Greenguy's Board

Greenguy's Board (http://www.greenguysboard.com/board/index.php)
-   General Business Knowledge (http://www.greenguysboard.com/board/forumdisplay.php?f=10)
-   -   WTF..Someone's using my domain name to send spam!!!! (http://www.greenguysboard.com/board/showthread.php?t=2261)

amber438 2003-11-11 07:03 AM
WTF..Someone's using my domain name to send spam!!!!
 
I've been out of town for a few days on biz and I come back to a SHIT LOAD of mailer demon delivery failure messages using my domain name red-hot-links.com like this..
(don't know if it's a virus or the real spam thing)

copy below

Message from yahoo.com.
Unable to deliver message to the following address(es).

(a bazillion yahoo email address listed here)

--- Original message follows.

X-YahooFilteredBulk: 66.214.210.60
Return-Path:
Received: from 66.214.210.60 (EHLO mail.mzchjfzggpkakkpmw.com) (66.214.210.60)
by mta233.mail.scd.yahoo.com with SMTP; Mon, 10 Nov 2003 22:40:27 -0800
To:
From: "Jay"
Subject: Get"" "their""Passwd. .zqadhsqk zlmtyhiikknulpbnttp
Date: Tue, 11 Nov 2003 01:40:28 -0500
MIME-Version: 1.0
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-Priority: 5
X-MSMail-Priority: Low
X-Mailer: Microsoft Outlook, Build 10.0.2616
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.3018.1300

"http://200.206.191.202/PASS/?hhafoerst">Steal Passwords!

ujpaolyjaq ehcujqq eqwxi= zqfcq edvq etpzmq evwpl
ftqouawbeq ejdqkvq enhvyuciq ezkjqubaptyq eefq esdczt
ijxzjjomq eywysozdjuq ezwzq etirekcmzeyq eqhtqoq eyz
ytmsiyq eztsznq ezaq exahxmgq eptlrqvxihq exaiqjui
vwrgq egfmnsslwmq earavokruwwq eouiaddq eocq ewojxg
bhmngq evtknngq ebqkgmxrdglq eidnhdq epnxsahfemq ewfd
bsexfvq elwdq eorfq ewyadqjbkqkq eewedq ejs
koroxmahloq eazq efyucnremq erljaq etcnbycklq epst
no more >

fwmxodkq ecfialojq epboq eblvjaaiwq epjecq elhg

fkuwqohoxlq eoilsbsvlmq erpdswyq epjlspq egiq eeoqh

xaq eovpflbecq etuq ewfvobctq ekfojhq eqa

ilbyggmbprq eaftufq etbwxqyvrreq eazhiedpinoq eyqjxjgqpiq ekimphmmuz
bajqisaq ernrddwlq eaiwyrlcvq evtq elpfukq eubjjiy
balzxnxyq eugkq elsnzq etbpfxgmguoq epqq ecvjhobhqha
eeuycq exivdjq evkbpyxrtjq ebrfchaq eywxxxpecrbq eocvogllgs
bswkq ekgqq eidmmwyq evqwq eilfmviq eeqjba=




*** MESSAGE TRUNCATED ***

I started contacting the domains they are coming from but wtf!! is there anything else I can do??

Greenguy 2003-11-11 07:57 AM
I woke up this morning to the same problem with one of my domain names :(

A buddy of mine had this same problem, but the really bad thing was that the sender was spamming ads for CP - he had the FBI knocking on his door a few days later & they took both his computers for a few days. He got them back, intact with nothing wrong or missing, but how hard would it have been for them to look at the source of the emails & see it was not coming from his ISP or POP account?

Just goes to show you that one asshole that you've probably never heard of can almost ruin your life :(

doublep 2003-11-11 08:13 AM
*A buddy of mine had this same problem, but the really bad thing was that the sender was spamming ads for CP

Fucking outrageous!!!! |banghead|

Amber - hope you get it sorted - similar thing happened to me a bit back - all I could do was email the people and tell then it was nothing to do with me at all - I never did find out who the culprit was :(

RawAlex 2003-11-11 11:13 AM
Amber, I have been getting it since last night on about 200 different domains... I have well more than 1000 bounce notices, beyond the ones already deleted and such.

