Just recieved this email

Yes, it's been sold

 

He's already illegally sent an email that I'm not interested in. He can collect emails wherever he want unless they don't get any messages from him or from any 3rd parties he sold it to. But that will make his list useless.

By the way, everyone is saying that you haven't ticked a 'hide my email' box, etc when we register. I can say that I chose to hide it. So it's either someone from DP sold it or he hacked the db.

 

OK,

Have not been around for ages.

When I registered here a year or two ago, I used a unique and specific email address which was linked to this forum.

This technique allows me to track spam. When we registered our interest last year for a rent-a-car with Avis, that email address was spammed shortly after.

Anyway, now I am receiving spam from someone named Mike S. to the email address used for these forums. I thought it was being kept private by your forum database admins.

Contents of email

It is therefore obvious that someone has got their hands on your database and farmed the email addresses from it.

Pkease explain how this could have happened.

 

1) did you sumbit your site to those directories?
2) did someone else submit your site to those directories using your DP address, accidentally or intentionally?

there has beeen other threads about email addresses being spammed, and shawn has taken some steps.

 

First post:

Never seen those directories.

If I did submit to those directories, I would have used an email address specific to them to see if they were selling my email address.

No, the technique I use allows me to trace who gave away my email address, and in this case, it is Digital Point.

Second post:

Never display my email address on forums.

Guys, I have had no problems with Digital Point managing my email address up until today. So scraping would have delivered similar problems for a long time, as my initial posts are a year or two old.

It only started today, like 1 hour ago. I always hide my email address, so that is not a valid reason in this case.

As of today, I have started receiving spam to the exact and only email address we had used to register our account for Digital Point.

The privacy of my personal information has been compromised because someone has got their hands on the database.

 

Well I got this spam too from someone saying they hacked into DP database or something and are reselling email addresses. Bunch of dipshits.. good thing I use alias addresses from sneakemail.. now I can just change it.. but if it was my main email address I would be seriously pissed! grrr.

 

in case your doubting this guy is a spammer

http://www.google.com/search?q=bohemlife@yahoo&hl=en&lr=&rls=GGLD,GGLD:2005-19,GGLD:en&filter=0


find him on this forum here
http://www.google.com/search?hl=en&lr=&rls=GGLD,GGLD:2005-19,GGLD:en&q=bohemlife(at)yahoo

 

Pete I already posted his username here in my very first post.

and I think everyone knows he is a spammer already

 

oh.. must of missed it..

pete

 

hehe no worries. we both started threads about this minutes apart, and someone merged them into one thread. My original post is the second one in the merged thread now.

 

Hello,
I got today this mail:
http://img401.imageshack.us/img401/6444/spamln1.jpg

Mailing for DP members :|
Someone can explain it ?

 

does the thread not discuss your very question

 

I'm sorry!
See, I should never watch playoff football and post at the same time!!

 

Hi,

I am lurker to DP (not posted except for this 1st post), but I have recently noticed a very large influx of unsolicited commercial mail being sent to my email address assigned for usage by Digital Point and its services (forum and tools).

I am sure Shawn isn't selling the member's email addresses, but there has to be certainly one or more methods open to abuse which may leak private information about an DP user.

I logged into my DP forum account and browsed the various 'User control panel' options and saw no obvious settings which may have given out my email address. The only option which I see that could allow a leak was 'Allow vCard Download' option under http://forums.digitalpoint.com/profile.php?do=editoptions, but this was unchecked for my account.

Looking toward the various tools provided by DP, I noticed the following output email addresses:
http://www.digitalpoint.com/tools/keywords/?action=password
http://www.digitalpoint.com/tools/ad-network/?action=password

When the 'Username' radio button is selected and a valid username is entered, the following message is returned: Your login info has been sent to email-alias@example.com.

With this in mind, pair the DP forum's member-list (http://forums.digitalpoint.com/members.php) and you can see how a malicious/spammer automate the scraping of email addresses of registered DP members for profit.

I have noticed other people have addressed this issue before on this forum, but they were shrugged off initially, such as http://forums.digitalpoint.com/showthread.php?p=2004205 and http://forums.digitalpoint.com/showthread.php?p=2018947.

Shawn addressed an existing issue with vBulletin whereby http://forums.digitalpoint.com/sendmessage.php?do=mailmember&u=N leaked an user's email address.

