Saturday, October 11, 2008

Who Is “Performance Systems International” (and why are they out to get me)?

There is something awry in the blogosphere.

On October 3rd, my blog had a visitor that showed on my traffic monitoring software as being from “Performance Systems International.” The fact that it appeared to be a “bot” of some kind was cause for celebration; maybe Yahoo or MSN had finally seen the light and recognized my existence?? Wrong.

Since that visit a little over a week ago:
1. I have had ONE visitor.
2. Google has stopped crawling my site. Prior to the visit from “PSI”, the site was being crawled every other day.
3. My “Disadvantages of Buying a House” post’s search rank in my benchmark search has gone from 116 to more than 1000. I stopped looking after the first 1000. (My benchmark is just a search that I run every week.) There is a reasonable chance the search rank is now infinite because,
4. The number of pages listed in a Google site search of my site has gone from 28 to 4. A cursory review suggests that all pages without links from other sites disappeared. The “Disadvantages” post is not one of the 4.
5. The page rank of my home page has gone from 4 to 0. The page rank of the “Disadvantages” post has gone from 3 to 0.

Theoretically, this could all have nothing to do with the visit from “PSI”. However, if you Google “Performance Systems International” you will find complaints from others who seem to have had very similar experiences to mine.

The Performance Systems International web site’s “contact us” page begins…
Please Note: We are not an Internet Service Provider (ISP). We are not affiliated with the ISP Cogent Communications, formerly known as "Performance Systems International". If you are trying to track down the usage of an IP Address beginning with "38." (38.xxxx.xxx.xxx), then you need to contact Cogent Communications. For information on how to report abuse to Cogent Communications, please see http://www.cogentco.com/us/cs_faq.php or to view their WHOIS entry click here.
Apparently, Performance Systems International has received many complaints, and the problem is not with them at all. Rather, the culprit appears to be someone who uses Cogent Communications as his ISP.

I have complained to Blogger and to Cogent, and have posted comments in several discussion groups. If anyone has any information on how to combat these attacks or how to recover from them, please leave a comment.

(Note: I realize that because of the web abuse it’s optimistic to think that anyone will ever see this post. However, just in case….)

22 comments:

  1. And you thought no one would see this post! Lucky for you some people check out your blog on a semi-regular basis.

    ReplyDelete
  2. Rick,
    Thanks for reading, and for commenting. I kept a journal in high school (it was a required assignment for sophomore English). So, I do have some experience writing to myself. And, I’ve been accused of talking to myself. However, I really hoped not to be blogging to myself. Nice to know that someone is (semi-regularly) out there. :-)

    FYI, as of today I have reason to be optimistic that my blog MAY no longer be invisible to Google searches. Will post an update on that situation soon.

    ReplyDelete
  3. I found your site, because I was searching for information on Performance Systems International. I don't even have a live website yet. I have a domain that's all. Yet they have hit my site. How they found it out of all the domains in the world is beyond me, and why is even stranger. There isn't anything there yet! I bought the domain in Oct and they hit in within a week of that. Why? What do they want? No one seems to have any definitive answers but there are plenty of complaints of their webcrawling. And from what I can gather by the dates, they have been at it for YEARS!!

    ReplyDelete
  4. Anon,
    It’s not absolutely clear, at least not to me, whether the attacks are random or targeted. If they’re random, then it wouldn’t matter that you have no content yet. However, if the attacks are random, I would expect a site would only get hit once. Fact is, many sites, including mine, have been attacked more than once.

    If the attacks are targeted, and you bought a previously-owned domain, the attackers may not realize that there is a new owner, and may be still targeting the previous content. It would be interesting to know what content or viewpoints the attacked sites have in common – if any. For example, there is anecdotal evidence that certain viewpoints on housing may be a red flag. On the other hand, some attacked sites are not at all housing-related. Of course, there is nothing that says the attackers couldn’t have multiple hot buttons.

    If you have time, you might Google your domain name and see if you can find any old content. I would be very interested if you see any similarity between any of the old content and any of my posts.

    Thanks for stopping by, and do let me know if you get additional information.

    ReplyDelete
  5. Okay recently posted a blog in regards to my dispute with the fire department over an illegal hospitalization...I get a hit from them today...Am I being Paranoid that this is some sort of government agency?

    ReplyDelete
  6. DT,
    For what it's worth, you're not the only one who is paranoid. I certainly am. However, to my knowledge, there is no evidence of government involvement (though I have seen comments from others who share your suspicion).
    I was almost ready to post an update on my situation when I was attacked again. So now I will have to update my update before I post.

    ReplyDelete
  7. Fantasy sez Performance Systems International (PSI) is a networking front for some sloppy illegal search & seizure tactics used by the RIAA. Did anyone here communicate with anyone who downloaded any music or motion pictures from a newsgroup or utilize an open source file-sharing application? That PSI "not affiliated" disclaimer probably dissuades people from filing apparently valid complaints. See if your logs have any hits from NETVISION (89.0.0.0 - 89.1.255.255) in Israel or the lame and static "It Works" web page of nihoa.garlic.com (216.139.0.89) out of San Martin, California.

    Do a trace route of nihoa.garlic.com (216.139.0.89), and watch it bounce through Cogent Communications (154.54.0.0 - 154.54.255.255), which is also registered to Performance Systems International, on its way to a static IP web page that only says "It Works." Hack in California and proxy through PSI to a relay in Israel and gather some RIAA evidence. Damn fine police work, if you ask me. Illegal, but that's probably how "It Works."

