You are missing our premiere tool bar navigation system! Register and use it for FREE!

NukeCops  
•  Home •  Downloads •  Gallery •  Your Account •  Forums • 
Readme First
- Readme First! -

Read and follow the rules, otherwise your posts will be closed
Modules
· Home
· FAQ
· Buy a Theme
· Advertising
· AvantGo
· Bookmarks
· Columbia
· Community
· Donations
· Downloads
· Feedback
· Forums
· PHP-Nuke HOWTO
· Private Messages
· Search
· Statistics
· Stories Archive
· Submit News
· Surveys
· Theme Gallery
· Top
· Topics
· Your Account
Who's Online
There are currently, 368 guest(s) and 6 member(s) that are online.

You are Anonymous user. You can register for free by clicking here
Nuke Cops :: View topic - Spammer Uses Sites WebMail. [ ]
 Forum FAQ  •  Search  •   •  Memberlist  •  Usergroups   •  Register  •  Profile •    •  Log in to check your private messages  •  Log in

 
Post new topic  Reply to topicprinter-friendly view
View previous topic Log in to check your private messages View next topic
Author Message
Prophet
Captain
Captain


Joined: Mar 14, 2004
Posts: 422

Location: Florida, USA, Earth, Space

PostPosted: Fri Dec 10, 2004 11:59 am Reply with quoteBack to top

Since it is not simply one individual, it is unlikely that removing the webmail will eliminate the attempts to use your site for malicious purposes. I have not had the webmail active on my site for a long time, but they still come to check for it. I doubt they even remember what all sites they have already checked for vulnerabilities. I strongly advise installing one of my little security features. Coupled with Sentinel, it has proven to be very effective.

This person was automatically banned today from my site -
cyberlotto - cyberlotto44@coolkiwi.com - 80.88.128.12

Since this forum topic began, my security add-ons have busted and banned over 2 dozen individuals for questionable activities.
Over a dozen of those have been content theft attempts.

If you have Sentinel (I recommend you do) and want to try out a couple of my security additions (including image protection), drop me a line via the feedback form on my site. I'll hook you up.

Although Nuke Cops is all about security, it's possible that being a member of Nuke Cops is a security risk in itself. I wont be posting any more security codes here because the attackers may just be watching this topic. I believe this site is where they get their "prospective victims" list from. I can run search engine searches for Nuke sites all day and not come up with mine as a result, yet somehow the perpetrators have mine on their hit-list. This is the likeliest place they would be grabbing their info from. I mean, what better a place to be able to come up with a list of Nuke sites from?
Another security risk is that big old "Powered By PHP Nuke" line located at the bottom of every PHP Nuke page. It might as well say "Attack Me, I'm A PHP Nuke Site!". It's like a freakin beacon in the night.

_________________
- Prophet
Get the Last Visit module (and others modules I designed) from my website! FREE! http://jasonlau.biz

http://DotCom.Name
Find all posts by ProphetView user's profileSend private messageVisit poster's websiteAIM Address
Evaders99
Site Admin
Site Admin


Joined: Aug 17, 2003
Posts: 12482


PostPosted: Fri Dec 10, 2004 12:01 pm Reply with quoteBack to top

You're right. The more attention you give, the more you'll attract these scum. But don't let them deter you... you gotta have links to your website at some point. Otherwise no one will go to it, then what's the point? Smile

_________________
Helping those that help themselves
Read FIRST or DIE!

"Fighting is terrible, but not as terrible as losing the will to fight."
Star Wars Rebellion Network - Need Help? Evaders Squadron Coding
Find all posts by Evaders99View user's profileSend private messageVisit poster's websiteAIM Address
Prophet
Captain
Captain


Joined: Mar 14, 2004
Posts: 422

Location: Florida, USA, Earth, Space

PostPosted: Fri Dec 10, 2004 12:19 pm Reply with quoteBack to top

That's correct. Don't take me wrong. I wouldn't cancel my account here based on the fact that these idiots are harvesting info for malicious purposes. That's not the answer to the real problem. I'm not sure there is an answer. It's just unfortunate that some people have to be like that.
I wonder if they actually make money off of it or what the real motive is.

... don't answer that. Someone may get ideas.

_________________
- Prophet
Get the Last Visit module (and others modules I designed) from my website! FREE! http://jasonlau.biz

http://DotCom.Name
Find all posts by ProphetView user's profileSend private messageVisit poster's websiteAIM Address
Fiona
Private
Private


Joined: Nov 10, 2004
Posts: 48


PostPosted: Sun Dec 12, 2004 6:03 am Reply with quoteBack to top

This low life scum is still active. Has anyone had any joy positively identifying him?

