Email Hijack

Email Hijack (Full Version)

All Forums >> [Web Development] >> Search Engine Optimization and Web Business

Message

alastairwheatcroft -> Email Hijack (6/1/2003 16:26:50)
Help!!! I have just had two emails returned, both possibly with viruses attached. I do not use the email address in question for outgoing mail, although it is quoted on my web site. Someone is using my email address. How do I stop it. What Can I do? The message is.... ***** This message was created automatically by mail delivery software. A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed: info@boscastleholidays.co.uk This message has been rejected because it has an apparently executable attachment src.bat This is a virus prevention measure. If you meant to send this file then please package it up as a zip file and resend it. ------ This is a copy of the message, including all the headers. ------ ------ The body of the message is 135521 characters long; only the first ------ 65536 or so are included here. Return-path: <alastair@simplywebservices.co.uk> Received: from modem-2177.tiger.dialup.pol.co.uk ([62.136.216.129] helo=Mlassjkod) by tmailb1.svr.pol.co.uk with smtp (Exim 4.14) id 19MVmE-0002M2-1f for info@boscastleholidays.co.uk; Sun, 01 Jun 2003 17:33:47 +0100 From: alastair <alastair@simplywebservices.co.uk> To: info@boscastleholidays.co.uk Subject: GameSpy Industries. MIME-Version: 1.0 Content-Type: multipart/alternative; boundary=FX3743clTQpom08C64158Du666FAz Message-Id: <E19MVmE-0002M2-1f.2003-06-01-17-33-47@tmailb1.svr.pol.co.uk> Date: Sun, 01 Jun 2003 17:33:47 +0100 --FX3743clTQpom08C64158Du666FAz Content-Type: text/html; Content-Transfer-Encoding: quoted-printable etc..etc ************** The other is similar to another address. Thanks Alastair[:(]

Richard Dudley -> RE: Email Hijack (6/1/2003 21:55:30)
If it' s on your website, there' s nothing you can do. Probably someone who visited your page is infected. Many viri today scan the temporary internet files directory looking for pages with e-mail addresses on them. These addresses are used (along with any others found in Outlook address books) as the to and from addresses. This was such a problem on one of our websites that I had to write an intelligent form entry system to prevent this from happening. This is your only clue as to who is infected: quote: Received: from modem-2177.tiger.dialup.pol.co.uk ([62.136.216.129] helo=Mlassjkod) Perhaps the ISP will try to identify who had that IP address at the time the message was sent. Fat chance--they' re usually too busy.

Reflect -> RE: Email Hijack (6/2/2003 7:43:45)
Do you use something called formail.pl on your web site for sending out e-mail like from " contact us forms" or the likes? If so maybe check the version. If it is prior to v1.91 then I believe that is your culprit and you need to get a more current version. Brian

alastairwheatcroft -> RE: Email Hijack (6/2/2003 9:41:01)
Hello and thanks for replying, Reflect...I am using Frontpage on my site www.simplypoultry.ltd.uk , and I cannot find a file called formail.pl. Where does it normally reside? I it a " frontpage file" Richard, All my forms write to database, except one which uses a bravenet form. Are those writing to database vunerable, should they be behind a login system? Cheers Alastair

Reflect -> RE: Email Hijack (6/2/2003 10:32:27)
It can reside anywhere is the problem. Normally though it is in the cgi-bin directory. No it is not a FP file. Brian

Gil -> RE: Email Hijack (6/2/2003 11:30:42)
quote: Do you use something called formail.pl on your web site for sending out e-mail like from " contact us forms" or the likes? If so maybe check the version. If it is prior to v1.91 then I believe that is your culprit and you need to get a more current version. Good point Brian. But it appears in this case the spammer is sending from some other mail server and spoofing the return to so he doesn' t get all the undeliverable returns...

DaAngel -> RE: Email Hijack (6/3/2003 2:29:27)
Can I point out a lil something here. This may or not be the case. If for some reason the email address from your site is stored in an email client such as outlook on your your PC, then if you have a virus on your PC it may try to send email from an address found on your computer. If the virus is located on someone elses computer, and that computer has your email registered in a local email client, expect to obtain a copy of the virus via email soon.

alastairwheatcroft -> RE: Email Hijack (6/3/2003 3:31:21)
Thankyou everyone, Outlook doesn' t have the mail address in question in it. The domain holding company have it forwarded to my main email address. I have receieved one or two virus emails, but the checker picked them up and I deleted them. So I don' t know the originator. regards Alastair

Page: [1]

Forum Software © ASPPlayground.NET Advanced Edition 2.4.5 ANSI

0.09375