Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke
Author Message
Lucifix
Regular
Regular


Joined: Mar 11, 2005
Posts: 67

PostPosted: Fri Jun 10, 2005 11:36 am Reply with quote

I started to recive spam email which looks like this:

Code:


Dear Valued Member,

According to our site policy you will have to confirm your account by the following link or else your account will be suspended within 24 hours for security reasons.

http://www.slo-foto.net/confirm.php?email=(my email)

Thank you for your attention to this question. We apologize for any inconvenience.

Sincerely,Slo-foto Security Department Assistant.


The right link is: Only registered users can see links on this board! Get registered or login! email)

When you click on link, you are transfer to another blank page.

Till now only me and my pal start reciving this kind of mail, but I am little affraid that spammers didn't hacked my site.

Does anyone else know anything about this problem?
 
View user's profile Send private message
CurtisH
Life Cycles Becoming CPU Cycles


Joined: Mar 15, 2004
Posts: 638
Location: West Branch, MI

PostPosted: Fri Jun 10, 2005 11:45 am Reply with quote

Dunno....but I DO know that I have been getting a LOT of returned emails to my nuke domain that appear to have originated from my domain. I have changed all of my email settings but continue recieving them. I don't believe any of my mail accounts have been compromised, I DO however believe that spammers are now taking existing domains and using the domain name in their spam attempts on others. It really pisses me off because if this is indeed the case...think of all of the people that tag those spam mails with my domain as "junk/spam" which in many cases will result in ANY mail from my domain being labeled as such even if it isn't really spam (by people who use services that block spam).

_________________
Those who dream by day are cognizant of many things which escape those who dream only by night. ~Poe 
View user's profile Send private message Visit poster's website Yahoo Messenger
Susann
Moderator


Joined: Dec 19, 2004
Posts: 3191
Location: Germany:Moderator German NukeSentinel Support

PostPosted: Fri Jun 10, 2005 1:50 pm Reply with quote

We ´received in may about 300 Worm Sober O. mails with political propaganda messages .All to @mydomain.com.
And there was no way to stop this flood. That was fun.

How spammers work is very interesting. I found yesterday this site:
Only registered users can see links on this board! Get registered or login!


Last edited by Susann on Fri Jun 10, 2005 3:42 pm; edited 1 time in total 
View user's profile Send private message
CurtisH
PostPosted: Fri Jun 10, 2005 1:57 pm Reply with quote

Has anyone else been receiving bounced or otherwise returned spam and virus laden emails from their own domain other than me?

example: if you have the nukeuser.com domain and recieve bounced emails from stuff like Only registered users can see links on this board! Get registered or login!, Only registered users can see links on this board! Get registered or login!, Only registered users can see links on this board! Get registered or login!??
 
Raven
Site Admin/Owner


Joined: Aug 27, 2002
Posts: 17077

PostPosted: Fri Jun 10, 2005 3:15 pm Reply with quote

Yep - regularly
 
View user's profile Send private message
CurtisH
PostPosted: Fri Jun 10, 2005 6:30 pm Reply with quote

I sure wish there was a way to stop that nonsense....
 
djmaze
Subject Matter Expert


Joined: May 15, 2004
Posts: 719
Location: http://tinyurl.com/5z8dmv

PostPosted: Fri Jun 10, 2005 6:39 pm Reply with quote

cPanel -> Mail -> Spam Assassin -> Enable Spam Box
 
View user's profile Send private message Visit poster's website
CurtisH
PostPosted: Fri Jun 10, 2005 8:25 pm Reply with quote

Um...that's not what I meant. I meant I wish there was a way to make those freakin bottom feeders stop using my domain name in their d*** spam messages.... Pisses me off to be the one paying for my domain just to have some d*** low life use my domain name....
 
Raven
PostPosted: Fri Jun 10, 2005 10:34 pm Reply with quote

There is. SPF - Sender Policy Framework. See Only registered users can see links on this board! Get registered or login!
 
drmike
Worker
Worker


Joined: Jul 15, 2004
Posts: 108
Location: Charlotte, NC

PostPosted: Mon Jun 13, 2005 11:28 am Reply with quote

I don't know about hte rest of you but most of the ones I received in the first week or so were all labeled as comeing from UCDavis.edu. Put that in the block files and the problem nearly went away. Smile

As to SPF, the receiver's email server has to be using it as well.

-drmike

_________________
Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website ICQ Number
CurtisH
PostPosted: Mon Jun 13, 2005 11:41 am Reply with quote

I have been getting a ton of emails that are carrying a viral attachment that come from various *@curtishancock [dot] net (my domain) addresses, most don't even really exist, but some do.

Here is the text content of the majority of the emails I am getting:

Quote:
We regret to inform you that your account has been suspended due to the violation of our site policy, more info is attached.


These are mailed to what appears to be random email addresses

Anyone else getting these? It is really aggravating me because I am concerned about people getting viruses from what appears to be my domain and also members thinking their accounts have been suspended.

I am getting around 50 of these a day now and am starting to get seriously concerned.
 
Guardian2003
Site Admin


Joined: Aug 28, 2003
Posts: 6792
Location: Ha Noi, Viet Nam

PostPosted: Mon Jun 13, 2005 4:49 pm Reply with quote

I have had the odd one or two a week, especially when SoperP first appeared but sometimes it can be weeks without anything at all, indicating at least in my own situation it is purely random.

I never use the 'default' mailbox for cPanel derived sites and specifically block mail ( :fail) to any account accept those which are specifically set up for use.

The only time I have had serious problems was with a domain I purchased which had previously been in use (and expired) by another owner - man, that was a nightmare for several months. I ended up blocking any incoming mail for the domain for a couple of months and everything was fine after that has has been for the last year or so.
 
View user's profile Send private message Send e-mail
djmaze
PostPosted: Mon Jun 13, 2005 6:16 pm Reply with quote

Since you're sending emails to your members for account activation they will have your email address.
Spam, virus, hoax, etc. bots scan their mail application and fetch all email domains in there.

To avoid the spam you could hack the your_account index.php that uses sendmail() and use for example Only registered users can see links on this board! Get registered or login! as "from" address.
Then your domain isn't exposed and the person who is to lazy to buy a virusscanner or is a spammer will actualy get cought by the fbi.

Be carefull with this though, some hosting companies block to send emails with other domains other then that belonging to the account on the server.
 
Susann
PostPosted: Mon Jun 13, 2005 6:55 pm Reply with quote

Same email adresses as Only registered users can see links on this board! Get registered or login! and noreply@ are for spammers not very interesting.
Think the get not enough money for noreply adresses.
 
64bitguy
The Mouse Is Extension Of Arm


Joined: Mar 06, 2004
Posts: 1159
Location: Sanbornton, NH USA

PostPosted: Mon Jun 13, 2005 10:26 pm Reply with quote

DJ's post sums it up and his recommended methodology is sound.

People that have spyware on their PC are exposing you domain/account names and thus they are being forged in outgoing SPAM.

As long as there are Internet email propogation policies that don't enforce pure authentication and source-validation, there will be spammers using forged credentials and thus, you'll be getting SPAM.

Ah, isn't the Internet great?

_________________
Steph Benoit Only registered users can see links on this board! Get registered or login!
1CMS, 100% Section 508 and W3C XHTML/CSS Compliant (Truly) 
View user's profile Send private message Visit poster's website
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©