Hijacked e-mail address - what to do? - Page 2 - Canadian TV, Computing and Home Theatre Forums
Reply
 
LinkBack Thread Tools Search this Thread Display Modes

post #16 of 27 (permalink) Old 2007-08-08, 12:48 PM
Moderator
 
Join Date: Apr 2003
Location: Gatineau and Ottawa
Posts: 11,104
Quote:
Don't forget, that IP address may be fake as well.
The header can contain a spoofed IP but the original "Received" header will contain the real IP. In the header listed the spammer used "source" as the domain name which we know is invalid. However, the IP was determined as 81.175.103.67 before being accepted.

Here is a good explanation of the headers and how to tell what is spoofed and what is not.
Jake is offline  
Sponsored Links
Advertisement
 
post #17 of 27 (permalink) Old 2007-08-08, 12:56 PM
Veteran
 
Join Date: Mar 2004
Location: Vancouver, BC
Posts: 1,680
Quote:
Originally Posted by Dog Byte View Post
I send you an HTML based e-mail with a link to an image and when you open the e-mail an HTML request for the image is sent to my server. Gottcha.)
That's why I have my email program set to open email in text-only mode. Lots of bad stuff in HTML.
faston is offline  
post #18 of 27 (permalink) Old 2007-08-08, 03:06 PM
Veteran
 
Join Date: Jul 2002
Location: Bowmanville
Posts: 4,053
Thanks Jake...good info....
otown47 is online now  
 
post #19 of 27 (permalink) Old 2007-08-08, 04:49 PM
 
Join Date: Apr 2007
Posts: 212
Quote:
The header can contain a spoofed IP but the original "Received" header will contain the real IP.
A message can have more than one received header. If they're genuine, then the IP addresses will be real, but if they're faked, then they can be anything. Also, even if they're real, then they might be non-routable addresses, and not meaningful on the internet.
gorilla is offline  
post #20 of 27 (permalink) Old 2007-08-08, 06:29 PM
Moderator
 
Join Date: Apr 2003
Location: Gatineau and Ottawa
Posts: 11,104
It was my understanding that it is common for spammers to insert fake Received from IPs in the header. However, the 1st one is most likely correct since spammers don't utilize IP address spoofing.
Jake is offline  
post #21 of 27 (permalink) Old 2007-08-08, 06:35 PM
 
Join Date: Apr 2007
Posts: 212
Not neccessarily the first. The order of recieved headers is arbitary. The first would certainly be the most common ordering though.
gorilla is offline  
post #22 of 27 (permalink) Old 2007-08-09, 12:28 AM
 
Join Date: Jan 2003
Posts: 6,296
Quote:
Why a pdf?
Adobe's PDF readers have security flaws and the software may not be updated as often by end users. To spammers and hackers, it's just another security hole to exploit. Access to hijacked PCs with high speed connections is worth big money on the black market. Spammers often don't use legal servers anymore. They pay hackers for access to hijacked PCs to send spam.
I_Want_My_HDTV is offline  
post #23 of 27 (permalink) Old 2007-08-09, 11:09 AM
57
Moderator
 
Join Date: May 2002
Location: Toronto, Rogers, 9865 & 8300-eHDD, Sharp LC75N8000U, Denon AVR4310Ci; Sony KDL40W3000, 9865
Posts: 56,189
From Today's Globe:

http://www.theglobeandmail.com/servl...ry=E-greetings

Quote:
Beware e-greetings

To judge by the amount of e-mail circulating through cyberspace claiming to be greeting cards sent by secret admirers, long-lost school chums or colleagues sending you their best wishes, it's like the Internet has turned into a delivery system for group hugs," writes Mike Wendland in The Detroit Free Press. "Don't fall for it. There's nothing at all friendly about this sudden greeting-card deluge. Instead, it's yet another effort by hackers and malicious virus-writers to infect your computer with junk ... Instead of a greeting, the link leads to what is known as the Storm Worm, a powerful snippet of code that installs on the unsuspecting user's computer and then begins to send out spam to everyone on the user's contact list.
Also - stock tips - and why PDFs.

http://www.theglobeandmail.com/servl...ery=Inbox+hell

Quote:
The spammed message was sent as a PDF file attachment, an increasingly popular means of spamming because it helps the message evade some anti-spam filters. It was spread quickly by hackers using "compromised" home PCs of unsuspecting e-mail recipients, Sophos said.
Quote:
The Prime Time message alone created a 30-per-cent surge in global spam traffic over a 24-hour period, Sophos reported.

57's Home Theatre (Latest equipment & photos)
57 is offline  
post #24 of 27 (permalink) Old 2007-08-09, 12:03 PM Thread Starter
Premium Supporter
 
Join Date: May 2003
Location: Ottawa, ON
Posts: 9,172
So, I was going to e-mail Hendrik yesterday but I noticed that there was almost no spam coming in. I literally got less than a half dozen spam e-mails and there were only about a dozen more in my spambox. And so far today the total is about three. A week of increasing volumes of spam (well over 400 in all a couple of days ago) and then...nothing. Weird, but that's just fine with me!

My thanks to everyone for their suggestions and information. If I get hit again, I'll know how to proceed.
eljay is offline  
post #25 of 27 (permalink) Old 2007-08-09, 12:35 PM
Moderator
 
Join Date: Apr 2003
Location: Gatineau and Ottawa
Posts: 11,104
Good to know. It could be that somebody else reported the spam and the server has been cleaned or patched. Check the few remaining ones to see if they are coming from the same IP range or if it is another spammer.
Jake is offline  
post #26 of 27 (permalink) Old 2007-08-09, 01:18 PM Thread Starter
Premium Supporter
 
Join Date: May 2003
Location: Ottawa, ON
Posts: 9,172
One's from Sweden, the other's from California. Of the few that I did check the other night, only the one that I posted was from Hendrik. There doesn't appear to be a pattern.
eljay is offline  
post #27 of 27 (permalink) Old 2007-08-17, 09:31 AM
 
Join Date: Jan 2006
Location: Hudson, Qc
Posts: 90
Quote:
Originally Posted by james99 View Post
Same here. Started a few weeks ago
also starting receiving PDF attachments to junk mail as well about a month ago, spam also seems on the increase

Lots and lots of toys!
Luckyguy is offline  
Reply

Quick Reply
Message:
Options

Register Now



In order to be able to post messages on the Canadian TV, Computing and Home Theatre Forums forums, you must first register.
Please enter your desired user name, your email address and other required details in the form below.

User Name:
Password
Please enter a password for your user account. Note that passwords are case-sensitive.

Password:


Confirm Password:
Email Address
Please enter a valid email address for yourself.

Email Address:
OR

Log-in










Thread Tools Search this Thread
Show Printable Version Show Printable Version
Email this Page Email this Page
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode



Posting Rules  
You may post new threads
You may post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On

 
For the best viewing experience please update your browser to Google Chrome