# How can milvpn have a full copy of my site?



## ScienceOnline (Nov 28, 2014)

I found a copy of a site of mine here: http://vpnny-1.milvpn.net/ , it is not ripped, it's the full site, the domain milvpn.net has only two subdomains, "billing" and "vpnny-1" and nameservers are NS12.WELOVESERVERS.NET and NS13.WELOVESERVERS.NET, the site of mine is about a dialect spoken in a town in italy, nothing interesting . 
The domain milvpn.net is registered by Lincoln Vogler, here is his twitter account https://twitter.com/r0guen3rd which links to horizonhosting.us that redirects to weloveservers. 
Here is the twitter account of milvpn https://twitter.com/milvpn that follows Lincoln Vogler account and josh https://twitter.com/ServerJosh. 
So where this genius got my full website (a copy from some weeks ago)? the copy is indexed by google and he didn't removed the tracking code, that's how I found it.
I use incapsula for this site, and it is hosted by cvps, by the way also the copy is hosted on an ip registered by Chris of Cvps 192.210.240.77 .
Is there a connection between wls and cvps so they can access my vps? or this guy hacked my vps, get that useless site and put it on line?


----------



## drmike (Nov 28, 2014)

Oh boy... here we go...

Let's start with the domain here at play:

milvpn.net

Creation Date: 2014-10-28T17:33:00.00Z


Registrant Name: LINCOLN VOGLER

Registrant Organization: NEW HORIZON HOSTING

 

 

Why is Lincoln registering domain under New Horizon as end of October?

 

Because...

 

 

 


*Monday, April 21, 2014*

WeLoveServers has acquired Horizon Hosting today (April 21, 2014). We are excited to inform all Horizon Hosting clients that they will stay on the current servers. Therefore, no prices will be increased, services will stay the same, however just under WeLoveServers. 




From: http://core.weloveservers.net/announcements.php?id=18

If you go to milvpn.net and click on a product to go to cart:

https://www.billing.milvpn.net/cart.php

You get:



> Your Websites Is Down
> 
> ./K.L.G.0


Hacked perhaps?

So my question @ScienceOnline is where was your original site hosted?


----------



## ScienceOnline (Nov 28, 2014)

I hosted it on an OpenVZ of Cvps in Buffalo, the copy they have is 2 or 3 weeks old, I use incapsula for that domain and I have a copy on my pc and a copy on an online storage service but files are encripted with AES 256 bit.

On statcounter I seen that they come from here 96.44.147.2/~hostcepu/images/kl.php?p=4 and according tho domaintools it resolves to mrtickle.weloveservers.net .


----------



## MartinD (Nov 28, 2014)

Well, this is gold.


----------



## comXyz (Nov 28, 2014)

Did you try to contact him before posting here?


----------



## ScienceOnline (Nov 28, 2014)

It was my purpose to made it public.

So I posted here and in another forum and then contacted him which didn't answered so far, I contacted weloveservers and they told me that he is a customer of them and they suspended his account.

For what I see he is more than a customer but I can't be 100% sure about this and the copy of my site is still online.

I made something more but I'll explain when I can do it.


----------



## Mid (Nov 28, 2014)

drmike knows about each and every bit that happens on the hosting industry.

If someone wants to know what or how it is happened, just simple, ask drmike.


----------



## ScienceOnline (Nov 28, 2014)

Mid said:


> drmike knows about each and every bit that happens on the hosting industry.
> 
> If someone wants to know what or how it is happened, just simple, ask drmike.


Thank you, drmike already writed something in this post.

Here things are simple, under a domain owned by Lincoln Vogler there is a full copy of a site of mine, he or someone has got it from cvps server where my site is hosted and put it online under his domain. This is a crime I think.

I don't know if Lincoln Vogler is responsible but there are (or were) connections between him and wls I think.


----------



## Mid (Nov 28, 2014)

It is so pathetic when people don't understand jokes.

@ScienceOnline, sorry that you didn't understand my joke about drmike.

Now the explanation: " drmike is like GOD on the hosting industry"


----------



## ScienceOnline (Nov 28, 2014)

Mid said:


> It is so pathetic when people don't understand jokes.
> 
> @ScienceOnline, sorry that you didn't understand my joke about drmike.
> 
> Now the explanation: " drmike is like GOD on the hosting industry"


I'm sorry if I'm pathetic for you,

I don't speak english and I don't read hosting forum very much.

Ti e cla busgnonna ed to sorela, tsi 'n cojo sa net capis mia .


----------



## Mid (Nov 28, 2014)

I didn't say anything in the lines of "you are pathetic for me"

me too, don't speak fluent English (but not 'pathetic' either, referring the language this time of course)



> Ti e cla busgnonna ed to sorela, tsi 'n cojo sa net capis mia .


I don't know what you have mentioned here, and though I too can write on my language (which nobody on this forum would understand), but I won't do that.

I didn't joke on you. And, even towards drmike, it wasn't offensive anyways.


----------



## drmike (Nov 28, 2014)

ScienceOnline said:


> I hosted it on an OpenVZ of Cvps in Buffalo, the copy they have is 2 or 3 weeks old, I use incapsula for that domain and I have a copy on my pc and a copy on an online storage service but files are encripted with AES 256 bit.
> 
> On statcounter I seen that they come from here 96.44.147.2/~hostcepu/images/kl.php?p=4 and according tho domaintools it resolves to mrtickle.weloveservers.net .


1. Unsure why you chose ChicagoVPS.  Their history, customer support, etc. leaves a ton to be desired.  Been hacked at least three times too...

2. http://96.44.147.2/ = HOSTED at Quadranet.   

The tool there is a straight up hacking oriented tool.

See: http://www.madleets.com/Thread-WHMCS-Killer-V3

3. Were you running WHMCS on your hosted site?  Perhaps part of something bigger going on.



Mid said:


> drmike knows about each and every bit that happens on the hosting industry.


Well that's flattering.  Not true though.  Far too much to keep track of.  Fact is, I am just willing to dive in on matters that don't seem right.  You know, put the time in, research things.

4. 96.44.147.2 = shared cPanel hosting box. 

There are over 100 domains pointed to that IP.

There are multiple blacklists for that IP being bad news.


----------



## dkstanson (Nov 28, 2014)

I had two of my sites fully copied by someone even the logo were the same. I sent him a couple of emails to the owner and finally got them removed.


----------



## drmike (Nov 28, 2014)

I want to build a bridge here for folks.

These folks at WeLoveServers, well something is up with.  As per the OP, as per my earlier posts.

This and something else had me shoveling.  Determined owner of WeLoveServers is a pretty big scammer.  Big enough that a BBC show covered his recent prior activities selling bullshit affiliate sites to normal folks for princely sums.  Only to have such Hope and Dope yield zippo for the buyers.

Those matters led to some legal action and bound to be other stuff out there.

According to incorporation records, this fellow renamed one of his scam site companies to a new corporation, which WeLoveServers is encapasulated under.  This Jason Michael West fellow (the owner of WeLoveServers) appears to have owned WeLoveServers since their start.

Here's my post on that:


----------

