I learned yesterday that Bob on Books is considered a “suspicious” or “malicious” site by Twitter. I can no longer post links to the site there, although I can make other posts.
A chat session with WordPress support (who I’ve always found helpful) indicated that I’ve been listed as a “phishing” site on PhishTank.com. Here is the link to the actual listing. WordPress itself found nothing on the site that is malicious or violates its terms of service and asserts that third parties can’t embed code or links on sites they host. No one who has visited my site has reported an actual problem. Phishing involves attempts to deceive you into providing sensitive information like passwords or credit cards under false pretexts in order to defraud. There is nothing like that on my site.
Apparently, on April 10, someone going by the username “prodigyabuse” listed Bob on Books as a phishing site. This individual has submitted over 11,000 sites. I found out that others “verified” that my site is a “phishing” site even though WordPress has examined the site and found nothing wrong, and it shows up trusted on Microsoft and Chrome browsers. I subsequently learned someone on a university computer couldn’t access my site, which I suspect is not an isolated incident. It’s likely that Twitter has based its “block” of content from Bob on Books on this site.
I’ve submitted “tickets” to both Twitter and PhishTank to rectify the situation. No response so far.
I find this deeply disturbing, because the effect of this is to suppress free speech. Apparently:
- This can be done by a few individuals, working together or in sympathy.
- There appears to be no actual verification by PhishTank or those who use their listings of the website. They rely entirely on user reports.
- Site owners receive no direct notice of this action.
- I could find no way to talk, even via chat to an actual person either on Twitter or PhishTank.
- There appears to be no protection against this.
No doubt there are actual phishing sites, but as it stands now, the burden of proof is on site owners that they are not phishing, when they learn this is going on.
If your register as a user at PhishTank and go to my link and click, “something wrong with this submission” and follow the instructions you can submit a report they say they will take “very seriously.” We’ll see, but I’d be glad for the support.
I’m wondering why this happened. There seem to be a few possibilities:
- One is that some people just don’t like what I’m posting, which is particularly troubling.
- A second is some spammer I’ve blocked is having his/her revenge. There is a lot of spam commenting, some of which contain links to “phish-y” sites.
- That leads to something more sinister. It does appear that it is fairly common for hackers to hide files deep inside the WordPress software and files. I found a number of articles like this one describing the problem. Both the software in my version of WordPress’s JetPack and my own virus and malware software do not show anything, and I don’t use plug-ins that are most vulnerable to this. There are expensive services that will clean your site, and more robust security options are available with more expensive WordPress plans. WordPress.com asserts that it is not possible for malicious entities to embed phishing code or links on blogs hosted on their site (which is the case with my blog), but leave it to their end users to deal with false reports. Seems like they would have more clout than I do.
- Maybe this has to do with the cover photo (see above) I recently posted on my Facebook page, taken at our local aquarium. Maybe my fish tank picture got me in the PhishTank! Probably not but one must maintain some humor with these things.
Needless to say, this is unsettling. I love looking at fish in a tank or aquarium, but am not particularly crazy about being in one.