Suman Posted September 22, 2012 Share Posted September 22, 2012 I just got spam email via the email address I gave this forum. The sender was "operation jubilee", (screengrab attached). If it's just me then it's no big deal, but if other's have had this spam email via their piriform email address then the database of this forum may have been hacked. Just though I'd mention it. Link to comment Share on other sites More sharing options...
Moderators Andavari Posted September 22, 2012 Moderators Share Posted September 22, 2012 Do you remember if you've ever posted your email address on the forums in a post? Far too often people have did that, and by the time we notice it and edit it out of posts it could be too late and already grabbed by the gobs of spammers that look at forums. Link to comment Share on other sites More sharing options...
Suman Posted September 22, 2012 Author Share Posted September 22, 2012 Do you remember if you've ever posted your email address on the forums in a post? ... I know about email harvesting so never post email addresses in any forum, and I have never used the piriform email address to send an email to piriform or anyone else. That email has only been used by this forum to send emails to me. [ The email address I created seems too weird to be guessed by spammers ... https://en.wikipedia..._harvest_attack ] If no-one else reports getting spam via their piriform forum email address then the hack is specific to me Link to comment Share on other sites More sharing options...
Super Fast Posted September 22, 2012 Share Posted September 22, 2012 So far, I am not getting spams via the forum. I get spams, but if you use Yahoo Chat, or any number of other services that expose your email, that is to be expected. Link to comment Share on other sites More sharing options...
Alan_B Posted September 22, 2012 Share Posted September 22, 2012 You registered here nearly 2 years ago. Since then this forum has moved from one service provider to another. I cannot help wondering if the previous service provider has disposed of recently redundant servers without first securely erasing their contents. Link to comment Share on other sites More sharing options...
Suman Posted September 23, 2012 Author Share Posted September 23, 2012 ... if you use Yahoo Chat, or any number of other services that expose your email, that is to be expected. The email address was a disposable one I created specifically for the piriform forum (see attachment on first post). I've never used it to send an email so it has never been exposed to anyone by myself. It's not in my email contacts list either , (as I've never sent a message using it), so contact-list-harvesting wouldn't explain how spammers got it either. Link to comment Share on other sites More sharing options...
Moderators Nergal Posted September 23, 2012 Moderators Share Posted September 23, 2012 my guess is that, if you look at the header it may confirm this, the email was sent to a number of addresses at the same isp. These addresses are usually contiguous usernames, it may well be that this is just a happenstance-based hit on a mass send. ADVICE FOR USING CCleaner'S REGISTRY INTEGRITY SECTION DON'T JUST CLEAN EVERYTHING THAT'S CHECKED OFF. Do your Registry Cleaning in small bits (at the very least Check-mark by Check-mark) ALWAYS BACKUP THE ENTRY, YOU NEVER KNOW WHAT YOU'LL BREAK IF YOU DON'T. Support at https://support.ccleaner.com/s/?language=en_US Pro users file a PRIORITY SUPPORT via email support@ccleaner.com Link to comment Share on other sites More sharing options...
Super Fast Posted September 23, 2012 Share Posted September 23, 2012 The email address was a disposable one I created specifically for the piriform forum (see attachment on first post). I've never used it to send an email so it has never been exposed to anyone by myself. It's not in my email contacts list either , (as I've never sent a message using it), so contact-list-harvesting wouldn't explain how spammers got it either. As Nergal states above, it is probably resultant from mass emailings. There are 2 ways it can happen. 1) Using a program to scan for anything on the web with @ in it to harvest email addresses & save as plain text for mass email programs to bulk e-mail. 2) Using a random generator that generates random email addresses & sends emails to every possible letter/number combination up to a certain length. Link to comment Share on other sites More sharing options...
Suman Posted September 24, 2012 Author Share Posted September 24, 2012 my guess is that, if you look at the header it may confirm this, the email was sent to a number of addresses at the same isp. These addresses are usually contiguous usernames ... I've attached part of the full header to this post, there are no other similar addresses on it, just the one I created for this forum, which I have never used to send an email, nor have I posted it anywhere other than the registration form for this forum. ... 2) Using a random generator that generates random email addresses & sends emails to every possible letter/number combination up to a certain length. Hopefully it is just a random fluke coincidence, otherwise there is a leak of data somewhere. [ BTW the email was apparently from a revolutionary political organisation, so they're probably not above doing something illegal to further their cause, e.g. hacking databases ] Link to comment Share on other sites More sharing options...
