Home   Help Search Groups Login Register  
You are not logged in. To get the full experience of these forums, we recommend you log in or register
Plusnet Usergroup » All Users - The Open Forum » Plusnet Network and Technical Issues » Spam being recieved on Private e-mail addy
Pages: 1 ... 3 4 [5] 6 7 ... 20
  Print  
Author Topic: Spam being recieved on Private e-mail addy  (Read 162523 times)
udhiyana

Posts: 1

« Reply #60 on: May 14, 2007, 07:12:25 pm »

Hi guys,

What are the characteristics of the latest emails? I have received a couple and want to know if they are comparable.


The 4 I just received are the same, some with European time stamp, some with US time stamp huh

From - Mon May 14 18:36:58 2007
X-Account-Key: account2
X-UIDL: UID713-1063993052
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:                                                                                 
X-Daemon-Classification: SPAM
Envelope-to: XX@XXX.plus.com
Delivery-date: Mon, 14 May 2007 17:11:19 +0000
Received: from 183-37-49.ip.adsl.hu ([81.183.37.49])
     by fhw-sunmxcore02.plus.net with smtp (PlusNet MXCore v2.00) id 1Hne4s-0006tY-SM ; Mon, 14 May 2007 17:11:19 +0000
Message-ID: <000e01c7965b$9efc3e70$061c7f84@huba>
From: Edgar Schroeder <jsegregation@101nothing.com>
To: XX@XXX.plus.com
Subject: [-SPAM-] Once you start taking WonderCum, you will notice your sperm, stamina, and pleasure increasing within the first week.
Date: Mon, 14 May 2007 19:11:05 +0200
amp

Posts: 1

« Reply #61 on: May 14, 2007, 07:33:57 pm »

I have just recieved 3 of these spam emails. 2 using username@username.plus.com and 1 using postmaster@username.plus.name.
XPC exiled in NZ

Posts: 1382

« Reply #62 on: May 14, 2007, 07:47:54 pm »

The important issue here is how did these addresses get out. Unfortunately, once a spammer has the address lists, we will only see more and more spam to these address (most likely).

Are the people reporting spam today new people who are just getting this for the first time today, or are they the same people who received some spam yesterday too? I would guess that this info will help to establish how big the problem is and whether it is an ever expanding problem, or a fixed number of addresses that are going to be continually exploited from now on.

I'm not sure what F9/PN can do about this. If it is a security breach, then it really is a blow. I was starting to feel that things at PN had improved a lot since the mess-ups of last year. Of course, as has been suggested, these breaches of security could have taken place 2 years ago(!), and only now made it onto a spammers active list.

Mike
Tam

Posts: 1188


100Mb via Enta.net :D

« Reply #63 on: May 14, 2007, 08:31:23 pm »

Just downloaded my latest digest of spam.

I'd just like to congratulate PlusNet on allowing all of our addresses to be got at by a hacker/spammer.


Yet another mistake by the ever blundering PlusNet.

It wouldn't be so bad if i was still a customer, but I'm an ex-customer why the hell do you still have my addresses logged!

Not good at all.

Anyone feel their credit card details are safe???  angry

kitz

Posts: 4323

WWW
« Reply #64 on: May 14, 2007, 08:36:10 pm »

Yeah same here - only now getting them in duplicate

"wondercum", "dont resist just f*** like crazy", " dont be silly enjoy life"

Dont forget the Geeks!
kitz 2005
Tam

Posts: 1188


100Mb via Enta.net :D

« Reply #65 on: May 14, 2007, 08:43:06 pm »

Yeah same here - only now getting them in duplicate

"wondercum", "dont resist just f*** like crazy", " dont be silly enjoy life"

Thats the ones..... thanks PlusNet.

jelv1

Posts: 2130

« Reply #66 on: May 14, 2007, 08:43:44 pm »

Can you drop me a PM reminding me what the address was (I think I know but want to be sure). Did it arrive in the catch-all or to a specific mailbox?

Sorry for the delay - I've been in London all day. PM has been sent. It arrived in my catchall. The mailbox was created 10:08am, Thursday 29th March 2007. It was deleted some time in April when all the mailbox problems had been resolved.

jelv
jelv1

Posts: 2130

« Reply #67 on: May 14, 2007, 08:50:57 pm »

I have received another batch tonight, the first at just after 18:00. At a rough count around 50 emails. sad

jelv
scarymonkey

Posts: 1085

WWW
« Reply #68 on: May 14, 2007, 08:56:18 pm »

I didn't notice whether I got any yesterday as Spamfighter automatically sorted them for me, but today I made the effort to check the sorted spam before deleting and noticed I got a few to a test mailbox I setup nearly 3 years ago and 1 to username@username.

For me the amount received is minimal as my domain name typically gets 50-100 spam a day anyway.

Vince Marsters
Penny

Posts: 1781


WWW
« Reply #69 on: May 14, 2007, 09:53:41 pm »

Couple of thoughts.  We've been getting an increasing amount of these here, started yesterday where I noticed a spam e-mail to main mail (for which I set up a mailbox around 4 months ago iirc) but now receiving mails for both existing mailboxes on F9 and username (at) username.plus.com addresses (same subject line both in some instances and also same URL inclusion in others)

eg porxxxxxx username @ username (PN) e-h-w-y-c subject line, URL inclusion ourmix.hk
eg mainxxxx  mailbox (F9)             e-h-w-y-c subject line, URL inclusion gssd.hk
eg higxxxxx username @ username (PN)  e-h-w-y-c subject line, URL inclusion gssd.hk

Is there any mileage in tracking down the owner/s of such domains?  Unable to access allwhois just now to check the two quoted above, but looked up a couple of others earlier (along the lines of the multi-appearing teits.com , tekyi.com , tehgn.com - don't recall now, precisely which two) and both were owned by the same people, pumpmaster something-or-other (Brazil I think) - would the original source of this very-large batch of addresses be demand-able from the domain owners? If not by F9/PN, by whichever related UK body governs data protection.

