Jump to content

Minidisc Forums Hacked


Recommended Posts

Hi,

When I sign up for a website, I put my email address as website name @ my domain.com - i've been doing this for years because I have a catchall address (means anything sent to my domain comes to me) and it lets me track where spammer's get my email address (and also lets me block them by blocking that particular To: address).

So when I received some spam address to minidiscforums I was abit annoyed; I always set my preferences to "Hide my other email address from other members".

Here's the spam I received by the way:

From:     Tdpitus <king@catlover.com>
To:     minidiscforums@ (my email address)
Subject:     re:your resume
Date:     Thu, 20 Jul 2006 01:29:46 +0800  (Wed, 18:29 BST)


Hello. 
edict salad chief fool ([i]this line was written in white to trick spam blockers)[/i]
We have found your resume on Job web site, and would like to offer you vacancy in our company. 
If you interests, more detailed information you can receive on ours web 
site: [url=http://www.****.us/]http://www.****.us/[/url] ( please send us email for more information ) 
vacancy-Miller@1chuan.com 
nab lace inept mba [i](this line was written in white to trick spam blockers)[/i]
We look forward to your reply. 
errand bids flown choir [i](this line was written in white to trick spam blockers)[/i]
Thank you. 
Best regards, 
Miller & Morgans inc.
My comments in italics. I've received other spam too, probably about 10 different ones all addressed to minidiscforums @ my domain.com So if my details were hidden, either Minidisc forums are selling our details (very unlikely), or there's a security hole in Invision Power Board (which this forum runs on), or most likely, when this site was hacked into a little while ago all our details were stolen, and subsequrntly sold on / distributed. Other repurcussions are that alot of us probably use the same logon and password at multiple sites; you might want to change your passwords (unless Invision encrypts that data securely? - perhaps a Forum Admin could answer that). Thanks for reading, I'm not blaming Minidisc forums btw, I'm just making you aware of this as yet unknown repercussion of the break-in's (and I hope Invision does encrypt login details!). EDIT 20/07: I got some more spam, so I'm back to see what I can do about it. I just did a WHOIS lookup at Register.com against each of the domain's I've received spam from. They're all registered to Gerald Gorman (gerald.gorman@att.net, tel 9086960929, maybe he's the guy who hacked into the forums? Check for yourself, here's all the domain's I've had spam from: Catlover.com Representative.com Tokyo.com Actually the last one is owned by Ultimate Email.com, a webmail provider. It asked me to give 1-206-338-3737 a call and ask for Joshua Otero: Mom-Mail.com Here's the email:
From:     Joshua Otero <jtsxr7@mom-mail.com>
To:     minidiscforums <minidiscforums@my domain.com>
Subject:     outermost message from Joshua Otero
Date:     Wed, 12 Jul 2006 22:15:08 +0000 (EDT)  (23:15 BST)


Hi, surname

University Diplomas
No required tests, classes, books, or interviews.
Please call:
1-206-338-3737

indwell bison refection travail implicate larkspur coulomb anamorphic shanghai forbade 
dim tart, supposition adjudicate iv bergson wavelet metabolic quetzal busch convince ronald 
airborne deportation .trifle bandy creosote hurty paterson superfluous expectorate bygone whish 
bandstop! atmosphere homeomorph. monologist dormitory infinitum gymnasium ode ransack. elisha kochab remus scream.

Your Joshua

I'm going to try and find out more about this Gerald guy... well I just noticed the domains are full of random adverts, all in the same style, looks like this is deffinetely the guy spamming me.

OK I'm gonna see if I can track him down... well he's incorporated in New Jersey as NJ Domains inc, supposedly. I'm not American though so Google's not showing me search results relevant to American's like what I need. OK I'll use Yahoo, that's dumb enough to give me results that'd normally be useless to me...

OK I couldn't find the American equivalent of Companies House (http://www.companieshouse.gov.uk/) but I did find a department to ask, hopefully they'll get back to me with some useful info.

There's laws in the US against spamming, I'm quite certain I could sue Gerald.

Well, he sure owns a lot of domain names!:

http://www.google.co.uk/search?hl=en&q...earch&meta=

That's a line off the site (that's duplicated on each of his domains) so I'm sure a WHOIS on any of them would turn up Gerald Gorman.

EDIT: Looks like Gerald Gorman is the name all the addresses relating to Mail.com are registered to, so maybe he's not the culprit.

Damn.

