You are missing our premiere tool bar navigation system! Register and use it for FREE!

NukeCops  
•  Home •  Downloads •  Gallery •  Your Account •  Forums • 
Readme First
- Readme First! -

Read and follow the rules, otherwise your posts will be closed
Modules
· Home
· FAQ
· Buy a Theme
· Advertising
· AvantGo
· Bookmarks
· Columbia
· Community
· Donations
· Downloads
· Feedback
· Forums
· PHP-Nuke HOWTO
· Private Messages
· Search
· Statistics
· Stories Archive
· Submit News
· Surveys
· Theme Gallery
· Top
· Topics
· Your Account
Who's Online
There are currently, 286 guest(s) and 0 member(s) that are online.

You are Anonymous user. You can register for free by clicking here
Nuke Cops :: View topic - Spammer Uses Sites WebMail. [ ]
 Forum FAQ  •  Search  •   •  Memberlist  •  Usergroups   •  Register  •  Profile •    •  Log in to check your private messages  •  Log in

 
Post new topic  Reply to topicprinter-friendly view
View previous topic Log in to check your private messages View next topic
Author Message
Mommy_Deanne
Nuke Soldier
Nuke Soldier


Joined: Oct 21, 2004
Posts: 19

Location: Arizona

PostPosted: Tue Nov 30, 2004 7:57 am Reply with quoteBack to top

This is a heads up! Beware of this Spammer! He has increased our member numbers dramatically by creating new member names.

LottoCoordinator, Gold Stike Lotto,Lottery Manager are just a few names this Spammer uses to access PHP accounts. He's been using the WebMail Module to Spam the heck out of people. We finally caught on and put a stop to his business on our site. Apparently he has been blacklisted numerous times.

Here is a copy of the letter he sends out from your WebMail:
It's absolutely crazy on the amount of mail he sent out using our site.

International Promotions/Prize Award Department


Dear Winner,

RESULTS FOR CATEGORY "A" DRAWS

Congratulations to you as we bring to your notice, the
results of the First Category draws of LUCKY STRIKE
LOTTERY UK. We are happy to inform you that you have
emerged a winner under the First Category, which is
part of our promotional draws. The draws were held on
the day prior to your notification and results are
being officially announced . Participants were
selected through a computer ballot system drawn from
2,500,000names/email addresses of individuals and
companies from Africa, America, Asia, Australia,
Europe, Middle East, and Oceania as part of our
International Promotions Program.

You/Your company, attached to ticket number
6422-5-486, with serial number 59-18 drew the lucky
numbers 33-92-78-05 (1 and consequently won in the
First Category.

You have therefore been awarded a lump sum pay out of
£6,500,000 (Six million, five hundred thousand Great
Britain Pounds), which is the winning payout for
Category A winners. This is from the total prize money
of £13,000,000 shared among the 2 winners in this
category.

CONGRATULATIONS!

Your fund is now deposited with our transfer agents
CASH CHANGE UK LTD and insured in your name. In your
best interest and also to avoid mix up of numbers and
names of any kind, we request that you keep the entire
details of your award strictly from public notice
until the process of transferring your claims has been
completed, and your funds remitted to your account.
This is part of our security protocol to avoid double
claiming or unscrupulous acts by participants/non
participants of this program.

We also wish to bring to your notice our end of year
premium stakes draw where you stand a chance of
winning up to £50 million; we hope that with a part of
your prize you will participate.

Please contact your claims agent immediately for due
processing and remittance of your prize money to a
designated account of your choice:

Mr. Andrew Young,
Foreign Department Manager,
Cash Change UK Ltd
Foreign Service Number: + 88216 4665 5376
Tel: +44 2070600695
FAX: +44 2079002649
EMAIL:finan_direct1@cashchangelimiteduk.org

You are advised to contact our agents by both email and
fax within a week of receiving this notice. Failure to
do so may warrant Disqualification.

NOTE: For easy reference and identification, find
below your reference and Batch numbers. Remember to
quote these numbers in every one of your
correspondences with your claims agent.

REFERENCE NUMBER: LSLUK/2031/8161/04
BATCH NUMBER: R3/A312-59

Congratulations once again from all our staff and
thank you for being part of our promotions program.