If the 'authorities' won't act, I think I might be able to find someone who will 'deal with' him in another way.
Find all posts by FionaView user's profileSend private message
luisr320
Nuke Soldier
Nuke Soldier


Joined: Jul 06, 2003
Posts: 18


PostPosted: Fri Feb 25, 2005 2:33 pm Reply with quoteBack to top

Hera are a couple more of ip's of the lotto gang:

212.199.108.234 lottowodd
213.181.83.82 cyberlotto

I'm looking for more, and i'll find them. They managed to shut down my site to.
Thanks for the post.
Find all posts by luisr320View user's profileSend private message
luisr320
Nuke Soldier
Nuke Soldier


Joined: Jul 06, 2003
Posts: 18


PostPosted: Fri Feb 25, 2005 3:55 pm Reply with quoteBack to top

Here's a couple more:

80.88.154.117 Award17 awardnotice@yahoo.com
81.199.85.143 so_hale so_hale@kaixo.com
Find all posts by luisr320View user's profileSend private message
luisr320
Nuke Soldier
Nuke Soldier


Joined: Jul 06, 2003
Posts: 18


PostPosted: Fri Feb 25, 2005 4:31 pm Reply with quoteBack to top

Wow, they just keep popping. It's just a question of how you query your database.
This one had 6 different accounts: 80.88.154.115
Just query the database looking for 80.88 on the lastseen table. You'll be surprised. Wink
Find all posts by luisr320View user's profileSend private message
jsek
Nuke Cadet
Nuke Cadet


Joined: Mar 10, 2004
Posts: 2


PostPosted: Thu Mar 10, 2005 1:20 pm Reply with quoteBack to top

I have experienced similar problems as others cited in this forum. Thanks to Evaders99 for steering me in the right direction. Installing Nuke Sentinel 2.1.3 was surprising easy. I thought I was going to have problems based on comments from sentinel forum at this site. What is useful is learning (and perhaps passing on) what I have observed.

First, I thought I turned off webmail some time ago, but obviously someone turned it back on. That's assuming I know how to do this properly, which I believe I do. Most likely, I have a "friend" that likes to visit my site and help out in ways I don't need to know about. So first lesson will be for me to check out my site Preferences on a regular basis. I should also consider changing my admin password on a more frequent bases as well.

The spammers are after access to my webmail module. I don't accept that it is the work of one person, but probably of many who have the same idea. The fastest way to find php-nuke site is by searching results curtesy of the search engine sites. My site logs indicated that a popular search string is "modules.phpname webmail" and variations of this. I tried it myself and is certainly gets a lot of results back. As a lesson to be used here, I can search my logs and sentinel logs are very good for this, on everyone who tries to access the site by first going through webmail. I can either ban the IP from that or check to see if they try to register immediately afterwards (and yes they go directly to webmail again). Pretty good indicator that they are only interested in one thing, free access to e-mail.

Of interest, is that of the IPs I've banned over the first 2 days of running Sentinel, the primary offending countries are Nigeria and Israel. DNS searches showed that they have access to other countries IP addresses, but search results nearly always reveals a Nigeria or Israel address. Nigeria is also my favourite scam e-mail country where someone is forever asking me to help solve their banking problems.

I haven't tried out the registration username blocker that was suggested earlier, but that's next in my things to do. Its not that they seem to be accessing the site anymore, its more the nusience of them adding useless usernames and increasing the registered members list unfairly.

Thanks to all for the help. Very Happy
Find all posts by jsekView user's profileSend private message
Evaders99
Site Admin
Site Admin


Joined: Aug 17, 2003
Posts: 12482


PostPosted: Thu Mar 10, 2005 6:52 pm Reply with quoteBack to top

Webmail is a known issue.
There is only one solution, delete it. It isn't being supported anymore, and it is likely that your site will be hacked

_________________
Helping those that help themselves
Read FIRST or DIE!

"Fighting is terrible, but not as terrible as losing the will to fight."
Star Wars Rebellion Network - Need Help? Evaders Squadron Coding
Find all posts by Evaders99View user's profileSend private messageVisit poster's websiteAIM Address
Display posts from previous:      
Post new topic  Reply to topicprinter-friendly view
View previous topic Log in to check your private messages View next topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



Powered by phpBB © 2001, 2005 phpBB Group

Ported by Nuke Cops © 2003 www.nukecops.com
:: FI Theme :: PHP-Nuke theme by coldblooded (www.nukemods.com) ::
Powered by TOGETHER TEAM srl ITALY http://www.togetherteam.it - DONDELEO E-COMMERCE http://www.DonDeLeo.com - TUTTISU E-COMMERCE http://www.tuttisu.it
Web site engine's code is Copyright © 2002 by PHP-Nuke. All Rights Reserved. PHP-Nuke is Free Software released under the GNU/GPL license.
Page Generation: 0.052 Seconds - 393 pages served in past 5 minutes. Nuke Cops Founded by Paul Laudanski (Zhen-Xjell)
:: FI Theme :: PHP-Nuke theme by coldblooded (www.nukemods.com) ::