I believe a combination of vBulletin and the 'Forgot password' tools written by Shawn let spammers get access to a rich pool of members who are focused on various Web related niches, including my email address :-(

A brief check of mail received (samples provided at end of post) to my DP account revealed some commonalities:

Majority of the mail was being sent from a few ADSL connections specifically in Turkey and one from Israel, the IPs were (the checks were done via dig -x ip @whois.ripe.net):

84.94.13.161
85.101.255.225
85.101.99.149
85.103.38.224
88.233.127.184
88.233.23.216
88.234.18.86

The mail transfer agent used to deliver the mail from the Turkish IPs seemed to state 'ommo.net' for all connections as its client name. A brief check on Google suggests this is a spam tool's default string.

In the Israeli connection, 84.94.13.161 spoke to a mail server maintained by a respectable ISP, netvision.net.il. This ISP's server was given the client name of 'PROS1', this is very likely a legitimate machine name given by the spammer to his PC hardware (Windows 'Computer name' value).

If anyone else has received spam to their DP account, please post a copy of your email headers (you may wish to filter some data for your privacy), Shawn may be able to use this information to locate common IPs which connected to the Web server maintaining forums.digitalpoint.com and locate additional information about the spammer who took DP member email addresses.

I hope this information helps, I really want Shawn to address these issues as it is annoying to receive spam to what should be otherwise private email addresses which have our daily attention spans.

Kind regards,
Zeeshan

--
New Frontier Web Solutions
http://www.nfwebsolutions.com/


NOTE: I have modified my email address for DP tools to 'temporarily-modified@byzeeshan.example.com' until Shawn can rectify this situation, you may also wish to temporarily modify your email address as this forum thread may alert additional malicious users how to mine email-address data.


-- START SAMPLE EMAILS --

Delivery-date: Sun, 24 Dec 2006 23:09:56 +0000
Received: from [85.101.99.149] (helo=ommo.net)
	  by 81-[SNIPPED]-33.mail-route.nfwebsolutions.com with smtp ([SNIPPED]) id 1GycTU-0005oF-6R 
	  for [SNIPPED]; Sun, 24 Dec 2006 23:09:49 +0000
From: "Meg" <bohemlife@gmail.com>
Reply-To: bohemlife@yahoo.com
To: [SNIPPED]
Date: Mon, 25 Dec 2006 01:09:47 +0200
Subject: For webmasters ( Super Adult Package ) !!! ATTENTION
X-Priority: 1
X-Mailer: Microsoft Outlook Express 5.00.2919.7000
MIME-Version: 1.0
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
[BODY SNIPPED]

--
Delivery-date: Tue, 26 Dec 2006 22:03:39 +0000
Received: from [88.234.18.86] (helo=ommo.net)
	  by by 81-[SNIPPED]-30.mail-route.nfwebsolutions.com with with smtp ([SNIPPED]) id 1GzKM8-0005xw-Ba 
	  for [SNIPPED]; Tue, 26 Dec 2006 22:01:11 +0000
From: "webmaster" <coders@aol.com>
Reply-To: coders2007@yahoo.com
To: [SNIPPED]
Date: Wed, 27 Dec 2006 00:01:07 +0200
Subject: WEBMASTERS !!! THE BEST DEAL FOR YOU ! SUPER SCRIPTS AND E-MAIL LISTS !
X-Priority: 1
X-Mailer: Microsoft Outlook Express 5.00.2919.7000
MIME-Version: 1.0
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
[BODY SNIPPED]

--
Delivery-date: Sun, 31 Dec 2006 01:40:34 +0000
Received: from [85.101.255.225] (helo=ommo.net)
	  by 81-[SNIPPED]-33.mail-route.nfwebsolutions.com with smtp ([SNIPPED]) id 1H0pcy-0007bT-Hy 
	  for [SNIPPED]; Sun, 31 Dec 2006 01:36:45 +0000
From: "gimme surfers" <gimmesurfers@aol.com>
Reply-To: support@gimmesurfers.com
To: [SNIPPED]
Date: Sun, 31 Dec 2006 03:36:43 +0200
Subject: Hello
X-Priority: 1
X-Mailer: Microsoft Outlook Express 5.00.2919.7000
MIME-Version: 1.0
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
[BODY SNIPPED]

