Update on Cowgirl Blog Malware Attack

Hey readers –

I wanted to update you on the status of some malware attacks that many of you were kind enough to help identify yesterday. Thank you!

MT Temperance was able to shut down the onslaught last night.

Apparently, there’s someone out there who feels threatened enough by this blog to direct (or hire) a concerted attack.  The attackers were not able to infect this site itself, nor pose a risk to readers, but did eventually break into the hosting site used by the blog so that google search results redirected people to a porn site.

Unless you clicked on the porn  site, you need’t worry, but it wouldn’t hurt to update delete your cookies/web history so that you get here as intended.

If you accidentally did, you should run a virus scan and make sure all your software is up to date. If I’ve missed any thing important I encourage MT Temperance, who as many of you know has also kindly served as this blog’s moderator, to comment as well.

I’m certainly not going to let this kind of maliciousness shut down this blog.



21 Comments on "Update on Cowgirl Blog Malware Attack"

  1. Who else has the power to do such a thing other than the “Double G” that is trying to lie his way into the Governors office.

    • Or the Money for that matter.

      Hiring a Black Hat costs money, something only our millionaire republicans who want to takeover the state have.

  2. We caught the hackers as they were testing the waters here. they certainly didn’t get too far…..

    It seemed the only reason for the attack was to shut us down, and keep our readers from viewing our site.

    While I did find Malware code to re-direct our viewers to porn and pill sites, I did not encounter any viruses or malware structures that could harm our readers….. just Cowgirl’s site. The codes were stripped and defenses put in place. We rescanned our site and it is now certified as clean by Surcui and Google Folks, so you’re good to comment at your leisure.

    Thank you to our concerned readers for tipping us off! you guys rock!

    This was all probably because of our opinions and real news gathering as progressives in this election year…….

    I am sure there are some conservatives somewhere, who are not very happy at this time.

  3. Lets not get paranoid – wordpress sites are scanning continuously by bots trying to find vulnerabilities. Getting one hacked to redirect to a porn site is not uncommon. Not being critical of the platform used for the blog – it is just the nature of the framework

    • No one here has gotten paranoid. This was a specific hack.

      Let’s be specific shall we. It is our duty to report our news to our viewers cleanly. And it is important to keep them safe in the process. The word-press site wasn’t hacked, the domain was. Nothing else to see here….. move along!

    • I would agree. The source of the attack could be entirely unrelated to politics, as there are hundreds of attacks on normal websites every day by automated systems. This could easily be caused by nefarious peoples from other countries for an unrelated financial incentive.

      Also it could totally be angry conservatives, but the other types of attacks are far too common to instantly pin it to our political opponents without direct proof.

      • I don’t think for a moment thats what MT.T said. I said it was possible because our republicans have that kind of money, and lets be honest they as politicos are not the most trustworthy.

  4. They got Ed Kemmick a couple weeks ago.

  5. Too bad. Ed is a good Guy!

  6. I’m glad this problem got solved as I found it quite disturbing on multiple levels. Interesting, but not surprising, the immediate finger pointing. There are a lot of untrustworthy people out there who do this sort of thing and they have nothing to do with politics. But its fun to be come to ones own conclusions I guess! I’m glad the site is up again.

    • Thank you Matthew, but I do not put too much stock in conspricy theory websites or what they say. All websites are built with html5 now. it is the standard. There is nothing nefarious about it. HTML5 allows website designers to build sites with better video and animation drawing techniques. http://www.ncbi.nlm.nih.gov/pubmed/21271452 People who do not want to know the new technique, usually succumb to conspricies such as JC. But in reality this site is built on wordpress PHP not HTML 5 though we can use it on static pages if we so choose.

      Our site is quite safe for our commenters at this time now, we have the right defenses up, we scan every day now.

      The majority of people posting over there are not allowed here anymore. because they were too toxic a bunch to play nice with other commenters. they seemed uninterested in our comment policy.

      It was however pretty funny stuff!

      • The Reality is those guys over there are in some kind of conspricy bubble they need to break free from.

        Even the FBI paid over a million to break into an Iphone….Something apple refused to unlock. Cowgirl isn’t an Iphone but she was lucky to have an IT guy who kept her site from being defaced.

        I agree with Mr T here, they are pretty kooky over there. A lot of the commenters, are conspricy nutcases that cowgirl had to ban here.

        Supposed DINOS?

        Lastly I consider it a badge of honor to be named and so hated from that group. It’s actually kinda cool!!

      • Matthew Koehler | April 22, 2016 2:58 PM at 2:58 PM |

        Oh, got it.

        If you’ll allow me to get past the irony of one “conspiracy theory website” that prides itself in dishing out “political gossip” blasting a rival site because they are supposedly a “conspricy (sp) theory website” also, I should point out that JC has been an IT expert basically since computers were invented.

        Also, as long as we’re having this discussion, what does the MTCowgirl blog say about this information from JC about you folks using GoDaddy?

        “One last poke at MTCowgirl. They are hosting their website at GoDaddy. While many people think of GoDaddy as an inexpensive web hosting outfit best known for exploiting feminine attributes in their marketing, it is much worse than that.

