I’m sure you thought I would likely never read it on thepcmr.com or IGR.me, but I did.


After reading that home-dinger all I could think was, “WOW”.  I didn’t react that way because of the betrayal, for the thanklessness, or from surprise, but from the sheer accusations without ever whispering a word to me about it.  First of all, I already contacted Evanto about this, I was told very specifically, “We are not allowed to share PII [personally identifiable information] with any third parties”, which means they could not surrender or relinquish any records to you on that purchase as the software is GPL and there is no website it is bound to.  It was made extremely clear to me by a representative of Evanto that if this conversation would have actually happened as Mr Matt Ince claims it did, he would have received but one reply, “We are not allowed to disclose personal or purchase information without the consent of the customer”.

Chip had not purchased the theme, he had stolen it.

Then perhaps you should explain this:

As you can see from the image, GameLeon (the theme I used on your website) is most certainly in my “downloads”.  You can also see the purchases in my downloads that I also made which GameLeon required.  If your software was indeed out of date, then it was because I didn’t have access to it when you moved your website.  The only way in which you can update the theme is with my Evanto API, which I don’t give out freely.

I found out about something called a nulled package. In wordpress this basically means a cracked version of a theme or plugin.

GPL means “General Public License” which means it can never be closed source, which means it never requires a nullification.

Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for them if you wish), that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs, and that you know you can do these things.


As you can see, GPL software requires the source code be distributed with the software itself, which means there is never any need for nulling the software.

Your website was also getting “artificial traffic” which our servers stop by default.  I showed you the statistics when you asked for them, you saw there were nearly 22K bot hits per day on thepcmr.com, of those bots, only about 2K of those were legitimate bots (like Google, Bing, Metacrawler, Yahoo, etc).

But something screams bullshit here.  In your post you claim:

After 48 hours [snip]

I told you very well your website, thepcmr.com was taking a while to load because we were experiencing DDOS attacks.  You moved your website which is understandable, however even while during this mess you kept emailing me wanting me to set up your website on another server.  You then ditched the theme I had BOUGHT and then asked me to setup Revslider for that theme.

Of course, that image was you trying to get Revslider working while the site was being DDOSed.  But this one was after the move:



Again, why would you ask for my help AFTER?

You had already identified the problem in your own email to why your site was loading slowly on the other server.  Half of it was because Revslider was out of date, and the other half was because Revslider was trying to pull images from the temporary URL string before we moved the site.  I hadn’t had time to tell you this before you switched themes.  In case you’re wondering, I do also own Revslider, but a single license, but because it too is GPL, it comes with just about every theme pre-installed as an included plugin.

It is also true, I can install this software on as many sites as I want — I can never charge for this software, however, I can charge for the distribution.  The Evanto license you see there, “Regular License” is the update service for the plugin.  That means I can have one website that auto-updates with revslider which I already have.  All the rest I have to manually download the plugin and update via FTP.  You see, Evanto isn’t charging for the plugin — they’re charging for its distribution.

Your website’s performance had many different factors affecting it.  At first, I told you very specifically about the bad bots, and for a few weeks that was very true.  Then the DDOS’s started, I told you the server was being DDOSed and you did a speed test, you then jumped to the conclusion that the server had always been slow even though I showed you the yslow report with 0.3s response times from US-to-US server.  You had already said that having your website on a US server and being slightly slower was no problem with you, so that’s why we went with one of my servers.

The problem with your assertion that your traffic went DOWN right after the move is JetPack. JetPack is a sponsored WordPress Plugin that does “real user monitoring”.  It’s still on your website, you can see where we talked about Jetpack on your website, before you moved — it is still there.

 Actually, this website is connected with JetPack I just realized as I dug through trying to find if there was anyone who deleted the comment. – April 17

When I installed it before you moved, you averaged 18 real people per day who spent an average time of two minutes on your website; at the peek you got 21 per day, but that average was 30 seconds.  After your new website and after the move, you got, the very next day 29 real people, the next day at 52 real people, the next day at 217 real people, and it went up from there.  Jetpack does NOT include bots and malformed user agents as part of their statistical analysis.  The average time people were spending on your site rose from 2 minutes to fifteen!

Again, yes, when the DDOS happened, it threw a monkey wrench in everything, but only temporarily.  From the other sites I host, including law firms, churches, stores, and a senator, their traffic went from sharp declines for about four days to being right as they were before everything happened.  If you had stuck with us just a few more days, you would have seen the server’s responsiveness went back down to less than 0.1 seconds, I would have been able to completely mitigate your hacks, and I would have been able to update your theme.  If I were as “destructive” as you say, I would not have given access to the files of the website, nor the database, and told you to find another website.  But that’s not what I’m about — I have never been.  Whatever this narrative you’ve bought into that you seem to be parroting is a lie, and I think you know it is which is why I am accusing you of libel.