Found him! According to various sites, this is the work of one Robert Soloway, so reknowned a spammer there's a Wiki page about him (probably because Microsoft sued him successfully for spamming hotmail users!), here: http://en.wikipedia.org/wiki/Robert_Soloway

Well, looks like he's a bit out of my league if he's that well-known.

Nonetheless, perhaps this could help law-enforcement prove he buys email addresses for the purpose of sending unsolicited email.

<B>EDIT: 4AM</B>

Don't worry, I'm usually up til 6 (and then I wake up at 10; who needs sleep :P).

Anyway, I've just posted over at SpamCop's forums on the legal side of this, here. :angry::angry:

Edited by Thewyzewun
Link to comment
Share on other sites

indeed, just got the same crap as well... still, his lines to fool spam-checkers didn't fool mine :P

I'd love to see someone coming down hard on idiots like this Robert Soloway... what's his problem? Mommy didn't cuddle him enough when he was young? repressed sexuality? didn't have any friends?... I guess this is still a bit beter than the 'shopping mall + automatic gun" option, but this still is the very annoying work of a socially disabled money-hogging excuse for a human being IMHO

sorry for that bit of dark proze there, but I really hate spammers :lol:

Link to comment
Share on other sites

[sparly191]Got that spam too. Unusual for me to get it too. Time to change emails again.. sigh.[/sparky191]

Hi,

I'd recommend you do what I do; buy a domain name and setup a catchall address (very simple) then when registering at sites give them from.sitename@yourdomain.com, it makes them really easy to block (assuming you're using Thunderbird on Windows, or Evolution/Thunderbird on Linux).

If you want to carry on receiving email from all your friends at your other address, as long as it's an IMAP or POP3 account you should be able to redirect it to your new address, and Evolution can do scanning before it downloads emails fully (not quite sure how), I'd recommend setting it to accept emails addressed from: anyone on your safelist i.e. your friends and the newsletters you actually want.

I haven't changed my email address for about 5 years now, so whenever I do get some spam (not very often) I have time to find out who's sending it to me and how they got my address!

In fact I received compensation from Halifax Business Banking after they put me on a CC: list, and I subsequently got that awful Viagra spam! so it's deffinetely good knowing where every email should have come from!

Link to comment
Share on other sites

I've a few email accounts some on domains I own etc. However usually I use a web account like gmail for my forum subs. I find Gmail filters mosts spam. I only see maybe one spam a month in Gmail. Everything else gets caught. Its just unusual to see it get through as it did in this case. I prefer using a web client at work, and my hosting companies, web email client I don't like. Besides mail via a domain is easily traced to the domains registered address. Sometimes you don't want such an easy link.

Link to comment
Share on other sites

Yeah I was curious about passwords too, so I checked out Invision's site and found this:

Critical Security Flaw

It's been fixed now, but it "may allow moderators to moderate forums that they do not have permission to moderate.".

I'm not sure what power's mods have - sure they can view our email addresses, that's expected, but I'm not sure if they can view our passwords (hopefully not).

Any mod could answer this probably.

Not sure if the bit about moderating other forums means they can moderate any forum on the net running Invision Power Board, or just different sections of the same forum :S.

EDIT: And I'm not blaming this site btw!!

Edited by Thewyzewun
Link to comment
Share on other sites

Mods here can moderate all forums on the board so that is not really relevant. That would only be applicable to somone who is designated a leader of a sub-forum being able moderate other forums on the MDCF board. Not other IPB sites.

As far as I know I don't think mods / admins can view a users password only change it? But Chris will be able to confirm this. The leak of email addresses could well be linked to the time before last the site got hacked and the hacker made themselves a site admin (not just a moderator) and so possbily got hold of the email addresses that way.

I believe we did advise at the time to change any passwords just to be on the safe side even if we were fairly sure none were wrongfully leaked. It would be good practice to periodically change your password for the site I think in addition to following the usual best practices in keeping your machine free of spyware / viruses.

Link to comment
Share on other sites

As far as I know I don't think mods / admins can view a users password only change it? But Chris will be able to confirm this. The leak of email addresses could well be linked to the time before last the site got hacked and the hacker made themselves a site admin (not just a moderator) and so possbily got hold of the email addresses that way.

that's the way it is.

i too have had the spam btw.

Link to comment
Share on other sites

I've had about 25 of these spam messages lately (the email address I signed up here with) no other ones...

The only way they could have got my email address is via the hacking attempt...

I keep my email under encoded email links or hidden in messageboards...

Edited by danielbb90
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...