Sincerely,


THE LOTTERY COORDINATOR,
LUCKY STRIKE LOTTERY UK
12 BRIDGE STREET,
STAINES MIDDLESEX TW18 4TP UK


N.B: Any breach of confidentiality on the part of the
winners will result to disqualification. Please Contact your
Claims agent immediately.
Find all posts by Mommy_DeanneView user's profileSend private messageVisit poster's website
UndergroundHydro
Lieutenant
Lieutenant


Joined: Nov 08, 2004
Posts: 199

Location: London, England

PostPosted: Tue Nov 30, 2004 10:24 am Reply with quoteBack to top

Staines is not too far from me, might poke my head in, if there's anyone there, they gonna be loosing all there windows shortly.

_________________
[url=http://grooveclubradio.com]
Image
[/url]
Find all posts by UndergroundHydroView user's profileSend private messageVisit poster's website
Mommy_Deanne
Nuke Soldier
Nuke Soldier


Joined: Oct 21, 2004
Posts: 19

Location: Arizona

PostPosted: Tue Nov 30, 2004 10:40 am Reply with quoteBack to top

Well well well!! Thanks to the spammer we were suspended! Very nice!! Totally uncool!
Find all posts by Mommy_DeanneView user's profileSend private messageVisit poster's website
UndergroundHydro
Lieutenant
Lieutenant


Joined: Nov 08, 2004
Posts: 199

Location: London, England

PostPosted: Tue Nov 30, 2004 11:15 am Reply with quoteBack to top

lol, wasn't with SurfSpeedy was it ???

I only say because i've been getting server overload on the server my site is on, and got told tonight that they've terminated someones account that was causing the overload.

_________________
[url=http://grooveclubradio.com]
Image
[/url]
Find all posts by UndergroundHydroView user's profileSend private messageVisit poster's website
Prophet
Captain
Captain


Joined: Mar 14, 2004
Posts: 422

Location: Florida, USA, Earth, Space

PostPosted: Tue Nov 30, 2004 11:29 am Reply with quoteBack to top

Spammers also use the Recommend Us module because the sender email address is open for editing.

I made a simple Refer A Friend module that does not allow the member to edit the sender mail address.

It is available in the downloads section at my site.

_________________
- Prophet
Get the Last Visit module (and others modules I designed) from my website! FREE! http://jasonlau.biz

http://DotCom.Name

Last edited by Prophet on Tue Nov 30, 2004 12:12 pm; edited 1 time in total
Find all posts by ProphetView user's profileSend private messageVisit poster's websiteAIM Address
Prophet
Captain
Captain


Joined: Mar 14, 2004
Posts: 422

Location: Florida, USA, Earth, Space

PostPosted: Tue Nov 30, 2004 11:47 am Reply with quoteBack to top

I have the IP addresses of some of your Lottery spammers. 81.199.84.12 and 82.206.150.211
I ran a search through my database using ...

Code:
SQL-query:
SELECT `username`
FROM `nuke_users`
WHERE `username` REGEXP 'Lotto'
LIMIT 0 , 30


Result for 'Lotto':
Username: lottocordinator
User email: smartballlotto@yahoo.com
User IP: 81.199.84.12

Result for 'lot':
Username: lottcoord
User email: lottcoord@yahoo.co.uk
User IP: 82.206.150.211


Use the sql above to help locate them and block their IPs.
Change the REGEXP value to lottery, game, lotto, smartball or anything else that the spammer may use as an alias.
Nuke that bastard!

_________________
- Prophet
Get the Last Visit module (and others modules I designed) from my website! FREE! http://jasonlau.biz

http://DotCom.Name

Last edited by Prophet on Tue Nov 30, 2004 12:18 pm; edited 1 time in total
Find all posts by ProphetView user's profileSend private messageVisit poster's websiteAIM Address
Prophet
Captain
Captain


Joined: Mar 14, 2004
Posts: 422

Location: Florida, USA, Earth, Space

PostPosted: Tue Nov 30, 2004 11:57 am Reply with quoteBack to top

IP Whois Results: 81.199.84.12


inetnum: 81.199.84.0 - 81.199.87.255
netname: CIDR-COMMUNICATION-01
descr: Internet service provider
country: NG
admin-c: TECH7-RIPE
tech-c: TECH7-RIPE
status: ASSIGNED PA
notify: lir@ipplanet.net
mnt-by: AS12491-MNT
changed: lir@ipplanet.net 20040902
source: RIPE

person: Tech Supernet300
address: 21 Mobolaji Bank
address: Anthony Way Ikeja
address: Lagos
address: Nigeria
phone: + 234 1 4976493
e-mail: admin@supernet300.com
nic-hdl: TECH7-RIPE
changed: lir@ipplanet.net 20040902
source: RIPE

_________________
- Prophet
Get the Last Visit module (and others modules I designed) from my website! FREE! http://jasonlau.biz

http://DotCom.Name
Find all posts by ProphetView user's profileSend private messageVisit poster's websiteAIM Address
UndergroundHydro
Lieutenant
Lieutenant


Joined: Nov 08, 2004
Posts: 199

Location: London, England

PostPosted: Tue Nov 30, 2004 12:03 pm Reply with quoteBack to top

And the telephone number has a redirect on it, most likely premium rate to nigeria, have emailed British Telecom to advise of possible scam (not sure though that number is actually BT's)

_________________
[url=http://grooveclubradio.com]
Image
[/url]
Find all posts by UndergroundHydroView user's profileSend private messageVisit poster's website
Prophet
Captain
Captain


Joined: Mar 14, 2004
Posts: 422

Location: Florida, USA, Earth, Space

PostPosted: Tue Nov 30, 2004 12:23 pm Reply with quoteBack to top

IP Whois Results: 82.206.150.211 (LOTTERY SPAMMER 2)

inetnum: 82.206.128.0 - 82.206.255.255
org: ORG-IA67-RIPE
netname: Uk-INTELSAT-20031126
descr: PROVIDER Local Registry
descr: Intelsat
country: GB
admin-c: IRA4-RIPE
tech-c: IRTC1-RIPE
tech-c: CQ37-RIPE
tech-c: AT1875-RIPE
status: ALLOCATED PA
mnt-by: RIPE-NCC-HM-MNT
mnt-lower: AS22351-MNT
mnt-routes: AS22351-MNT
notify: noc@intelsat.com
changed: hostmaster@ripe.net 20031126
changed: hostmaster@ripe.net 20040608
source: RIPE

organisation: ORG-IA67-RIPE
org-name: Intelsat
org-type: LIR
address: Intelsat
address: Chiswick Park, Building 3
address: 566 Chiswick High Road
address: London
address: W45YA
address: United Kingdom
phone: +44 208 899 6035
phone: +1 202 944 6792
phone: +1 202 944 6958
fax-no: +1 202 944 6955
e-mail: augustin.traore@intelsat.com
e-mail: chuan.qin@intelsat.com
admin-c: AT1875-RIPE
admin-c: IRA4-RIPE
admin-c: IRTC1-RIPE
admin-c: CQ37-RIPE
mnt-ref: AS22351-MNT
mnt-ref: RIPE-NCC-HM-MNT
mnt-by: RIPE-NCC-HM-MNT
changed: hostmaster@ripe.net 20040415
source: RIPE

role: Intelsat Ripe Admin
address: Intelsat Global Service Corporation
address: 3400 International Drive, NW
address: Washington, DC
address: 20008
address: USA
e-mail: noc@intelsat.com
e-mail: bgp@Intelsat.com
admin-c: AT1875-RIPE
tech-c: CQ37-RIPE
nic-hdl: IRA4-RIPE
remarks:
remarks: *************************************************************
remarks: * *
remarks: * This is a generic ROLE object for an Intelsat Admin *
remarks: * Contact person for RIPE matters. Inquiries about RIPE *
remarks: * issues should be directed to the NOC or BGP email-boxes, *
remarks: * which will forward them appropriately. For operational *
remarks: * issues, send an Email or call the Intelsat NOC at: *
remarks: * *
remarks: * noc@intelsat.com *
remarks: * +1 202 944 6792 *
remarks: * *
remarks: * For BGP related issues, send an email to: *
remarks: * *
remarks: * bgp@intelsat.com *
remarks: * *
remarks: * For issues of network abuse, including spam, please send *
remarks: * email to Intelsat at: *
remarks: * *
remarks: * abuse@intelsat.com *
remarks: * *
remarks: *************************************************************
remarks:
notify: Augustin.Traore@Intelsat.com
notify: chuan.qin@intelsat.com
changed: Daniel.Campbell@Intelsat.com 20021216
changed: tac.ops@intelsat.com 20031023
source: RIPE