You forget, that I also have a copy of that website before you moved, and I uploaded EVERYTHING, including the LICENSE.txt and README.txt which both tells you it is GPL software exactly as it does when you download it from Evanto’s websites (ThemeForest etc).  You also forget that I had file monitoring turned on, I saw the user, file executed, time, date, etc of how the phishing stuff got put on your website, it was from YOUR account, as I said in an email to you, it was because your password was a DICTIONARY word and very easy to brute force, and after you told me to turn the brute force protection off (the Captchas).  They used your “unrestricted admin privileges” to upload a HTML file that had all sorts of javascript loading resources from other websites.  I’m sorry but I can only recommend what the site needed, you chose to forgo a few things I had suggested to you, one being the Captcha and of course, I can’t be held responsible for your password when WordPress pretty much screams at you that it is too weak.  And if you would have clicked on “All-in-One WordPress Security” which is a plugin that I contribute to on WordPress.org, you would have seen the big bold warning there that your account was insecure as it found your password’s salt in an online database decrypted.

It STILL takes your page at thepcmr.com with those damned images more than 10 seconds to load.

But that’s not just your images anymore, it is because you have a server that is far worse. Let me show you again with the relevant metrics highlighted:

Your page load at thepcmr.com is over 10 seconds, you have a lot of requests and your page size is in the 1mb range.  Oddly, my site is the same.

However, I have none of the issues you have. In fact, my page size is bigger, my requests are more, yet my server responds nearly 3 seconds faster, and loads the page in only 1/3 of the time.  The slowdowns you experienced on your server after you moved, is because it is a shitty server because as I just proved it is still a shit sever today.

Here is the odd thing, there was nothing in it for him

You’re right: Absolutely nothing, and I spent over $170 USD out of pocket on thepcmr.com.  How much have you spent on thepcmr.com I wonder?  Yet, your entire post throws accusations of malice where I had none and in fact, I did nothing but try and help the entire time until the DDOS’s started which was from one of your users/commenters on your website called Dark.  I’ve had no motive to do the things you say I did to your site, in fact, I can/have proved I did not.

Allow me to take a guess at how this actually went down though.  I know, it’s a guess but I think I’m spot on.  Mr Matt Ince is contacted by some random steam user about the same time my network comes under attack.  He says that his website thepcmr.com is vulnerable.  He then compromises thepcmr.com and igr.me (which he did through your own account by brute forcing your username with dictionary passwords for which I couldn’t defend because you didn’t want a CAPTCHA on the login page which would have prevented this) and tells Matt Ince that thepcmr.com is now compromised while not telling Matt he did it and then says, “I told you it would happen”.

He then convinces Matt Ince that the software used on the website is NULLED, playing on his ignorance of GPL software much like he did on his own site when we customized a GPL theme for a client and then telling people including the client (who asked us to do this) we had “stolen” the theme (you can’t steal GPL software, as the keyword “PUBLIC” in General Public License negates that) and he then convinces Matt Ince to move thepcmr.com to another hosting provider, change his domain name (so he can steal it) which already had SEO reputation which could have been fixed, and becomes an admin on your website.  I imagine that ever since your website had run slow and there are random charges on your credit card you can’t explain.

Pro Tip: Your website doesn’t just get hacked like you say it did by random chance — you have to be targeted.  Let that sink in.

And for your authors abandoning you on igr.me and thepcmr.com, that’s because they see your post on your website as an act of betrayal, at least that is what 4 of them have told me.  They also said that it is a lot harder to do anything on the website because it is so clunky and slow.

You say you learned a lesson — so did I: Never do anything for free again.  But you haven’t learned the most valuable lesson of all — do not trust ANYONE on the internet.

Here is the deal, I’ve offered you plenty of proof that I had no hand in the compromise of thepcmr.com.  Can your new friend say the same?  Can he prove it?  Or do you find his arrival to your steam friends list at the same time my company was targeted for DDOS mere coincidence?  If you do, I’m not the one that’s demonstrably stupid.

UPDATE (May 19, 2018)

I do apologize that all of this information is now all over the internet and proves to be the #1 search result when googling your website.  But honestly, you should have thought things through before you started shit posting based on an anonymous script kiddy that doesn’t have the testicular fortitude to give you his real name or prove that he owns a business in the field of SEO and web development.