Super Fast Posted September 24, 2012 Share Posted September 24, 2012 There are also a few other possibilities. 1) They have (or have had) a member with that name in their database, therefore you are targeted. Deleted Yah email names recycle after a period of time. 2) They are targeting IP addresses of a similar range. If this helps, I saw this about that IP: 74.122.121.162 The Project Honey Pot system has detected behavior from the IP address consistent with that of a mail server and bad web host. Below we've reported some other data associated with this IP. This interrelated data helps map spammers' networks and aids in law enforcement efforts. Honey pots are computers set up to trick spammers & aid in catching them. Link to comment Share on other sites More sharing options...
Moderators Nergal Posted September 24, 2012 Moderators Share Posted September 24, 2012 (edited) based on the from you were definitely hit by some sort of mass mailer, the domain in in use by a (and this term is used with ethereal looseness)"group" of hacker and script-kids based on the header you attached it was indeed a mass-mailer (says so right there) based on the fact that you used a throw away email I'd look in the direction of those servers unless you are in charge of the domain for which you've used. also interesting though I have no headers to compare to whether your server does the same for all http://www.openspf.org/SPF_Received_Header as well it should be said that's not the full header so I can only educated-ly guess, and if indeed it is anonymous based (which may or not be likely) it is unlikely any answer can ever be guaranteed. Edited September 24, 2012 by Nergal added information ADVICE FOR USING CCleaner'S REGISTRY INTEGRITY SECTION DON'T JUST CLEAN EVERYTHING THAT'S CHECKED OFF. Do your Registry Cleaning in small bits (at the very least Check-mark by Check-mark) ALWAYS BACKUP THE ENTRY, YOU NEVER KNOW WHAT YOU'LL BREAK IF YOU DON'T. Support at https://support.ccleaner.com/s/?language=en_US Pro users file a PRIORITY SUPPORT via email support@ccleaner.com Link to comment Share on other sites More sharing options...
Suman Posted September 24, 2012 Author Share Posted September 24, 2012 ... based on the fact that you used a throw away email I'd look in the direction of those servers If someone has hacked my email provider to obtain addresses to spam, why should they choose a disposable email account which has been unused for over a year, rather than more recent disposable email, or better still use my primary email ?. [ a quick Google reveals this particular spam email is not specific to my email provider, e.g. header posted here ... http://pastebin.com/YJiDrq4Y ] Link to comment Share on other sites More sharing options...
Moderators Nergal Posted September 24, 2012 Moderators Share Posted September 24, 2012 yeah, I'm still going with the mass send using a random character range address generator. I'd assume like one of my my mail hosts (earthlink) that O2.pl (a well know isp email provider) gets hit with these fairly often ADVICE FOR USING CCleaner'S REGISTRY INTEGRITY SECTION DON'T JUST CLEAN EVERYTHING THAT'S CHECKED OFF. Do your Registry Cleaning in small bits (at the very least Check-mark by Check-mark) ALWAYS BACKUP THE ENTRY, YOU NEVER KNOW WHAT YOU'LL BREAK IF YOU DON'T. Support at https://support.ccleaner.com/s/?language=en_US Pro users file a PRIORITY SUPPORT via email support@ccleaner.com Link to comment Share on other sites More sharing options...
Corona Posted September 25, 2012 Share Posted September 25, 2012 Earthlink? Wow, that brings me back. Link to comment Share on other sites More sharing options...
Moderators Nergal Posted September 25, 2012 Moderators Share Posted September 25, 2012 lol I keep it, funny enough, because of it's friggin' awesome spamblocker which I've yet to find better ADVICE FOR USING CCleaner'S REGISTRY INTEGRITY SECTION DON'T JUST CLEAN EVERYTHING THAT'S CHECKED OFF. Do your Registry Cleaning in small bits (at the very least Check-mark by Check-mark) ALWAYS BACKUP THE ENTRY, YOU NEVER KNOW WHAT YOU'LL BREAK IF YOU DON'T. Support at https://support.ccleaner.com/s/?language=en_US Pro users file a PRIORITY SUPPORT via email support@ccleaner.com Link to comment Share on other sites More sharing options...
everthewatcher Posted October 1, 2012 Share Posted October 1, 2012 I got exactly the same spam email, and just like the OP it was sent to a unique address (piriform.mail@mydomain) that used to register here back in April this year. So I'd say the address list has been leaked or hacked. Link to comment Share on other sites More sharing options...
