Cloudflare Blocks Automattic’s WP Engine Tracker For Phishing via @sejournal, @martinibuster

1 week ago 8

Automattic’s WP Engine Tracker website was temporarily blocked by Cloudflare over the weekend as a suspected phishing site, sparking cheers from members of the WordPress subreddit. Meanwhile, someone registered the typosquatting domain WPEngineTracker.com to protest against Matt Mullenweg.

Automattic, presumably under the direction of Matt Mullenweg, recently created a website called WP Engine Tracker on the WordPressEngineTracker.com domain name that lists how many WordPress sites have moved away from managed web host WP Engine. It also recommends web hosts that current customers can move to and offers a download of all domains that are hosted on WP Engine.

An Automattic emailed Search Engine Journal offered background information about the WP Engine Tracker website:

“The beauty of open source software is that everyone is able to access data on a granular level, because it’s all publicly available information. That public data has shown that ever since WP Engine filed its lawsuit – making it clear that they do not have an official association with WordPress and attracting greater attention to the company’s poor service, modifications to the WordPress core software, increasing and convoluted pricing structure, and repeated down times – their customers have left their platform for other hosting providers. WP Engine can and always has been able to access the WordPress software and plugins available on WordPress.org, as can anyone.”

Cloudflare Blocks WP Engine Tracker Website

Sometime on November 9th Cloudflare blocked access to Automattic’s WP Engine Tracker website with a message alerting Internet users that the website has been reported for phishing attempts.

The Cloudflare warning said:

“Warning

Suspected Phishing

This website has been reported for potential phishing.

Phishing is when a site attempts to steal sensitive information by falsely presenting as a safe source.”

WordPress Subreddit Cheers The Blocking

A Reddit discussion appeared soon after the site was blocked with the headline: Cloudflare is showing a phishing warning on wordpressenginetracker.com

Typical comments:

“Wow I’ve actually never seen that screen before. That’s hilarious.”

“As it should. Chrome should give it the red screen of death”

“It’s an interesting development, which made me wonder: Are people reporting phishing to Cloudflare just to mess with Mr. Mullenweg or is there something the site does that can actually be considered phishing?

Cloudflare’s report form has another type of abuse to select, which, in this case, is as obvious as the sun on the sunniest day: Trademark infringement. Why are people reporting phishing?”

One commenter noted the website was displaying a “403 Forbidden” error message if a site visitor ignored the warning and clicked through to the site. A 403 server response means that the server acknowledges the browser request but is denying access to the website.

Screenshot Of Blocked Website

Typosquatting Domain Name Registered

Typosquatting is when someone registers a domain name that is similar to a brand name and that users may type to visit. In this case, someone registered the domain name WPEngineTracker.com to take advantage of the fact that Automattic had registered the domain name WordPressEngineTracker.com but was calling it WP Engine Tracker. When people try to reach the Automattic site by typing in the name of the site as the domain they then arrive at the typosquat domain.

Screenshot of Typosquat Domain

The above domain name was only registered a few days ago on November 7th. The Internet being what it is, it was inevitable that someone would register the typosquat domain name variant.

WordPressEngineTracker.com Is Back Online

After a few hours of downtime Cloudflare removed the phishing block and the Automattic WordPress Engine Tracker website was restored.

Featured Image by Shutterstock/santypan

Read Entire Article