It sucks.

The spam is being bounced off of a DSL modem in Brazil. Then it ends up at:

http://sf1000.registeredsite.com/~us...ASS/index.html
This is the destination URL for that spam, which is hosting by registeredsite.com in Atlanta. I suggest a phone call to them to remind them how much you hate being at the end of a joe-job.

Alex

JanTM 2003-11-11 11:13 AM
Spam from my domain *grrrrr*
 
It seems some spamming jerk set up his own email server and spammed the shit out of Yahoo using a bogus email @booballistics.com. So now I get all the delivery failure notices... and there are a lot of them |sad|

Just thought I'd mention it before I was hung out to dry as a spammer |goodnight

baddog 2003-11-11 11:57 AM
happens all the time, anyone with a lick of sense will know it did not originate from you

Ramster 2003-11-11 11:59 AM
Holy shit!

Took his computers? That's fucked up. I too had the same problem today with the Auto Response saying something like you spammers have emailed me for the last time. This shit is just not cool.

The only good thing is the email was from a domain I do not have an outgoing alias for so if checked with my host, they can confirm that.

JanTM 2003-11-11 12:09 PM
Its the first time it has happened to me so I was naturally a little confused when all the failure notice mails started to pour in :)

natalie 2003-11-11 04:19 PM
Hey guys, this problem can occur from a bot using your cgi mail program. If you look through your server stats you may find it and be able to prevent it. It could be in /cgi-bin/formail.pl or something similiar or in cgi/sys a server one that you can't access. If its in your server one then you can contact them to sort it out.
I don't know much about it, just that punaniman (my long suffering other half) had this happen to a client. Someone here should know more.

DangerDave 2003-11-11 05:03 PM
Happens to me regularly.. amber438 Check with your host.. they should be able to deal with it..

DD

darksoft 2003-11-12 12:08 AM
Happened to me too. A quick check at the headers shows that the asshat is only using bogus email addresses with my domain in the from line... looking at the origination shows it to not be my IP address, as I knew it wouldn't be.

amber438 2003-11-12 08:22 AM
yeah..he's using bogus email addresses with my domain name in them..like joeblow at red-hot-links.com
I have been trying to sort out who they are coming from and emailing the hosts with the ip addresses..this really sucks big time..
I have one email account with my host and anything coming to the rest gets forwarded to that..and it's not the red hot links domain

I wish I knew how to stop it and skin this jerk(s) alive

Snowone 2003-11-13 04:55 AM
Aren't spammers wonderful!

You can pretty much filter the bounces to a trash folder. However watch your mail admin address for idiot postmasters/sleuths that can't figure out from the header that the from address was forged.

You also should separate your postmaster account from your normal email account. someday some loser will buy a bad list and use your domain as the return. And you'll get to deal with the 20,000 to 30,000 bounced emails per day...

;)

urb 2003-11-13 06:31 AM
One thing I've noticed when this happens is that the spammer uses a randomly generated email address.... like

rob7392hd@yourdomain.net

so a good way to bounce those pesky undelivered notices is to switch off the catch all feature on your email admin. Then specify the email addresses you actually use like info@ sales@ and allow these to be delivered .... all the rest should bounce back.

DistantD 2003-11-13 09:29 AM
Wow! I thought I was the only one getting this! I got back from a road-trip last night and see hundreds of "Delivery Failure" emails coming in....
Amber, it's even the same "Jay" random@mydomain.com crap email.

I've been talking to my host but they don't seem to know what I'm talking about. At first, they thought I was getting too much spam...

If you turn of the catch-all, what happens to the emails? Do they go to a black-hole? Or do they get returned to the sender?


DistantD
www.distantdoor.com

urb 2003-11-13 10:16 AM
Return to sender. But then at least I don't see 'em.

amber438 2003-11-13 11:48 AM
Interesting ..I emailed road runner with the ip address(had quite a few from RR)....and the host in sweden of the place place they were spamming for..all emails stopped yesterday..


All times are GMT -4. The time now is 02:22 PM.

Powered by vBulletin® Version 3.8.1
Copyright ©2000 - 2025, Jelsoft Enterprises Ltd.
© Greenguy Marketing Inc