    Perhaps the UC Santa Cruz case (http://writ.news.findlaw.com/ramasastry/20081006.html) should have asked the Court about Fourth Amendment rights and how the RIAA and UMG Recordings obtained and subpoenaed John Doe's IP address in the first place.

    Peace Out!

    ReplyDelete
  8. Anon,
    Thanks for the info. I have read others who also suspect RIAA involvement. I'm a bit of a stickler about not violating copyrights, so can't imagine PSI would be after me for that. However, this may be very useful info for some readers.

    ReplyDelete
  9. Al, Found your site through a P/E ratio search. It was pretty far down the first page though. I was wondering if you had a update on this issue? Seems to me there is a bunch of selective destruction going on wrt certain subjects such as housing, healthcare and other important to the admin topics. Take care and your site is now bookmarked.

    ReplyDelete
  10. Jim,

    Thanks for yanking my chain. I've been meaning to post an update for a while now. Problem was, every time it got to the point where I was comfortable sounding an "all clear," I got hit again.

    My current assessment is that there is definitely some abuse going on. However, I have no idea who is responsible -- or even what their hot button(s) is (are). My SENSE is that they targeted me "by mistake," and are finally convinced that I'm not a problem. Unfortunately, I can't say that with much conviction, since there's not a whole lot of information. I see a lot of theories about who is responsible, and what they're up to, but it's pretty clear that no one really knows.

    Bottom line is I'm thankful that I seem to finally be off their radar; it has now been about 6 months since they last shut me down. But, I doubt that I'll ever feel totally safe. And, unfortunately, my "reprieve" is not much help for everyone else. The only advice I can offer to other bloggers is to avoid doing anything illegal/immoral -- but there is absolutely no assurance that will make any difference!

    Thanks for reading.
    Al

    p.s. For p/e info my search position varies. For some searches I'm 1st -- even 1st and 2nd! But, in the grand scheme of things, as a relatively new blogger I'm just happy to be on the first page.

    ReplyDelete
  11. I was spoofed not that long ago and was advised to check my computer for trojans, clean it if there, and then install Peerblock to see what my computer is doing. Sure enough, even after two different antivirus programs "cleaned" the computer, Peerblock is constantly blocking my computer from contacting PSI Cogent at 38.*, etc. This occurs even when I don't have a browser on or YM or anything else that is supposed to be contacting the WWW. So, to those that hit this site looking for info on PSI...I suggest Peerblock to watch what your computer is attempting to contact.

    ReplyDelete
  12. Performance Systems International is Cogent's old name. Cogent is simply an ISP. There is nothing to be afraid about Cogent. I'm even posting from a PSI / Cogent ISP.

    ReplyDelete
  13. I have the exact same story as the guy with the March 29, 2010 10:10 AM post about how he found it using PeerBlock (I am using peerblock also). Thank you for the information you put together for this. I found your blog through Bing; you are the second result.
    cheers!
    -R

    ReplyDelete
  14. Well, someone / something at PSI attempted to sign on to my computer using Remote Desktop, but Peerblock stopped it.

    ReplyDelete
  15. Peerblock logged this ip address:38.113.165.68 trying to connect to my computer, which led me here. One of the whois records listed kaspersky lab. I have Kaspersky antivirus installed, and wondered if this was the case with anyone else.

    ReplyDelete
  16. I have been getting alot of activity from PSI lately. Peerblock has been blocking 4 hits every hour so i thought i would look into it and found this page then saw anon with kaspersky and found this on their forum. http://forum.kaspersky.com/lofiversion/index.php/t184239.html may be helpful to some?? by the way, I searched "performance systems international" on google and your page came up second.

    ReplyDelete
  17. Thanks for all of the updates. I hope readers are finding these helpful.

    ReplyDelete
  18. 38.80.207.251

    38.80.207.244

    Performance Systems International Inc

    I sent an e-mail via facebook to someone who was recently suspected of being anti-government
    B R A N D O N R A U B ... now these two IPs are trying to contact my computer via ICMP.

    This is pretty scary.

    ReplyDelete
  19. I also found this page due to Peerblock preventing them from accessing my personal computer. I'm sure you'll be happy to know that google'ing their name(nobody searches the internet, they google!) this page was the second on the list. Nothing in here makes me feel any more comfortable about their attempted connection.

    For the record, they attempted 7 different ports before stopping their attempts. Logged their IP's as:
    38.113.165.86:2201
    38.113.165.83:2201
    38.113.165.80:2201
    38.113.165.77:2201
    38.113.165.74:2201
    38.113.165.71:2201
    38.113.165.68:2201

    Thanks to all for posting information regarding them.

    ReplyDelete
  20. <<>>, please edit my post to reflect they didn't stop at 7 attempts like I had previously thought. Looking through the history I found 295 attempts within just the last 24 hours.

    ReplyDelete
  21. I've also started using Peerblock and the search for PMI brought me here.

    But I'm getting nine attempts every 20 seconds. They're currently blocked but what the f are the doing?

    ReplyDelete
    Replies
    1. Scary. I still don't really understand what they're up to.

      Delete

No spam, please! Comment spam will not be published. See comment guidelines here.
Sorry, but I can no longer accept anonymous comments. They're 99% spam.