I’m sure you thought I would likely never read it on ThePCmr.com/IGR.me, but I did.

Dual Universe: A Victim of Fanboy’s Paradox?

After reading that home-dinger all I could think was, “WOW”.  I didn’t react that way because of the betrayal, for the thanklessness, or from surprise, but from the sheer accusations without ever whispering a word to me about it.  First of all, I already contacted Evanto about this, I was told very specifically, “We are not allowed to share PII [personally identifiable information] with any third parties”, which means they could not surrender or relinquish any records to you on that purchase as the software is GPL and there is no website it is bound to.

Chip had not purchased the theme, he had stolen it.

As you can see from the image, GameLeon is most certainly in my “downloads”.  You can also see the purchases in my downloads that I also made which GameLeon required.  If your software was indeed out of date, then it was because I didn’t have access to it when you moved your website.  The only way in which you can update the theme is with my Evanto API, which I don’t give out freely.

I found out about something called a nulled package. In wordpress this basically means a cracked version of a theme or plugin.

GPL means “General Public License” which means it can never be closed source, which means it never requires a nullification.

Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for them if you wish), that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs, and that you know you can do these things.


As you can see, GPL software requires the source code be distributed with the software itself, which means there is never any need for nulling the software.

Your website was also getting “artificial traffic” which our servers stop by default.  I showed you the statistics when you asked for them, you saw there were nearly 22K bot hits per day, of those bots, only about 2K of those were legitimate bots (like Google, Bing, Metacrawler, Yahoo, etc).

But something screams bullshit here.  In your post you claim:

After 48 hours [snip]

I told you very well your website was taking a while to load because we were experiencing DDOS attacks.  You moved your website which is understandable, however even while during this mess you kept emailing me wanting me to set up your website on another server.  You then ditched the theme I had BOUGHT and then asked me to setup Revslider for that theme.

Of course, that image was you trying to get Revslider working while the site was being DDOSed.  But this one was after the move:



Again, why would you ask for my help AFTER?

You had already identified the problem in your own email to why your site was loading slowly on the other server.  Half of it was because Revslider was out of date, and the other half was because Revslider was trying to pull images from the temporary URL string before we moved the site.  I hadn’t had time to tell you this before you switched themes.  In case you’re wondering, I do also own Revslider, but a single license, but because it too is GPL, it comes with just about every theme pre-installed as an included plugin.

It is also true, I can install this software on as many sites as I want — I can never charge for this software, however, I can charge for the distribution.  The Evanto license you see there, “Regular License” is the update service for the plugin.  That means I can have one website that auto-updates with revslider which I already have.  All the rest I have to manually download the plugin and update via FTP.  You see, Evanto isn’t charging for the plugin — they’re charging for its distribution.

Your website’s performance had many different factors affecting it.  At first, I told you very specifically about the bad bots, and for a few weeks that was very true.  Then the DDOS’s started, I told you the server was being DDOSed and you did a speed test, you then jumped to the conclusion that the server had always been slow even though I showed you the yslow report with 0.3s response times from US-to-US server.  You had already said that having your website on a US server and being slightly slower was no problem with you, so that’s why we went with one of my servers.

The problem with your assertion that your traffic went DOWN right after the move is JetPack. JetPack is a sponsored WordPress Plugin that does “real user monitoring”.  It’s still on your website, you can see where we talked about Jetpack on your website, before you moved — it is still there.

 Actually, this website is connected with JetPack I just realized as I dug through trying to find if there was anyone who deleted the comment. – April 17

When I installed it before you moved, you averaged 18 real people per day who spent an average time of two minutes on your website; at the peek you got 21 per day, but that average was 30 seconds.  After your new website and after the move, you got, the very next day 29 real people, the next day at 52 real people, the next day at 217 real people, and it went up from there.  Jetpack does NOT include bots and malformed user agents as part of their statistical analysis.  The average time people were spending on your site rose from 2 minutes to fifteen!

Again, yes, when the DDOS happened, it threw a monkey wrench in everything, but only temporarily.  From the other sites I host, including law firms, churches, stores, and a senator, their traffic went from sharp declines for about four days to being right as they were before everything happened.  If you had stuck with us just a few more days, you would have seen the server’s responsiveness went back down to less than 0.1 seconds, I would have been able to completely mitigate your hacks, and I would have been able to update your theme.  If I were as “destructive” as you say, I would not have given access to the files of the website, nor the database, and told you to find another website.  But that’s not what I’m about — I have never been.  Whatever this narrative you’ve bought into that you seem to be parroting is a lie, and I think you know it is which is why I am accusing you of libel.

You forget, that I also have a copy of that website before you moved, and I uploaded EVERYTHING, including the LICENSE.txt and README.txt which both tells you it is GPL software exactly as it does when you download it from Evanto’s websites (ThemeForest etc).  You also forget that I had file monitoring turned on, I saw the user, file executed, time, date, etc of how the phishing stuff got put on your website, it was from YOUR account, as I said in an email to you, it was because your password was a DICTIONARY word and very easy to brute force, and after you told me to turn the brute force protection off (the Captchas).  They used your “unrestricted admin privileges” to upload a HTML file that had all sorts of javascript loading resources from other websites.  I’m sorry but I can only recommend what the site needed, you chose to forgo a few things I had suggested to you, one being the Captcha and of course, I can’t be held responsible for your password when WordPress pretty much screams at you that it is too weak.  And if you would have clicked on “All-in-One WordPress Security” which is a plugin that I contribute to on WordPress.org, you would have seen the big bold warning there that your account was insecure as it found your password’s salt in an online database decrypted.

It STILL takes your page with those damned images more than 10 seconds to load.

But that’s not just your images anymore, it is because you have a server that is far worse. Let me show you again with the relevant metrics highlighted:

Your page load is over 10 seconds, you have a lot of requests and your page size is in the 1mb range.  Oddly, my site is the same.

However, I have none of the issues you have. In fact, my page size is bigger, my requests are more, yet my server responds nearly 3 seconds faster, and loads the page in only 1/3 of the time.  The slowdowns you experienced on your server after you moved, is because it is a shitty server because as I just proved it is still a shit sever today.

Here is the odd thing, there was nothing in it for him

You’re right: Absolutely nothing, and I spent over $170 USD out of pocket on your site.  Yet, your entire post throws accusations of malice where I had none and in fact, I did nothing but try and help the entire time until the DDOS’s started which was from one of your users/commenters on your website called Dark.  I’ve had no motive to do the things you say I did to your site, in fact, I can/have proved I did not.

You say you learned a lesson — so did I: Never do anything for free again.