
- Get on a search engine to find the real lawyers who’s identities are being misrepresented in the infringement notices and get clarification that they’re not involved.
- And let your hosting company know, in no uncertain terms, that the notices are invalid.
Chances are very good that neither the black-hat PR companies nor the people who hire them are up to any good.
So, about the WordPress Ninja Forms plugin and missing forms.
If you use NinjaForms and got that forced security update in mid June, 2022, your forms may have disappeared from your Contact page or other places on your site. Chances are the site isn’t really broken. Instead the plugin may have disabled the forms by putting itself into “maintenance mode.”
Here’s how to fix it:
Follow these simple steps
- log in to your site’s dashboard
- visit NinjaForms -> Settings
- manually click the “Remove Mantenance Mode” button near the bottom of the settings page.
- don’t forget to clear any caches too
While this post is specifically about the forced update in June, 2022, you may also run into disappearing NinjaForms forms other times as well, especially after migrating a site to a new server, and possibly when an update requires changes to the database.
I found missing forms on around half the sites I manage that use NinjaForms! To be safe I went ahead and applied the fix on every site that uses NinjaForms. The steps, above, are very simple but when you’re talking about dozens of sites it… takes a while. (I’m posting this while taking a break from the chore!)
This seems like a really awful “feature.” I understand their reasoning, but contact forms and other forms are often the life’s blood of a working website. If those forms disappear it’s bad for your visitors and bad for the site’s owners as well!
I’ve discussed this issue before but a lot of my clients get this “Renewal Notice” from a company called Domain Authority. Looks like they’ve updated their stationery but they’ve been sending these things out for years.
Almost everything about the letter implies it’s an invoice to renew your domain name until you get to the “fine print” on the second page where they admit it’s just a solicitation to have your site listed in their “yellow pages” style directory.
As I mentioned in that previous post what they’re doing seems to be technically legal so I probably can’t legally say it’s a “scam.” But I can say without qualification that everyone should think
twice ten times 100 times before you send 289 hard-earned dollars to some random directory listing in Hendersonville, North Carolina (the address on their solicitations) or possibly Sante Fe, New Mexico (the address on their website.)
If you go to their website you’ll see an even more clear disclaimer at the bottom of their home page:
Domain Networks is an online directory listings top websites from local businesses from around the world. We do not provide domain registration or domain renewal services.https://domainnetworks.com/
Disclaimers in their FAQ are even more direct
Q: I received a mailer that looks like a bill.https://domainnetworks.com/faq
A: What you received in the mail is not a bill. This is an advertisement for our domain listing services.
I’ll repeat: paying these guys will not renew your domain! You do that through your actual domain registrar.
Over at PostStatus David Bisset has a thoughtful post about brushing off the recent Facebook/Instagram/WeChat outage with quips about “own your own content.”
Time will tell if Facebook being down on Oct 4th will be the single greatest system failure in tech in 2021. There’s been some good writing explaining what went wrong (and the fact that mistakes happen), but predictably when sites and networks fail like this there are reactions on social media. Eventually, especially in the WordPress community, when it comes to corporate sites and social networks someone is there to wag a finger and say “See? Own Your Own Content.” Me included.
This time around — maybe because it was Facebook or I’m just showing my age — it felt different saying “Own your own content.” Yes, you should own your own content. But that’s not possible for many people today, and many were hit harder than you may realize.David Bisset, PostStatus
I agree there’s a certain amount of “first-world problem” elitism when small (and large) web publishing advocates say “own your content.” And as you say, in some parts of the world Facebook and its messaging properties are the only available media for business and government (and also, evidently, human trafficking and organized crime!)
But the point of “own your own content” isn’t necessarily to have your own bespoke WordPress website. Instead it’s to… well… own your content. Preferably across a range of platforms.
In my experience as a WordPress support specialist, Facebook (or Amazon, or Google, etc.) outages are very rare compared to even very well-run individual websites. 99.9% uptime still means about 8 hours of downtime per year, right? So it would be risky to publish only on WordPress as well!
I still recommend that people have their own websites, not because they’re more reliable or more popular but because it’s a great foundation for the COPE/CORE publishing strategy: Create Once Post/Repost Everywhere.