--
Delivery-date: Mon, 01 Jan 2007 19:44:33 +0000
Received: from [88.233.127.184] (helo=ommo.net)
	  by by 81-[SNIPPED]-31.mail-route.nfwebsolutions.com with with smtp ([SNIPPED]) id 1H1T5C-0008SO-GP 
	  for [SNIPPED]; Mon, 01 Jan 2007 19:44:31 +0000
From: "Brain" <brain@aol.com>
Reply-To: bohemlife@yahoo.com
To: [SNIPPED]
Date: Mon, 1 Jan 2007 21:44:29 +0200
Subject: WEBMASTERS ! LAST 1 WEEK !!!!
X-Priority: 1
X-Mailer: Microsoft Outlook Express 5.00.2919.7000
MIME-Version: 1.0
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
[BODY SNIPPED]

--
Delivery-date: Mon, 01 Jan 2007 23:26:37 +0000
Received: from mxout1.netvision.net.il ([194.90.9.20])
	  by by 81-[SNIPPED]-30.mail-route.nfwebsolutions.com with with esmtp ([SNIPPED]) id 1H1WUX-0000wD-B9 
	  for [SNIPPED]; Mon, 01 Jan 2007 23:22:53 +0000
Received: from PROS1 ([84.94.13.161]) by mxout1.netvision.net.il
 (Sun Java System Messaging Server 6.2-6.01 (built Apr  3 2006))
 with ESMTPA id <0JB7007DOQ9AD740@mxout1.netvision.net.il> for
 [SNIPPED]; Tue, 02 Jan 2007 01:22:45 +0200 (IST)
Date: Tue, 02 Jan 2007 01:12:36 +0200
From: Mike S <bonus180@netvision.net.il>
Subject: 2006  Last minute link submission
To: [SNIPPED]
Reply-to: Mike S <bonus180@netvision.net.il>
Message-id: <0JB7007DRQ9VD740@mxout1.netvision.net.il>
MIME-version: 1.0
X-Mailer: The Bat! (v3.65.03) Home
Content-type: text/plain
Content-transfer-encoding: 7BIT
X-Priority: 3
[BODY SNIPPED]

--
Delivery-date: Thu, 04 Jan 2007 00:34:32 +0000
Received: from [85.103.38.224] (helo=ommo.net)
	  by by 81-[SNIPPED]-31.mail-route.nfwebsolutions.com with with smtp ([SNIPPED]) id 1H2GYv-0005Ju-0t 
	  for [SNIPPED]; Thu, 04 Jan 2007 00:34:30 +0000
From: "Meg" <meg@gmail.com>
Reply-To: meg74.msn2@hotmail.com
To: [SNIPPED]
Date: Thu, 4 Jan 2007 02:34:26 +0200
Subject: Targeted E-Mail Lists For Webmasters - Very Cheap -
X-Priority: 1
X-Mailer: Microsoft Outlook Express 5.00.2919.7000
MIME-Version: 1.0
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
[BODY SNIPPED]

--
Delivery-date: Sat, 06 Jan 2007 18:35:51 +0000
Received: from [88.233.23.216] (helo=ommo.net)
	  by 81-[SNIPPED]-33.mail-route.nfwebsolutions.com with smtp ([SNIPPED]) id 1H3GO5-0003nB-98 
	  for [SNIPPED]; Sat, 06 Jan 2007 18:35:28 +0000
From: "Brain Bulax" <brain@gmail.com>
Reply-To: meg74.msn2@hotmail.com
To: [SNIPPED]
Date: Sat, 6 Jan 2007 20:35:22 +0200
Subject: GREAT SURPRISE FOR WEBMASTERS ! :))
X-Priority: 1
X-Mailer: Microsoft Outlook Express 5.00.2919.7000
MIME-Version: 1.0
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
[BODY SNIPPED]

Code (markup):

-- END SAMPLE EMAILS --

 

Wow, great info Zeeshan. I always use gmail, which seems to catch most of my spam pretty well. I even use my e-mail out in the wild all over the place, and never need to worry much.

 

I got the same email 3 times!!!

How can he collet these emails as emails cant be seen on the forum....

 

I'm still getting these spam emails now, and on a regular basis. Guess he wont stop sending them now, and sell our email addresses on other Webmaster forums also