role: Intelsat RIPE Technical Contact
address: Intelsat Global Service Corporation
address: 3400 International Drive, NW
address: Washington, DC
address: 20008
address: USA
e-mail: abuse@intelsat.com
e-mail: noc@intelsat.com
e-mail: bgp@Intelsat.com
e-mail: Chuan.Qin@Intelsat.com
e-mail: Augustin.Traore@Intelsat.com
admin-c: IRA4-RIPE
tech-c: CQ37-RIPE
nic-hdl: IRTC1-RIPE
remarks:
remarks: *************************************************************
remarks: * *
remarks: * This is a generic ROLE object for an Intelsat Technical *
remarks: * Contact person for RIPE matters. Inquiries about RIPE *
remarks: * issues should be directed to the NOC or BGP email-boxes, *
remarks: * which will forward them appropriately. For operational *
remarks: * issues, send an Email or call the Intelsat NOC at: *
remarks: * *
remarks: * noc@intelsat.com *
remarks: * +1 202 944 6792 *
remarks: * *
remarks: * For BGP related issues, send an email to: *
remarks: * *
remarks: * bgp@intelsat.com *
remarks: * *
remarks: * For issues of network abuse, including spam, please send *
remarks: * email to Intelsat at: *
remarks: * *
remarks: * abuse@intelsat.com *
remarks: * *
remarks: *************************************************************
remarks:
notify: Augustin.Traore@Intelsat.com
notify: chuan.qin@intelsat.com
changed: Daniel.Campbell@Intelsat.com 20021216
changed: tac.ops@intelsat.com 20040116
source: RIPE

person: Chuan Qin
address: Intelsat
address: 3400 International Drive, NW
address: Washington, DC
address: 20008
address: USA
phone: +1 202 944 8530
nic-hdl: CQ37-RIPE
e-mail: Chuan.Qin@Intelsat.com
changed: TAC.OPS@Intelsat.com 20031126
source: RIPE

person: Augustin Traore
address: 3400 International Drive NW,
Washington DC 20008-3006
phone: +703-944-7033
e-mail: augustin.traore@intelsat.com
nic-hdl: AT1875-RIPE
mnt-by: AS22351-MNT
changed: TAC.OPS@Intelsat.com 20031126
source: RIPE

_________________
- Prophet
Get the Last Visit module (and others modules I designed) from my website! FREE! http://jasonlau.biz

http://DotCom.Name
Find all posts by ProphetView user's profileSend private messageVisit poster's websiteAIM Address
Mommy_Deanne
Nuke Soldier
Nuke Soldier


Joined: Oct 21, 2004
Posts: 19

Location: Arizona

PostPosted: Tue Nov 30, 2004 12:29 pm Reply with quoteBack to top

Well, we are working on getting the account up again. In the meantime, thanks guys for checking into that for us. Glad to finally get him out of our site. Even tho it took a drastic turn.
Find all posts by Mommy_DeanneView user's profileSend private messageVisit poster's website
Prophet
Captain
Captain


Joined: Mar 14, 2004
Posts: 422

Location: Florida, USA, Earth, Space

PostPosted: Tue Nov 30, 2004 1:08 pm Reply with quoteBack to top

One sure way to reduce this problem is to disallow the use of free email services when members register.
Most commonly people use free email services to do dirty deeds.
Forcing the use of paid services reduces that "oh so anonymous" feeling that people with malicious intentions get when they can change email addresses more often than they change underpants.
How can you do this? Very easy!

Open modules/Your_Account/index.php
There are 2 places you will need to edit.

One is located in the finishNewUser() function, and the other is in the saveuser() function,

Exactly after this line
Code:
$user_email = check_html($user_email, nohtml);
(line 353 and line 3519 in version 7.6).

Insert the following code
Code:
   //
   // FREE EMAIL BLOCKER
   // add any email to block to the badmail array below.
   //
    $badmail = array('yahoo', 'mail.com', 'hotmail', 'freemail', 'mailinator');
   foreach($badmail as $freemail){
    if (eregi($freemail, $user_email)) {
   die("<META HTTP-EQUIV=\"refresh\" content=\"2;URL=modules.php?name=Your_Account\">You cannot use Free email services here!"); }}
   //
   // END EMAIL BLOCK
   ///

Edit the $badmail array, adding as many blocks as you want.
This will prevent the new user from using email domains that you have listed. Existing members cannot later change to the blocked email after registration either.

Hope this helps!

_________________
- Prophet
Get the Last Visit module (and others modules I designed) from my website! FREE! http://jasonlau.biz

http://DotCom.Name

Last edited by Prophet on Tue Nov 30, 2004 1:49 pm; edited 3 times in total
Find all posts by ProphetView user's profileSend private messageVisit poster's websiteAIM Address
Prophet
Captain
Captain


Joined: Mar 14, 2004
Posts: 422

Location: Florida, USA, Earth, Space

PostPosted: Tue Nov 30, 2004 1:12 pm Reply with quoteBack to top

How about if everyone adds to the free email services list.
If you can think of a free email service that should be added to the $badmail array, post it.