Suman Posted October 1, 2012 Author Share Posted October 1, 2012 I got exactly the same spam email, and just like the OP it was sent to a unique address (piriform.mail@mydomain) that used to register here back in April this year. So I'd say the address list has been leaked or hacked. “ piriform.mail ” is guessable with a dictionary attack, (both words in dictionary). Maybe the spammers have done the numbers-for-letters thing too: I (the OP) used “p1r14m” (piriform) as part of the email address. Link to comment Share on other sites More sharing options...
everthewatcher Posted October 9, 2012 Share Posted October 9, 2012 @suman If that were the case I'd be getting loads of spam to randomword.randomword@mydomain addresses but I don't. But I did get the same spam as you sent to the unique address used just once to sign up to this forum in April this year. The reason is simple - the data has been leaked, hacked or sold. What do the moderators have to say? Link to comment Share on other sites More sharing options...
Moderators Andavari Posted October 9, 2012 Moderators Share Posted October 9, 2012 The reason is simple - the data has been leaked, hacked or sold. What do the moderators have to say? We are not of any official capacity on here because we don't work for Piriform so we couldn't tell you what's going on, and we're only regular volunteers like everybody else that posts on here - i.e.; in the dark like everyone else is. Link to comment Share on other sites More sharing options...
TheWebAtom Posted October 9, 2012 Share Posted October 9, 2012 The reason is simple - the data has been leaked, hacked or sold. What do the moderators have to say? I doubt it. Lets look at this logically for a second. - The forum has ~48,000 registered members; you can currently buy email addresses at 0.40c/1000, which means that whoever sold them would be ~$19 richer. Hardly worth the effort. - If the database was compromised there are far more interesting things that the hacker could do than send email spam. Think rainbow tables, birthday attacks and SQLi fun. - If the email database table (or a dump of said table) had been leaked; this would be a far more common issue. There are ~47,998 who have not received this spam message. That's 99.9958% of the userbase unaffected. I think this needs to be attributed to some sort of cryptographic anomaly and left to die. (There is another possibility to explain this; but it's a little far fetched. Perhaps the domain that your email addresses use at some point transverses a poisoned DNS server; which is extracting email information from the SMTP packet header and using them for spam. Now that would be worth talking about!) I'm Shane. Link to comment Share on other sites More sharing options...
Alan_B Posted October 9, 2012 Share Posted October 9, 2012 Sorry I did not understand the basis for conclusion I commented on. Link to comment Share on other sites More sharing options...
TheWebAtom Posted October 9, 2012 Share Posted October 9, 2012 Alan, mydomain.com is obviously a placeholder for a domain name that he owns. They won't actually work. If you own a custom domain (such as mydomain.com) you can create as many prefixes as you want. I'm Shane. Link to comment Share on other sites More sharing options...
Alan_B Posted October 9, 2012 Share Posted October 9, 2012 Alan, mydomain.com is obviously a placeholder for a domain name that he owns. They won't actually work. If you own a custom domain (such as mydomain.com) you can create as many prefixes as you want. You may be correct. It is a possibility I had not considered. Suman stated "The email address was a disposable one" EvertheWatcher did not indicate that he did otherwise. Link to comment Share on other sites More sharing options...
Moderators Nergal Posted October 9, 2012 Moderators Share Posted October 9, 2012 yes Alan,I am 100% sure that they were using placeholders so 1) they didn't get more spam 2) understand that the exact emails are not needed for this discussion ADVICE FOR USING CCleaner'S REGISTRY INTEGRITY SECTION DON'T JUST CLEAN EVERYTHING THAT'S CHECKED OFF. Do your Registry Cleaning in small bits (at the very least Check-mark by Check-mark) ALWAYS BACKUP THE ENTRY, YOU NEVER KNOW WHAT YOU'LL BREAK IF YOU DON'T. Support at https://support.ccleaner.com/s/?language=en_US Pro users file a PRIORITY SUPPORT via email support@ccleaner.com Link to comment Share on other sites More sharing options...
qsdewa Posted October 13, 2012 Share Posted October 13, 2012 I got spam too from anonymous@operationjubilee.in but with no content at all. The mail was in Junk-E-Mail folder. In the subject is something about protests in greece. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now