SitePoint Sponsor

User Tag List

Results 1 to 4 of 4
  1. #1
    SitePoint Addict dbr's Avatar
    Join Date
    Aug 2006
    Location
    Tucked away in the mountains...
    Posts
    228
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    curious phishing email from my own site

    I received an email supposedly from my websites technical support stating:
    We are informing you that because of the security upgrade of the mailing service your mailbox (my email address was here) settings were changed. In order to apply the new set of settings click on the following link:

    The link to click was from my site with a query string similar to this:

    http://mysite.com/bogusDirectory/anotherBogusDirectory/settings.php?email=myEmail.com&from=mySite.com&fromname=me

    I checked and the bogus directories don't exist. I also talked to my host's tech support and didn't get much useful info.

    It was from an email account called alert@mysite.com which doesn't exist to an email account I use regularly.

    Has anyone seen anything like this happen on any sites they manage? I didn't click the link. Anything else to be aware of? It seems like it won't be easy to get to the bottom of the matter.

    Thanks,

    Dave
    "Three components make an entrepreneur:
    the person, the idea, and the resources to make it happen."
    Anita Roddick ~British entrepreneur
    dbr founder of: ProximityCast.com

  2. #2
    SitePoint Wizard
    Join Date
    Mar 2008
    Posts
    1,149
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Try looking at the headers of the email to find the path that the email traveled.

  3. #3
    SitePoint Addict dbr's Avatar
    Join Date
    Aug 2006
    Location
    Tucked away in the mountains...
    Posts
    228
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Interesting. Looks like: listlessnesswfr@spacefrog.net. Don't know that I can do anything with that though. Thanks for the response.

    Message-ID: <000d01ca9073$7b59ec50$6400a8c0@listlessnesswfr>
    Return-Path: <listlessnesswfr@spacefrog.net>
    Delivered-To: me@1104445.1201995
    Received: (qmail 22148 invoked by uid 78);
    Received: from unknown (HELO cloudmark1) (10.49.16.78) by 0 with SMTP;
    Return-Path: <listlessnesswfr@spacefrog.net>
    Received: from [69.42.184.62] ([69.42.184.62:11841] helo=mail1.smhosp.on.ca) by cm-mr4 (envelope-from <listlessnesswfr@spacefrog.net>) (ecelerity 2.2.2.41 r(31179/31189)) with ESMTP id 97/A9-00355-3C8474B4; Fri, 08 Jan 2010 10:01:24 -0500
    MIME-Version: 1.0
    Content-Type: multipart/alternative; boundary="----=_NextPart_000_0007_01CA9073.7B59EC50"
    X-Priority: 3
    X-MSMail-Priority: Normal
    X-Mailer: Microsoft Outlook Express 6.00.2900.2180
    X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
    "Three components make an entrepreneur:
    the person, the idea, and the resources to make it happen."
    Anita Roddick ~British entrepreneur
    dbr founder of: ProximityCast.com

  4. #4
    Non-Member
    Join Date
    Oct 2009
    Posts
    1,852
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Does the IP address 69.42.184.62 has any relation to your sites? (I suppose not, but just in case).
    I'd click (ith some safe browser) or rather check with telnet this link anyway - there can be some rewrite rules.
    But luuks like some unfinished code injection.
    I'd check running processes, web logs, mail logs anyway


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •