I'm writing an unrelated topic tonight as it has to do with twitter/stocktwits which is pretty integral to my business and my reputation online.
So I tried out a new twitter app that wasn't secure and wasn't using oAuth (this app wasn't the culprit-- was a phishing scam), and my twitter account was comprimised. A day later, they used the api to access my account and started to spam to my followers. I had changed my pw but then changed it back-- bad move.
Anyways I'm not too happy and neither is the rest of the Twitter-verse. So I've declared jihad against the culprit: gatherfollowers.com. Someone (maybe them, maybe not) is promoting their site by hijacking your twitter account to tell your friends. Allowing them to hijack your account is part of their terms of service apparently, but I never signed up for their site so they shouldn't have access to my twitter user/pass to begin with.
Anyways, I had a guy smarter than me take a look at what he could find-- wasn't too hard, just a couple whois requests on the server and the nameserver:
Registration Service Provided By: NameCheap.com
Contact:
Visit: http://www.namecheap.com/
Domain name: gatherfollowers.com
Registrant Contact:
WhoisGuard
WhoisGuard Protected ()
Name Servers:
ns1.osgnl.info
ns2.osgnl.info
So namecheap did the reg. The contact info for the server on which the domain is hosted is protected. But let's look at the nameserver:
Domain ID:D28972607-LRMS
Domain Name:OSGNL.INFO
Created On:04-Jul-2009 17:26:04 UTC
Last Updated On:04-Jul-2009 22:10:32 UTC
Expiration Date:04-Jul-2010 17:26:04 UTC
Sponsoring Registrar:GoDaddy.com Inc. (R171-LRMS)
Registrant ID:CR5887149
Registrant Name:Rashid Alkhaili
Registrant State/Province:Dubai
Registrant Postal Code:5591
Registrant Country:AE
Registrant Phone:+971.502750502
Related Contact: [email protected]
So the nameserver registered on godaddy.
What You Can Do
So if you've been a victim either directly or indirectly, I encourage you to take action. As twitter is part of my business and my reputation matters, I decided to take this on.
Report Abuse to GoDaddy Here. Or twitter them @GoDaddy or @GoDaddyGuy
Report Abuse to Namecheap Here. Or twitter them @NameCheap
The Abuse should be about the nameserver for GoDaddy and gatherfollowers.com for namecheap. Tell them that they phished your twitter username and password and used your private account for spamming.
Hopefully these two companies, with whom I've done business with in the past and trust, will be able to help us out.
I'll update this page later on as I get further data. GatherFollowers.com may not have been the actual culprit but a third party just using their platform as a tool. But until I see evidence against--jihad.
Update 1: Here's the Disclaimer on gatherfollowers.com:
Our site does not phish accounts, any content on this site may not be 100% percent accurate. By using this site you agree Needfollowers.com is not to be mentioned or involved with any legal matters.
Needfollowers.com is a suspected phishing site, and is also found on quickfollowers.com, probably same group.
Update 2: Here's part of their ToS on gatherfollowers.com
7. You agree if you spam our site you will be banned from our service forever with out hesitation.
The fact that they say that leads more credibility to the thesis that their site may have little to do with the spam and could be from someone else.
Update 3: Talked to NameCheap
They ran a whois on the ip rather than the domain and the hosting comes out of the Netherlands, compay is Ecatel. I've seen a lot of shady stuff come out of those servers. I will email [email protected] but don't know what kind of response I'll get.
Pretty sure this is related to twitviewer.net-- that's where I first got caught up in this bs. Also seeing that followers247.com part of it too.