However as per previous threads - just tracked back and located http://usergroup.plus.net/forum/index.php/topic,2646.msg36114.html#msg36114 (via PUGIT 116 at http://usergroup.plus.net/pugit/view.php?id=116 ) , it would be relatively easy for anyone to have created a list of all F9/PN usernames from existing listings available on the internet, as things stand.

That wouldn't explain how specific bloggs (at) username addresses have been discovered, nor mailboxes known only to customers/staff, but it would seem to have been "theoretically possible" for most or all of the username (at) username and postmaster (at) username addresses to have been assembled by anyone with the time to spare to set up the spam list from already-publicly-available information.

I don't have the vaguest idea how the other factors could have become known - but that doesn't mean there isn't some means for it to have done so, without "deliberate leaks".  I just wondered if the people owning the sites to which the spam e-mails direct recipients, might be able to shed some insight, if some mode of persuasion is usable.

Regards,

Penny.

Penny Rollo       Force 9 from 17/02/98       PlusNet from 2000 onwards     
Project HappyChild - free maths worksheets, free French-English
worksheets and 12 other languages http://www.happychild.org.uk
personal site www.pennymidasrollo.plus.com
WilliamG

Posts: 85

« Reply #70 on: May 14, 2007, 10:16:49 pm »

I've been getting the same spam too.

Some to my postmaster account and some to an old mailbox that's never had a real spam problem before.
My second mailbox hasn't received any as yet.

Though I've had lots of spam  to my  postmaster account in the past, I've never had really offensive stuff like this before.

Has someone out there got a grudge against plusnet? shocked
Oldjim

Posts: 1016

« Reply #71 on: May 14, 2007, 10:18:46 pm »

and another to my postmaster account
Quote
Envelope-to: postmaster@xxxxx.plus.com
Delivery-date: Mon, 14 May 2007 19:32:13 +0000
Received: from arennes-356-1-81-185.w86-220.abo.wanadoo.fr ([86.220.144.185])
     by fhw-sunmxcore07.plus.net with smtp (PlusNet MXCore v2.00) id 1HngHF-0003uF-5F
     for postmaster@xxx.plus.com; Mon, 14 May 2007 19:32:13 +0000
Message-ID: <001601c7966f$55a2d720$066153f4@chambre>
From: Lola Ventura <voretagged@drmelissaedelson.com>
To: postmaster@xxxxx.plus.com
Subject: she will be running away from your dick.
Date: Mon, 14 May 2007 21:32:12 +0200
MIME-Version: 1.0
Content-Type: text/plain;
        charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.2962
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.2869
X-PN-VirusFiltered: by PlusNet MXCore (v2.00)

dtomlinson
Plusnet Staff

Posts: 2156


« Reply #72 on: May 14, 2007, 10:29:51 pm »


Is there any mileage in tracking down the owner/s of such domains?  Unable to access allwhois just now to check the two quoted above, but looked up a couple of others earlier (along the lines of the multi-appearing teits.com , tekyi.com , tehgn.com - don't recall now, precisely which two) and both were owned by the same people, pumpmaster something-or-other (Brazil I think) - would the original source of this very-large batch of addresses be demand-able from the domain owners? If not by F9/PN, by whichever related UK body governs data protection.

Unlikely, chances are the people on the whois are just victims of identity or credit card theft and will know nothing about the domain until they see a strange payment or five on their credit card bill.

Regards,

Dave Tomlinson
PlusNet Support
Tam

Posts: 1188


100Mb via Enta.net :D

« Reply #73 on: May 14, 2007, 10:49:47 pm »

Quote
That wouldn't explain how specific bloggs (at) username addresses have been discovered, nor mailboxes known only to customers/staff, but it would seem to have been "theoretically possible" for most or all of the username (at) username and postmaster (at) username addresses to have been assembled by anyone with the time to spare to set up the spam list from already-publicly-available information.

Sure, being able to rdns all of PN customers has been known for a while and i'm surprised its not been done before now, thats to be honest, not the issue.

The issue (for me at least) is the release of information about true valid mailboxes (or used to be valid mailboxes). This "leak" can only have come from either a)a PN person b)a hacker who has obtained access to one or more files.



Oldjim

Posts: 1016

« Reply #74 on: May 14, 2007, 11:12:42 pm »

Just checked my catchall spam@username etc and have received one addressed to it.
This account was set up on the 19th April purely as a catchall and has never been accessed other than by webmail
Quote
Envelope-to: spam@*****.plus.com
Delivery-date: Mon, 14 May 2007 19:42:00 +0000
Received: from 201008098009.user.veloxzone.com.br ([201.8.98.9])
by fhw-sunmxcore06.plus.net with smtp (PlusNet MXCore v2.00) id 1HngQd-0006H6-1f
for spam@holtlane.plus.com; Mon, 14 May 2007 19:42:00 +0000
Message-ID: <001401c79646$c8c52970$000f2d9c@eub39919e885c1>
From: Coy Mccarthy <babhatchers@guanajuatorealty.com>
To: spam@*****.plus.com
Subject: blondes will **** like crazy
Date: Mon, 14 May 2007 16:41:56 -0300
MIME-Version: 1.0
Content-Type: text/plain;
charset="windows-1250"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2462.1158
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2462.3000
x-open-relay: 201.8.98.9 is in a black list at bl.spamcop.net
X-PN-VirusFiltered: by PlusNet MXCore (v2.00)
Pages: 1 ... 3 4 [5] 6 7 ... 20
  Print  
 
Jump to: