|
| |
|
|
alastairwheatcroft
Posts: 66
Joined: 6/11/2002
From: CHIPPING CAMPDEN Glos United Kingdom
Status: offline
 |
Email Hijack - 6/1/2003 16:26:50
Help!!!
I have just had two emails returned, both possibly with viruses attached. I do not use the email address in question for outgoing mail, although it is quoted on my web site.
Someone is using my email address.
How do I stop it.
What Can I do?
The message is....
*******
This message was created automatically by mail delivery software.
A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:
info@boscastleholidays.co.uk
This message has been rejected because it has
an apparently executable attachment src.bat
This is a virus prevention measure.
If you meant to send this file then please
package it up as a zip file and resend it.
------ This is a copy of the message, including all the headers. ------
------ The body of the message is 135521 characters long; only the first
------ 65536 or so are included here.
Return-path: <alastair@simplywebservices.co.uk>
Received: from modem-2177.tiger.dialup.pol.co.uk ([62.136.216.129] helo=Mlassjkod)
by tmailb1.svr.pol.co.uk with smtp (Exim 4.14)
id 19MVmE-0002M2-1f
for info@boscastleholidays.co.uk; Sun, 01 Jun 2003 17:33:47 +0100
From: alastair <alastair@simplywebservices.co.uk>
To: info@boscastleholidays.co.uk
Subject: GameSpy Industries.
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary=FX3743clTQpom08C64158Du666FAz
Message-Id: <E19MVmE-0002M2-1f.2003-06-01-17-33-47@tmailb1.svr.pol.co.uk>
Date: Sun, 01 Jun 2003 17:33:47 +0100
--FX3743clTQpom08C64158Du666FAz
Content-Type: text/html;
Content-Transfer-Encoding: quoted-printable
etc..etc
****************
The other is similar to another address.
Thanks
Alastair
|
|
|
|
Richard Dudley
Posts: 668
Joined: 8/22/2002
From: Butler, PA
Status: offline
|
RE: Email Hijack - 6/1/2003 21:55:30
If it' s on your website, there' s nothing you can do. Probably someone who visited your page is infected. Many viri today scan the temporary internet files directory looking for pages with e-mail addresses on them. These addresses are used (along with any others found in Outlook address books) as the to and from addresses.
This was such a problem on one of our websites that I had to write an intelligent form entry system to prevent this from happening.
This is your only clue as to who is infected:
quote:
Received: from modem-2177.tiger.dialup.pol.co.uk ([62.136.216.129] helo=Mlassjkod)
Perhaps the ISP will try to identify who had that IP address at the time the message was sent. Fat chance--they' re usually too busy.
_____________________________
I need to change my avatar--the puppy is full grown now!
| |
|
|
|
Reflect
Posts: 4769
From: USA
Status: offline
|
RE: Email Hijack - 6/2/2003 7:43:45
Do you use something called formail.pl on your web site for sending out e-mail like from " contact us forms" or the likes?
If so maybe check the version. If it is prior to v1.91 then I believe that is your culprit and you need to get a more current version.
Brian
_____________________________
| |
|
|
|
alastairwheatcroft
Posts: 66
Joined: 6/11/2002
From: CHIPPING CAMPDEN Glos United Kingdom
Status: offline
|
RE: Email Hijack - 6/2/2003 9:41:01
Hello and thanks for replying,
Reflect...I am using Frontpage on my site www.simplypoultry.ltd.uk , and I cannot find a file called formail.pl. Where does it normally reside? I it a " frontpage file"
Richard, All my forms write to database, except one which uses a bravenet form. Are those writing to database vunerable, should they be behind a login system?
Cheers
Alastair
| |
|
|
|
Reflect
Posts: 4769
From: USA
Status: offline
|
RE: Email Hijack - 6/2/2003 10:32:27
It can reside anywhere is the problem. Normally though it is in the cgi-bin directory.
No it is not a FP file.
Brian
_____________________________
| |
|
|
|
Gil
Posts: 7533
From: North Carolina, USA
Status: offline
|
RE: Email Hijack - 6/2/2003 11:30:42
quote:
Do you use something called formail.pl on your web site for sending out e-mail like from " contact us forms" or the likes?
If so maybe check the version. If it is prior to v1.91 then I believe that is your culprit and you need to get a more current version.
Good point Brian.
But it appears in this case the spammer is sending from some other mail server and spoofing the return to so he doesn' t get all the undeliverable returns...
_____________________________
Gil Harvey, 1947-2004
| |
|
|
|
DaAngel
Posts: 300
Joined: 3/30/2003
From: Posting Machine - Belfast Child
Status: offline
|
RE: Email Hijack - 6/3/2003 2:29:27
Can I point out a lil something here. This may or not be the case.
If for some reason the email address from your site is stored in an email client such as outlook on your your PC, then if you have a virus on your PC it may try to send email from an address found on your computer.
If the virus is located on someone elses computer, and that computer has your email registered in a local email client, expect to obtain a copy of the virus via email soon.
< Message edited by DaAngel -- 6/3/2003 2:37:54 AM >
_____________________________
North Carolina Web Design
Rockingham City Web Design
| |
|
|
|
alastairwheatcroft
Posts: 66
Joined: 6/11/2002
From: CHIPPING CAMPDEN Glos United Kingdom
Status: offline
|
RE: Email Hijack - 6/3/2003 3:31:21
Thankyou everyone,
Outlook doesn' t have the mail address in question in it. The domain holding company have it forwarded to my main email address.
I have receieved one or two virus emails, but the checker picked them up and I deleted them. So I don' t know the originator.
regards
Alastair
| |
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts
|
|
|
Printable Version 