$badmail = array('yahoo', 'mail.com', 'hotmail', 'freemail', 'mailinator');

_________________
- Prophet
Get the Last Visit module (and others modules I designed) from my website! FREE! http://jasonlau.biz

http://DotCom.Name

Last edited by Prophet on Tue Nov 30, 2004 1:50 pm; edited 1 time in total
Find all posts by ProphetView user's profileSend private messageVisit poster's websiteAIM Address
Mommy_Deanne
Nuke Soldier
Nuke Soldier


Joined: Oct 21, 2004
Posts: 19

Location: Arizona

PostPosted: Tue Nov 30, 2004 1:30 pm Reply with quoteBack to top

eChina is one he used too.
Still trying to get this bad boy back up. Going to my happy place.....
Find all posts by Mommy_DeanneView user's profileSend private messageVisit poster's website
Prophet
Captain
Captain


Joined: Mar 14, 2004
Posts: 422

Location: Florida, USA, Earth, Space

PostPosted: Tue Nov 30, 2004 1:44 pm Reply with quoteBack to top

You can personalize your error message like this
Code:
//
   // FREE EMAIL BLOCKER
   // add any email to the badmail array below
   //
    $badmail = array('yahoo', 'mail.com', 'hotmail', 'freemail', 'mailinator');
   foreach($badmail as $freemail){
    if (eregi($freemail, $user_email)) {
                //
                // personalize the message below
                //
   die("<META HTTP-EQUIV=\"refresh\" content=\"2;URL=modules.php?name=Your_Account\"><body bgcolor=\"orange\" text=\"black\" link=\"blue\" vlink=\"blue\" alink=\"red\" topmargin=\"0\" leftmargin=\"0\" background=\"\" bgproperties=\"fixed\"><br><br><br><br><center><h3><img src=\"images/logo.gif\"><br>Please do not use Free email services to register!</h3></center></body>"); }}
   //
   // END EMAIL BLOCK
   ///

_________________
- Prophet
Get the Last Visit module (and others modules I designed) from my website! FREE! http://jasonlau.biz

http://DotCom.Name
Find all posts by ProphetView user's profileSend private messageVisit poster's websiteAIM Address
Prophet
Captain
Captain


Joined: Mar 14, 2004
Posts: 422

Location: Florida, USA, Earth, Space

PostPosted: Tue Nov 30, 2004 2:01 pm Reply with quoteBack to top

If you want to manage only one list of bad emails -

insert this in line 2 of the Your_Account/index.php file

Code:
// add any email to the badmail array below
$badmail = array('yahoo', 'mail.com', 'hotmail', 'freemail', 'mailinator');


Then replace the word global, located in each of the 2 functions I previously mentioned, with the following

Code:
global $badmail,


and insert this code as I stated before.

Code:
//
   // FREE EMAIL BLOCKER
       foreach($badmail as $freemail){
    if (eregi($freemail, $user_email)) {
                //
                // personalize the message below
                //
   die("<META HTTP-EQUIV=\"refresh\" content=\"2;URL=modules.php?name=Your_Account\"><body bgcolor=\"orange\" text=\"black\" link=\"blue\" vlink=\"blue\" alink=\"red\" topmargin=\"0\" leftmargin=\"0\" background=\"\" bgproperties=\"fixed\"><br><br><br><br><center><h3><img src=\"images/logo.gif\"><br>Please do not use Free email services to register!</h3></center></body>"); }}
   //
   // END EMAIL BLOCK
   ///


This way you dont have to duplicate the list each time you add to it.

_________________
- Prophet
Get the Last Visit module (and others modules I designed) from my website! FREE! http://jasonlau.biz

http://DotCom.Name
Find all posts by ProphetView user's profileSend private messageVisit poster's websiteAIM Address
Display posts from previous:      
Post new topic  Reply to topicprinter-friendly view
View previous topic Log in to check your private messages View next topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



Powered by phpBB © 2001, 2005 phpBB Group

Ported by Nuke Cops © 2003 www.nukecops.com
:: FI Theme :: PHP-Nuke theme by coldblooded (www.nukemods.com) ::
Powered by TOGETHER TEAM srl ITALY http://www.togetherteam.it - DONDELEO E-COMMERCE http://www.DonDeLeo.com - TUTTISU E-COMMERCE http://www.tuttisu.it
Web site engine's code is Copyright © 2002 by PHP-Nuke. All Rights Reserved. PHP-Nuke is Free Software released under the GNU/GPL license.
Page Generation: 0.346 Seconds - 312 pages served in past 5 minutes. Nuke Cops Founded by Paul Laudanski (Zhen-Xjell)
:: FI Theme :: PHP-Nuke theme by coldblooded (www.nukemods.com) ::