It doesn’t necessarily matter where you create your content. Twitter is great for short messaging. Tumblr and Tiktok are surprisingly usable. Matt Mullenweg’s commercial but largely free WordPress.com is fine too. Even Facebook can be ok if you’re able to finesse their algorithms and/or pay to boost your posts, though unlike any of the above it’s harder to get a reliable permalink for cross-posting. Same with Weibo, Zhihu, Pinterest, Wix, etc.
But mostly it’s a good idea to cross-post your content to multiple platforms. Create your content somewhere and paste links elsewhere so they won’t get lost. Or filtered. Or censored. Or “shadowbanned.” WordPress is quite good for all of that that but as I’ve said it doesn’t have to be the only place.
Finally, as far as affordability goes, the WordPress Hosting group on Facebook (ironic I know) is filled with discussions of people using and troubleshooting $1/month hosting in places where SiteGround or Cloudways are extravagant luxuries. So it’s not as though WordPress is completely out of reach.
I definitely get your point, but I think it’s still ok to say own your own content. Even if sometimes that only means control your own content.
We were approached to help a remote client recover their website after their in-house servers crashed. They had all the files and a recent database backup, which is great! We routinely reload websites from files and databases, so we didn’t see any problem walking the client through the steps over Zoom.
But what could have been a very quick repair turned into several hours of digging around because the database backup kept throwing errors when they tried to import it into the new MySQL server.
To be perfectly honest, the error message that showed when we tried to re-import the backup didn’t seem terribly helpful.
Syntax error near 'order, preferred, type, number, visibility) VALUES ( 1, 1, 0, 1, 'workphone', 82' at line 1
Turns out a plugin vendor had chosen a perfectly sensible name, “order,” for a field that happened to also be a reserved keyword in the SQL database programming language. In day-to-day use this probably wasn’t a problem, but the standard MySQL archiving tool didn’t check while exporting the database.
The import tool, on the other hand, definitely did check. And didn’t like it!
It took quite a while to notice that the word “order” in this code snippet wasn’t being used as a reserved word but as the name of a field in a database table. It took a while because very few WordPress users know SQL. Or need to know it! One of the best things about WordPress is that it takes care of that sort of thing for you!
But as luck would have it, back before WordPress was a thing I used to have to hand-code SQL all the time. That was quite a while ago so I’ve gotten a little rusty. But after about the sixth try enough of it had come back for me to remember that the reserved word “order” needs to be enclosed in back-quotes, like this
`order` if it’s going to be used as a name.
The good news is that we were able to tell the client what to do, they added the backquotes where needed, and the import ran fine. Easy peasey, right? 😂 As the old joke goes, SQL is completely intuitive once you understand it really well.
It’s not every day you run into problems like these with WordPress. In fact this is the first time I’ve seen this particular problem in years and years. But it’s good to have a deep enough background to be able to remember how it’s done… even if you hope you don’t have to do it very often.
Bottom Top line: Never, ever host a public website on your personal or business network. Pardon the mild profanity in the screenshot but this video by network engineer Serena from @serenashenetworks explains why very well.
The explanation might be a little more technical than you’re used to, but basically she’s describing the computer equivalent of someone breaking into a minor bank employee’s garage and finding the combination to the bank’s main vault. It would be a bad idea to keep such important information in an easily-accessed office, right? Turns out It’s just as bad an idea to keep important information on the same network as a public website.
(We won’t even talk about the perils of someone getting into your public website and, oh, say, infecting your entire home or corporate infrastructure with ransomware.)
LinkedIn was breached because an employee had an easily hacked website on a home computer. Similarly, the infamous “Panama Papers” scandal happened because a bank that provided secret offshore money-laundering accounts hosted its website on the same network as their internal financial documents.
Please don’t get me wrong — a well-maintained WordPress website on a credible provider’s server is going to be pretty darn secure. The problem is that do-it-yourselfers rarely take all the routine steps needed to keep their servers and websites secure, monitored, and up to date.
A public website is just that, a public website! A private network can have multiple, interlocking layers controlling who can access what and when. A website has to be visible to the world, and as a result it can be accessed continuously not only from actual people but bots, hackers, “researchers,” and other questionable actors.
Call your website the “front desk” your business. You wouldn’t keep the combination to your vault behind the front desk, and for the same reasons you shouldn’t keep your website inside your network.
If you or someone you care about is still hosting their website on a home computer or business network, have a talk with them about moving it out of their network and into a credible, off-site hosting company. There are hundreds of affordable, secure, and actively maintained companies out there — SiteGround, MDDHosting, HostWinds, Cloudways are all great, affordable offerings for smaller companies, and Pantheon, Pagely, ServeBolt, and others are awesome for large, mission-critical hosting.
But here’s the deal: even really, really bad hosting is still infinitely more secure than running your website on your personal or business networks.
Of course we’d be happy to help you chose the right hosting, help you move your site far away from of your personal or business network, and help make sure your WordPress website stays updated, backed up, and locked down tight. But there are plenty of other web professionals who can also help. It’s the right thing to do.
The short answer is “you probably should.” A number of larger industries like lumber and car-rental agencies are said to have been caught off guard by a resumption of demand as the COVID-19 pandemic is finally beginning to wind down. The problem seems to be more that they weren’t prepared than that there isn’t enough wood to turn into lumber or cars to turn into rentals. The question we should be asking ourselves is “can we learn from their mistakes.” And “how can we prepare our own businesses ready for a return to business as (more or less) normal?”
Via statistics-nerd blogger Kevin Drum, it looks like e-commerce sales are doing that “reversion to the mean” thing as things start to normalize after the COVID-19 pandemic shutdown storefronts and pretty much all non-essential shopping went online.
Drum says “This strikes me as evidence that, generally speaking, people want to get back to their old habits, rather than sticking to those learned during the pandemic.”
That sounds about right to me. As business people we all spent a lot of time in 2020 dealing… and sometimes reeling… from the consequences of the pandemic and people’s responses to it. Many people pivoted to online sales. Others started working from home. Still others started taking online orders. And almost everybody who did face-to-face business — from restaurants to hospitals to photographers to home-service and contractors — at least put a “our response to COVID-19” banner on their websites.
Looking at increasing rates of vaccinations and “openings” here in the U.S., and at decreasing rates of hospitalizations and fatalities, it’s looking extremely likely that business is going to start going back to normal.
The question is are you going to be prepared if (probably not when) it does?
Every web developer I know was absolutely swamped last year by requests to revise and sometimes rebuild website. We all worked as hard as we could to help people communicate with their customers.
As with the lumber and rental industries we may find ourselves swamped again as customers begin returning to businesses, and as businesses discover their websites are out of date yet again.
One last question to ask yourself: If my customers start coming back will my website be ready?
If you’re not sure please get back in touch with your friendly neighborhood web-support person before the rush.
I’ve been getting a lot of inquiries from clients asking “do I need to pay this bill?” This morning in a business meeting four members said they’d received one of these notifications from a company called “US Domain Authority” in Hendersonville, North Carolina.
In a nutshell:
- You don’t have to pay “Domain Authority” a penny
- Paying them nearly $300 won’t renew your domain (and $300 is easily 10 or even 20 times more than you’d pay a real domain registrar!)
- If you think you actually do need to renew your registration just log into your real domain registrar and check your account.
Based on what my clients are asking this notice can easily be mistaken as a bill to renew your domain registration. In reality, as “US Domain Authority” makes clear on a second page, they’re not domain registrars at all. Instead they’re a directory service, sort of like 20th Century phone books were directories for phone numbers. All you get for your $289.00 is your domain name added to their directory.
To save time I’m going to highlight a clarification, here’s the text from the disclaimer on the back page of what many people seem to, um, mistake for a bill or invoice:
“We are not a domain registrar and we do not Register or Renew Domain Names. … THIS IS NOT A BILL. THIS IS A SOLICITATION. YOU ARE UNDER NO OBLIGATION TO PAY THE AMOUNT STATED ABOVE.”Copy of solicitation received from a client who mistook the solicitation for a domain-renewal notice.
So the good news is that unless you want to pay $289 dollars to add your website address to a directory you may not have heard of then you can discard it.
