| Author |
Message |
Lucifix
Regular
Joined: Mar 11, 2005
Posts: 67
|
 Posted:
Fri Jun 10, 2005 11:36 am |
|
I started to recive spam email which looks like this:
Code:
Dear Valued Member,
According to our site policy you will have to confirm your account by the following link or else your account will be suspended within 24 hours for security reasons.
http://www.slo-foto.net/confirm.php?email=(my email)
Thank you for your attention to this question. We apologize for any inconvenience.
Sincerely,Slo-foto Security Department Assistant.
|
The right link is:
[ Only registered users can see links on this board! Get registered or login! ] email)
When you click on link, you are transfer to another blank page.
Till now only me and my pal start reciving this kind of mail, but I am little affraid that spammers didn't hacked my site.
Does anyone else know anything about this problem? |
| |
|
|
|
CurtisH
Life Cycles Becoming CPU Cycles
Joined: Mar 15, 2004
Posts: 638
Location: West Branch, MI
|
| Posted:
Fri Jun 10, 2005 11:45 am |
|
Dunno....but I DO know that I have been getting a LOT of returned emails to my nuke domain that appear to have originated from my domain. I have changed all of my email settings but continue recieving them. I don't believe any of my mail accounts have been compromised, I DO however believe that spammers are now taking existing domains and using the domain name in their spam attempts on others. It really pisses me off because if this is indeed the case...think of all of the people that tag those spam mails with my domain as "junk/spam" which in many cases will result in ANY mail from my domain being labeled as such even if it isn't really spam (by people who use services that block spam). |
_________________
Those who dream by day are cognizant of many things which escape those who dream only by night. ~Poe |
|
 
|
|
Susann
Moderator
Joined: Dec 19, 2004
Posts: 3191
Location: Germany:Moderator German NukeSentinel Support
|
| Posted:
Fri Jun 10, 2005 1:50 pm |
|
We ´received in may about 300 Worm Sober O. mails with political propaganda messages .All to @mydomain.com.
And there was no way to stop this flood. That was fun.
How spammers work is very interesting. I found yesterday this site:
[ Only registered users can see links on this board! Get registered or login! ] |
Last edited by Susann on Fri Jun 10, 2005 3:42 pm; edited 1 time in total |
|
|
|
|
CurtisH
|
| Posted:
Fri Jun 10, 2005 1:57 pm |
|
Has anyone else been receiving bounced or otherwise returned spam and virus laden emails from their own domain other than me?
example: if you have the nukeuser.com domain and recieve bounced emails from stuff like [ Only registered users can see links on this board! Get registered or login! ], [ Only registered users can see links on this board! Get registered or login! ], [ Only registered users can see links on this board! Get registered or login! ]?? |
| |
|
|
|
|
Raven
Site Admin/Owner
Joined: Aug 27, 2002
Posts: 17088
|
| Posted:
Fri Jun 10, 2005 3:15 pm |
|
|
|
|
|
CurtisH
|
| Posted:
Fri Jun 10, 2005 6:30 pm |
|
I sure wish there was a way to stop that nonsense.... |
| |
|
|
|
|
djmaze
Subject Matter Expert
Joined: May 15, 2004
Posts: 727
Location: http://tinyurl.com/5z8dmv
|
| Posted:
Fri Jun 10, 2005 6:39 pm |
|
cPanel -> Mail -> Spam Assassin -> Enable Spam Box |
| |
|
|
|
|
CurtisH
|
| Posted:
Fri Jun 10, 2005 8:25 pm |
|
Um...that's not what I meant. I meant I wish there was a way to make those freakin bottom feeders stop using my domain name in their d*** spam messages.... Pisses me off to be the one paying for my domain just to have some d*** low life use my domain name.... |
| |
|
|
|
|
Raven
|
| Posted:
Fri Jun 10, 2005 10:34 pm |
|
There is. SPF - Sender Policy Framework. See [ Only registered users can see links on this board! Get registered or login! ] |
| |
|
|
|
|
drmike
Worker
Joined: Jul 15, 2004
Posts: 108
Location: Charlotte, NC
|
| Posted:
Mon Jun 13, 2005 11:28 am |
|
I don't know about hte rest of you but most of the ones I received in the first week or so were all labeled as comeing from UCDavis.edu. Put that in the block files and the problem nearly went away. 
As to SPF, the receiver's email server has to be using it as well.
-drmike |
_________________
The Daria - Jane Conspiracy |
|
 |
|
CurtisH
|
| Posted:
Mon Jun 13, 2005 11:41 am |
|
I have been getting a ton of emails that are carrying a viral attachment that come from various *@curtishancock [dot] net (my domain) addresses, most don't even really exist, but some do.
Here is the text content of the majority of the emails I am getting:
| Quote: | | We regret to inform you that your account has been suspended due to the violation of our site policy, more info is attached. |
These are mailed to what appears to be random email addresses
Anyone else getting these? It is really aggravating me because I am concerned about people getting viruses from what appears to be my domain and also members thinking their accounts have been suspended.
I am getting around 50 of these a day now and am starting to get seriously concerned. |
| |
|
|
|
|
Guardian2003
Site Admin
Joined: Aug 28, 2003
Posts: 6799
Location: Ha Noi, Viet Nam
|
| Posted:
Mon Jun 13, 2005 4:49 pm |
|
I have had the odd one or two a week, especially when SoperP first appeared but sometimes it can be weeks without anything at all, indicating at least in my own situation it is purely random.
I never use the 'default' mailbox for cPanel derived sites and specifically block mail ( :fail) to any account accept those which are specifically set up for use.
The only time I have had serious problems was with a domain I purchased which had previously been in use (and expired) by another owner - man, that was a nightmare for several months. I ended up blocking any incoming mail for the domain for a couple of months and everything was fine after that has has been for the last year or so. |
| |
|
|
|
djmaze
|
| Posted:
Mon Jun 13, 2005 6:16 pm |
|
Since you're sending emails to your members for account activation they will have your email address.
Spam, virus, hoax, etc. bots scan their mail application and fetch all email domains in there.
To avoid the spam you could hack the your_account index.php that uses sendmail() and use for example [ Only registered users can see links on this board! Get registered or login! ] as "from" address.
Then your domain isn't exposed and the person who is to lazy to buy a virusscanner or is a spammer will actualy get cought by the fbi.
Be carefull with this though, some hosting companies block to send emails with other domains other then that belonging to the account on the server. |
| |
|
|
|
|
Susann
|
| Posted:
Mon Jun 13, 2005 6:55 pm |
|
Same email adresses as [ Only registered users can see links on this board! Get registered or login! ] and noreply@ are for spammers not very interesting.
Think the get not enough money for noreply adresses. |
| |
|
|
|
|
64bitguy
The Mouse Is Extension Of Arm
Joined: Mar 06, 2004
Posts: 1164
|
| Posted:
Mon Jun 13, 2005 10:26 pm |
|
DJ's post sums it up and his recommended methodology is sound.
People that have spyware on their PC are exposing you domain/account names and thus they are being forged in outgoing SPAM.
As long as there are Internet email propogation policies that don't enforce pure authentication and source-validation, there will be spammers using forged credentials and thus, you'll be getting SPAM.
Ah, isn't the Internet great? |
_________________
Steph Benoit
100% Section 508 and W3C HTML5 and CSS Compliant (Truly) Code, because I love compliance. |
|
|
|
|
|
|
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