        GoDaddy is the province of Bob Parsons, billionaire extraordinaire, and right wing political activist. He also is infamous for his elephant hunting expeditions, and other exploitive activities.

        So this begs the question: why would MTCowgirl.com give their business to GoDaddy and feed profits to the likes of Parsons, when there are so many other progressive businesses offering competitive services at similar prices?”

        I’m certainly far from being a tech expert, but I do know that our non-profit has used Missoula’s “Modwest” for web hosting for a long time and they are great, inexpensive and very much available and willing to help whenever there are problems.

        Perhaps the MTCowgirl should go local and check em out: http://www.modwest.com/about.phtml

  7. Pretty sure she has been using Go-daddy for years because, Lets be honest, the prices are appealing and their probably the better known service provider. I have twenty domains myself with Go Daddy and I haven’t had a problem.

    I send all my customers to them because they are fast, cheap, and easy.

    ✔Reptile dysfunction site isn’t hosted in Montana. its hosted in California.
    ✔The Mt. GOP is hosted out of Arizona.
    ✔ Big Sky Press where you have written countless articles, is hosted out of Burlington, MA.

    So………Maybe you can tell me, why it is so much more important for Cowgirl to follow some hypothetical rule you just made up on how someone should spend their Domain money, but you do not have to follow that rule yourself?

    • Matthew Koehler | April 22, 2016 4:05 PM at 4:05 PM |

      Huh? So……..You must have me confused with someone else. I don’t recall writing countless articles at “Big Sky Press.” Honestly, I’m not even sure what that is. I certainly have no say in where they host their domain. I also have zero affiliation with Reptile dysfunction. The only website I have control over has its domain hosted by the good folks at Modwest in Missoula. Again, I’m not a tech person, so perhaps I’m missing something here. I guess it’s great that Go Daddy is where you send all your customers because they are ‘fast, cheap and easy.” Guess you simply don’t mind the part that, according to JC, “GoDaddy is the province of Bob Parsons, billionaire extraordinaire, and right wing political activist.” So much for “Be the change…” eh?

  8. What the….? You’ve never written articles for the Missoula Independent Matthew? that is Big Sky Press

    And why attack a guy who actually is living the American dream. so yeah he handed 1 million to a Romney pac a few years ago, it is any different when Bill Maher handed a million to one of Obama’s Pac?

    Bob Parsons came from a regular american family, grew up struggling like a lot of americans do. served his country, went to college, learned code on his own. started a company got rich. All the trappings of the american dream. Thats not okay with you anymore???? That fine with me.

    Parsons has given over 60 million to charities. He signed the “Giving pledge” like the Bill Gates, and Warren Buffett has http://givingpledge.org/…… To start giving away half of all his income towards philanthropy. Something the Koch brothers and the Walton( walmart)family hasn’t done

    Tell me where and how, what he is doing with his money is anywhere as evil as the Koch brothers poisoning people and ecosystems…..oh yea I forgot Parsons shot an elephant legally once. That pissed of the PETA People a fake group who only spends about a quarter of what they receive on animals rights and care.

    Parsons isn’t an enemy here, and neither should cowgirl get stuck in your bias definition of him. HIs money was made in internet domains not poisoning large swathes of the world. His ideas, his company are possibly helping enrich other folk not unlike him starting out. Not a Koch, not raised as someone’s rich baby with a silver spoon……A real life hard working American who started with zip and ended rich. That bugs the shit out of you?

    Your going over the edge here little brother over nothing. Stop believing all your own babble.

    Let’s not go down the rabbit hole here, and start believing, and testifying that “living and working on the American dream is bad for all Americans.”

    This guys is just a moderate republican at heart. I don’t begrudge that especially when there is no greed at work here.

    • Matthew Koehler | April 22, 2016 5:08 PM at 5:08 PM |

      Really? The Missoula Independent is “Big Sky Press?” Ok, if so, guess I missed that. And nope, I’ve never written “articles” for the Missoula Indy, but I have written a few “letters to the editor” that appeared in the Missoula Indy over the years. I apologize for not even thinking to check where the Missoula Indy (or “Big Sky Press”) hosts their domain prior to submitting that “letter to the editor.” Can’t think of everything, I guess. Not even sure why we are discussing this. But whatever….

  9. I don’t know if this is the result of the malware attack, but the change happened at about the same time.

    The list of “Recent Comments” used to be in the form of:

    Now they are in the form of:

    I find it harder to follow people’s comments with the current format. For example, if the list of comments shows that Norma Duffy commented on Why A Creationist Museum Matters, I can’t tell if that’s a comment I already read, or if it’s a new comment on the same blog post. When the list of comments showed the first few words of the comment, it was easy to tell if it was a new comment.

    There also used to be a list of which posts had the highest number of comments in the last 30 days and which posts had the highest number of views in the last 30 days – both of which I liked.

    Could those items in the sidebar be setup the way that they were before?


  10. OK, so angle brackets don’t show up in the comments…

    The list of “Recent Comments” used to be in the form of:
    “Name of Poster” “The first few words of what they said”

    Now they are in the form of:
    “Name of Poster” “Title of blog post they commented on”

Comments are closed.