We’ve updated this post with new hosting information
In a private Facebook group for WordPress hosting someone who’s trying to save as much money as possible asked a specific question about two hosting plans. They’d initially bought a plan from commodity provider HostGator but had been advised to switch a more premium SiteGround account. It was time for them to renew on SiteGround and they wondered if they could just go back to HostGator since it’s cheaper. (They’d never closed their HostGator account.
For some participants in that group the answer to any question (including “what’s your favorite color” will be “Cloudways” or “GridPane” or some other manager for virtual private server companies like Digital Ocean, Linode, Vultr, etc.
Being fairly new the original poster asked “thanks. Is Digital Ocean a host company?”
The rest of this post answers that question and considers the overall likely costs before getting back their actual, original question
What is a VPS and what is a VPS manager?
Digital Ocean hosts virtual private servers (VPS.) Very good, very fast, very inexpensive. Also very “bare metal.” Typically you have to setup the server as well as the website. Their support is almost exclusively related to “does the basic operating system boot and run.” If you’re comfortable doing Linux system administration then a plain Digital Ocean VPS would be a very good choice.
The recommendations above are to subscribe to a company that will setup, maintain, and monitor a VPS from a provider like Digital Ocean. Three commonly-mentioned companies that will do that for you are Cloudways, GridPane, and ServerPilot. There are a number of others. The pricing for those varies but it tends to roughly double what the base VPS would cost.
Comparing Cloudways, SiteGround and HostGator pricing
For instance the least expensive offering from Cloudways is $10/month for a single Digital Ocean “droplet.” The regular price for SiteGround’s “startup” hosting is $11/month. HostGator’s “baby” plan, which is probably the lowest you’d want to go, is about $7.00 if their 60% discount expires.
Admittedly you’ll get much better performance out of a $10 or $20/month Cloudways/Digital Ocean server, and you’ll almost certainly get better performance and more security from an $11/month starter SiteGround account. But if price is really a bigger concern than performance, then to answer your immediate question, if your site will actually run on your HostGator then that really would be the cheapest option.
Accounting for domain name registration when considering hosting prices.
As for your domain, domain names are separate from hosting the way a phone-book listing is different from a phone. The domain name is just a friendly way to point to your server’s hardware address. Moving domain registration from one company to another is relatively tedious, plus you have to pay the new registrar even if you still have time on your old one. So most people don’t bother — they just point the domain to the new server instead.
Some hosting companies will waive the registration fee if you buy hosting from them. If HostGator gave you a free registration and you drop your hosting plan with them then they’ll begin charging you their regular registration fee when it’s time to renew. So that’s another cost consideration.
Cloudways, GridPane, and Digital Ocean don’t do domain registration, so if you went with them you’d still be out the ~15 dollars U.S. for domain name renewal on top of whatever you’d be paying them. Same for email, incidentally, as none of them offer free email either. If you go with SiteGround or another hosting company you can transfer the domain over to them… but they may or may not offer “free” registration for a transferred domain.
Lots of information, I know. But, again, if you’re really scraping the barrel for cash then switching back to HostGator will save you the most money. But, again, almost certainly at the price of considerably reduced performance.
This post was updated with new information.
We’ve added Cloudways to our list of recommended products and services.
We’re a little late to the VPS market as most of our small business clients don’t need the kind of horsepower you can get with a good VPS. And to be honest, until fairly recently managing your own VPS involved considerable system-administration skills — something we rarely see in non-technical professions. That’s where Cloudways comes in! They take care of the nuts and bolts server security and management tasks!
Another cool thing about them? Since they’re only managing servers you can sign up with a healthy array of very powerful worldwide cloud-service providers like Digital Ocean, Amazon Web Services, Linode and Vultr, and Google CloudPlatform! Unlike smaller and shared-hosting services that can “run out of room” as your business grows, with Cloudways you can scale your website to handle truly gigantic traffic.
Best of all, depending on the provider you choose you can often find a data center in your region and sometimes even in your own city! For instance people in the Pacific Northwest might be interested to know that Cloudways can set you up with a Vultr VPS located in a data center in downtown Seattle!
Check out Cloudways managed hosting (direct, no-affilate link.)