Going into the past weekend, one of our product sites had a problem in which accessing the page caused a very scary (and completely incorrect) “Reported Attack Site!” message in Firefox browsers, and a similar message in Safari (and Chrome as well, reportedly).  Of the major browsers, only Internet Explorer was allowing direct traffic to two specific pages, because it was the only one that does not (by default, anyway) subscribe to the StopBadware.org database.  To access our site, a user would have to click to ignore a message that said, more or less, “Run away from here and never come back.”

The problem began last Thursday, when FileKicker, a Digital River company that provides download bandwidth for many independent software publishers (including Goodsol Development, until recently), got blacklisted on the aforementioned database.  This meant that downloads from FileKicker generated the scary message, presumably because they delivered some “badware” somewhere, although I have no evidence (nor much doubt) that this happened.  The report was filed by Google.

On Friday, two of our pages that linked to downloads there were blacklisted as well because, I guess, Google assumed that if FileKicker was bad, anybody who linked there must be bad, too.  This is the “bad neighborhood” idea: we never linked to anything classified as badware or even any third-party software, but if we linked to a “bad” site, we must be bad ourselves.  Of course, the fact that FileKicker provided services for thousands of clients does not seem to matter.  This was bad on Windows, but devastating on Mac OS X, where Safari has the vast majority of the market.

By very early Sunday morning, due to quick action from Goodsol to remove all FileKicker links, and a subsequent retraction from Google, our pages were no longer banned, but all our direct links to FileKicker downloads (such as those stored at Apple Downloads) were still a major problem.  It took until yesterday [Wednesday] evening (i.e., six days) before FileKicker got this problem resolved for their downloads, with precious little information provided to customers in the interim.

This was a ridiculous episode, which produced many insights:

1. The problem was first reported in the newsgroups of the Association of Shareware Professionals (by Dexter Bell of The Utility Factory, developer of FileBoss, an excellent file manager).  This is one of those situations in which ASP membership (and participation) was invaluable for rapid response.
2. Digital River claims to be “the global leader in e-commerce”, a public company with close to $3 Billion in annual transactions, yet it took DR three times as long to fix the problem as Goodsol Development, a MicroISV, and never informed its clients until well after ASP members informed them.
3. SWMirror, an independently operated download service run by Mitchell Vincent, was able to provide (better) services to affected publishers and have many downloads restored before FileKicker, part of a conglomerate with more than 1000 employees, even acknowledged the problem.
4. The pattern of Digital River buying successful companies serving the shareware industry and turning them into garbage is intact; in fact, that record may now be unblemished.  Dealing with DR companies should only be done with due deliberation.  (read: “Do not touch them with a bargepole.”)
5. The concept that Google can, with a simple electronic “report”, essentially shut down an internet business overnight, is more than a little scary.  Imagine launching a product that could compete with Google (or a blog being critical of them) and having most of your traffic cut off by a similar unsubstantiated report.
6. The whole internet is a “bad neighborhood”. In fact, Google itself would be the worst culprit of all, since it provides links to nearly every crack site, domain squatter, malware distributor, and internet fraud out there.

Really, I am definitely in favor of a system to eliminate (or castrate) true spammers and distributors of malware, but when an honest company that has been doing business online safely almost since the inception of the web is economically impacted, things have gone too far.

Here endeth the rant.

Last Friday, at 4:38pm, I received an email from Facebook entitled, “Reminder: 5 of your friends invited you to join Facebook…” Fine. Some people collect and count “friends” on that service, while I do not join and count the number of real life friends who have invited me to join. (My wife and business partner knows me well enough that she is not part of that group.) If I were to join, of course, I would lose count.

Then, at 11:40pm, I received another one, nearly identical, but with different ‘Other people you may know on Facebook’. Curious, I verified that the messages were both coming from Facebook, via email headers and the fact that the (accurate) list of invitations I have received should be known only to them. “Oops, duplicate message,” I thought. On Saturday, I received reminders at 4:44am, 6:47am, 12:16pm, 5:07pm, and 9:44pm. For good measure, I received another one on Sunday at 1:28am. Eight nearly identical messages within 33 hours trying to get me (now pissed) to join their silly little club. Not likely.

[I just decided to check the names in all eight messages, and two actually suggest that I may know my own brother. That I do. None of the other names, though.]

After the Facebook “fun” stopped, a denial of service attack on our server began. Somebody started bombarding the server with random spam messages to, literally, random (GUID-like) addresses at our domain. Not a single message from the culprit had any chance of hitting a real address, since they were not even in a human usable form, but we were getting hundreds per minute, and lost the server entirely for a while.

In the middle of dealing with this mess, the home phone rang (which normally puts me on edge anyway) and I answer to find that Payless Shoes has decided to robodial me to tell me about some sale coming to an end. Seriously?!? We are on the national Do Not Call list, and the fact that we may have bought cheap shoes there once does not give them the right to call me. I have no idea how they would have my number in the first place, so it may have just been coincidence. Report filed; customers lost.

The mail arrived with a machine printed return address from “Ealge Eye Fitness”. It made me laugh, since the people that sent it out clearly did not have the Eagle Eyes that they intended to portray. Business not earned.

Once email service was returned to normal, “Michael Jackson” became only the second actual name inducted into my spammers hall of fame filter, joining “Oprah”, as subjects (or subsubjects) that guarantee a message is not intended for nor of any interest to me. The sheer number of “surveys” and “news items” about his death was astonishing, especially from an industry which still regularly sent me (in June) special offers for Valentine’s Day.

Now that it is officially July, let me simply say that the greatest musical loss last month was definitely… Koko Taylor, who died on June 3 at the age of 80. (I saw her pitch a Wang Dang Doodle live more than 20 years ago, and she kept tearing it up right to the end.)

Here endeth the rant.

Last Friday, our cable television went out. Not like ‘some services are missing‘ out, but like ‘somebody just sliced a cable‘ out. There was static on all of the analog channels, and just black (no signal) on everything digital. Many months ago we made the decision to ditch their cable modem in favor of our SDSL connection (from ACD.net), which was both faster and more reliable. We decided that the redundant Internet connectivity was more trouble than it was worth, at the added expense, and also, frankly, were just unhappy with Comcast.

For the last year or so, Comcast has been on an all-out media blitz to get people signed up to their VOIP package, bundling cable television, Internet, and telephone. The timing may have been coincidental, but the mailings seemed to intensify after we downgraded, and when we had to call about (somewhat regular) problems with the only service we kept (cable television), we always had to listen to another pitch before we could tell somebody in another state that our local HD was out… again.

Anyway, when the cable television service went completely dead, we called the customer support number. Instead of the usual sales pitch we got… wait for it… nothing. Yup. Apparently they use their own VOIP service, so when the cable system has a failure, you cannot reach anybody there by telephone. Brilliant! I was not even vaguely intrigued by the offering, but this definitely convinced me that my convictions against this technology (and Comcast) were not unfounded.

Not that I am any fan of AT&T either, but I am a believer in land lines. In the event of an emergency, when one really does need to have a phone, I am glad to have a system that will work even when the power is out. (Yes, we keep a standard handset telephone for just such an occasion.)

Our cable television signals did come back before prime time, but I think that all a satellite television company needs to do is add CBC and we are there. (Perhaps we should just move to the Bahamas where, oddly, Canadian programming is also available. Do they long for snow?)