Spammers

Regular Joined: Mar 11, 2005 Posts: 67

I started to recive spam email which looks like this:

Code:




Dear Valued Member, 





According to our site policy you will have to confirm your account by the following link or else your account will be suspended within 24 hours for security reasons.





http://www.slo-foto.net/confirm.php?email=(my email)





Thank you for your attention to this question. We apologize for any inconvenience.





Sincerely,Slo-foto Security Department Assistant.

The right link is:
http://205.138.199.146/confirm.php?email=(my email)

When you click on link, you are transfer to another blank page.

Till now only me and my pal start reciving this kind of mail, but I am little affraid that spammers didn't hacked my site.

Does anyone else know anything about this problem?

Posted: Fri Jun 10, 2005 11:45 am

Dunno....but I DO know that I have been getting a LOT of returned emails to my nuke domain that appear to have originated from my domain. I have changed all of my email settings but continue recieving them. I don't believe any of my mail accounts have been compromised, I DO however believe that spammers are now taking existing domains and using the domain name in their spam attempts on others. It really pisses me off because if this is indeed the case...think of all of the people that tag those spam mails with my domain as "junk/spam" which in many cases will result in ANY mail from my domain being labeled as such even if it isn't really spam (by people who use services that block spam).

Posted: Fri Jun 10, 2005 1:50 pm

We ´received in may about 300 Worm Sober O. mails with political propaganda messages .All to @mydomain.com.
And there was no way to stop this flood. That was fun.

How spammers work is very interesting. I found yesterday this site:

http://www.dnsbl.us.sorbs.net/spamfo/prevention.shtml#7.0/

Posted: Fri Jun 10, 2005 1:57 pm

Has anyone else been receiving bounced or otherwise returned spam and virus laden emails from their own domain other than me?

example: if you have the nukeuser.com domain and recieve bounced emails from stuff like info@nukeuser.com, webmaster@nukeuser.com, steve@nukeuser.com??

Site Admin/Owner Joined: Aug 27, 2002 Posts: 17088

Yep - regularly

Posted: Fri Jun 10, 2005 6:30 pm

I sure wish there was a way to stop that nonsense....

Posted: Fri Jun 10, 2005 6:39 pm

cPanel -> Mail -> Spam Assassin -> Enable Spam Box

Posted: Fri Jun 10, 2005 8:25 pm

Um...that's not what I meant. I meant I wish there was a way to make those freakin bottom feeders stop using my domain name in their d*** spam messages.... Pisses me off to be the one paying for my domain just to have some d*** low life use my domain name....

Posted: Fri Jun 10, 2005 10:34 pm

There is. SPF - Sender Policy Framework. See http://spf.pobox.com/

registered · Posted: Mon Jun 13, 2005 11:28 am

I don't know about hte rest of you but most of the ones I received in the first week or so were all labeled as comeing from UCDavis.edu. Put that in the block files and the problem nearly went away. Smile

As to SPF, the receiver's email server has to be using it as well.

-drmike

Posted: Mon Jun 13, 2005 11:41 am

I have been getting a ton of emails that are carrying a viral attachment that come from various *@curtishancock [dot] net (my domain) addresses, most don't even really exist, but some do.

Here is the text content of the majority of the emails I am getting:

Quote:

We regret to inform you that your account has been suspended due to the violation of our site policy, more info is attached.

These are mailed to what appears to be random email addresses

Anyone else getting these? It is really aggravating me because I am concerned about people getting viruses from what appears to be my domain and also members thinking their accounts have been suspended.

I am getting around 50 of these a day now and am starting to get seriously concerned.

Posted: Mon Jun 13, 2005 4:49 pm

I have had the odd one or two a week, especially when SoperP first appeared but sometimes it can be weeks without anything at all, indicating at least in my own situation it is purely random.

I never use the 'default' mailbox for cPanel derived sites and specifically block mail ( :fail) to any account accept those which are specifically set up for use.

The only time I have had serious problems was with a domain I purchased which had previously been in use (and expired) by another owner - man, that was a nightmare for several months. I ended up blocking any incoming mail for the domain for a couple of months and everything was fine after that has has been for the last year or so.

Posted: Mon Jun 13, 2005 6:16 pm

Since you're sending emails to your members for account activation they will have your email address.
Spam, virus, hoax, etc. bots scan their mail application and fetch all email domains in there.

To avoid the spam you could hack the your_account index.php that uses sendmail() and use for example nobody@fbi.us as "from" address.
Then your domain isn't exposed and the person who is to lazy to buy a virusscanner or is a spammer will actualy get cought by the fbi.

Be carefull with this though, some hosting companies block to send emails with other domains other then that belonging to the account on the server.

Posted: Mon Jun 13, 2005 6:55 pm

Same email adresses as no-reply@yoursite.com and noreply@ are for spammers not very interesting.
Think the get not enough money for noreply adresses.

Posted: Mon Jun 13, 2005 10:26 pm

DJ's post sums it up and his recommended methodology is sound.

People that have spyware on their PC are exposing you domain/account names and thus they are being forged in outgoing SPAM.

As long as there are Internet email propogation policies that don't enforce pure authentication and source-validation, there will be spammers using forged credentials and thus, you'll be getting SPAM.

Ah, isn't the Internet great?