Professional Web Applications Themes

Ebay Phishing - FreeBSD

Hi all, Is it just me, but I've had 2 Ebay Phishing e-mails to this e-mail address that I only use for this mail list. Both mails where from Comcast users !! Rob...

  1. #1

    Default Ebay Phishing

    Hi all,

    Is it just me, but I've had 2 Ebay Phishing e-mails to this e-mail
    address that I only use for this mail list. Both mails where from
    Comcast users !!

    Rob

    Robert Guest

  2. #2

    Default Re: Ebay Phishing

    Robert Slade wrote: 

    Sounds like someone from Comcast is on this list AND using a Windows box
    AND is infected.

    Shame on you

    --
    Best regards,
    Chris

    If you have always done it that way, it is probably wrong.
    Chris Guest

  3. #3

    Default Re: Ebay Phishing

    On Sun, 20 Mar 2005, Robert Slade wrote:
     

    Mail to this list is reposted on the web and through multiple
    mail-to-news gateways. So your address was likely harvested.

    As to Comcast, it's a multitude of Windows users on high-speed
    connections, many of them running infected machines that are
    broadcasting viruses and spam.

    If you have your own mailserver, most of this can be rejected by using
    greylisting or by rejecting mail from dynamic Comcast IP addresses,
    while still allowing mail coming from Comcast's mail servers.

    -Warren Block * Rapid City, South Dakota USA
    Warren Guest

  4. #4

    Default Re: Ebay Phishing

    At 10:18 3/20/2005, Robert Slade wrote: 

    Please forward them (include headers) to: com.
    Same for com.

    Start Here to Find It Fast! -> http://www.US-Webmasters.com/best-start-page/
    $8.77 Domain Names -> http://domains.us-webmasters.com/

    W. Guest

  5. #5

    Default Re: Ebay Phishing

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    On 2005-03-20, Warren Block scribbled these
    curious markings: 

    Which is completely and totally unfair to those of us who *can* control
    our networks and who are more than likely being blamed for things that
    we aren't even doing (i.e. machines not on Comcast's network forging
    headers). DNS blacklisting is one of the most unfair methods of stopping
    spam. It's a real pain in the neck for me to edit my Postfix
    configuration every time some y netadmin decides to blacklist a
    whole netblock because of one or two (ignorant) miscreants.

    Best Regards,
    Christopher Nehren
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.0 (FreeBSD)

    iD8DBQFCPa89k/lo7zvzJioRAtqnAJ9EDa1GEhNIyphls0xSuPwvDq+48ACgh7qQ
    ctRpzUxRNGO9q8FCIdkyBYM=
    =XKVA
    -----END PGP SIGNATURE-----

    --
    I abhor a system designed for the "user", if that word is a coded
    pejorative meaning "stupid and unsophisticated". -- Ken Thompson
    If you ask the wrong questions, you get answers like "42" and "God".
    Unix is user friendly. However, it isn't idiot friendly.

    Christopher Guest

  6. #6

    Default Re: Ebay Phishing

    Gerard Seibert wrote:
     
    It is most likely it is a windows box that has been copromised due to
    one of the slew of M$ vulnerabilities. Some crafty programmer has
    turned this box into a zombie and installed a mailing package or a proxy
    server and is sending mail from it in concert with thousands of others
    just like it...al behind one keyboard.

    -Bob
    Bob Guest

  7. #7

    Default Re: Ebay Phishing

    On Sunday 20 March 2005 11:53 am, Bob Ababurko wrote: [/ref]
    wrote: 
    >
    > It is most likely it is a windows box that has been copromised due to
    > one of the slew of M$ vulnerabilities. Some crafty programmer has
    > turned this box into a zombie and installed a mailing package or a
    > proxy server and is sending mail from it in concert with thousands of
    > others just like it...al behind one keyboard.
    >
    > -Bob[/ref]


    Just to be fair towards the OS used by common folk, a few months ago I
    set up a gateway machine with FreeBSD 4.11 and made the mistake of
    running it on my DSL line without first setting up a firewall, shutting
    off sendmail and unused ports. (due to lazyness impatience on my part)

    It took only a few hours for someone to find the open relay and use it!
    I didn't even know until Verizon sent me an email saying I was a bad
    boy and they were shutting off my email access for 24 hours, which they
    did! Bottom line is it can happen to anyone.

    -Mike




    Michael Guest

  8. #8

    Default Re: Ebay Phishing

    On Sun, 20 Mar 2005, Christopher Nehren wrote:
     
    >
    > Which is completely and totally unfair to those of us who *can* control
    > our networks and who are more than likely being blamed for things that
    > we aren't even doing (i.e. machines not on Comcast's network forging
    > headers).[/ref]

    Spam from genuine Comcast dynamic IP addresses is a serious problem.
    If someone needs to receive email from Comcast dynamic addresses,
    greylisting has no more serious effect than delaying it by half an hour.

    And the mailservers that Comcast provides for dynamic IP users can be
    whitelisted, so for users who smarthost through those servers there will
    be no delay or inconvenience at all.

    (FreeBSD relevant: /usr/ports/mail/milter-greylist)
     

    This is quite a jump from greylisting. I was thinking more of looking
    up the Comcast listings from blackholes.us and then adding them to
    /etc/mail/access. It depends on the severity of the problem.
     

    What do you have to edit? If you're in Comcast dynamic space, why not
    just smarthost through their servers?

    -Warren Block * Rapid City, South Dakota USA
    Warren Guest

  9. #9

    Default Re: Ebay Phishing

    On Sun, 20 Mar 2005 12:08:49 -0800 "Michael C. Shultz"
    <com> wrote:

    ||>
    ||>On Sunday 20 March 2005 11:53 am, Bob Ababurko wrote:
    ||>> Gerard Seibert wrote:
    ||>> >On Sun, 20 Mar 2005 10:22:23 -0600 Chris <com>
    ||>wrote:
    ||>> >||>Robert Slade wrote:
    ||>> >||>> Hi all,
    ||>> >||>>
    ||>> >||>> Is it just me, but I've had 2 Ebay Phishing e-mails to this
    ||>> >||>> e-mail address that I only use for this mail list. Both mails
    ||>> >||>> where from Comcast users !!
    ||>> >||>>
    ||>> >||>> Rob
    ||>> >||>
    ||>> >||>Sounds like someone from Comcast is on this list AND using a
    ||>> >||> Windows box AND is infected.
    ||>> >||>
    ||>> >||>Shame on you
    ||>> >||>
    ||>> >||>--
    ||>> >||>Best regards,
    ||>> >||>Chris
    ||>> >||>
    ||>> >||>If you have always done it that way, it is probably wrong.
    ||>> >
    ||>> >********** Reply Separator **********
    ||>> >Sunday, March 20, 2005 1:35:28 PM
    ||>> >
    ||>> >1) Did you actually confirm that the email originated from Comcast
    ||>> >2) Did you report the email to Comcast as well as com
    ||>> >3) Why does it have to be a Windows box? Anyone can access this
    ||>> > forum and harvest email addresses.
    ||>> >
    ||>> >--
    ||>> >Gerard Seibert
    ||>> >net
    ||>> >
    ||>> >They say that a dog is man's best friend. I do not believe that. How
    ||>> >many of your friends have you had neutered?
    ||>>
    ||>> It is most likely it is a windows box that has been copromised due to
    ||>> one of the slew of M$ vulnerabilities. Some crafty programmer has
    ||>> turned this box into a zombie and installed a mailing package or a
    ||>> proxy server and is sending mail from it in concert with thousands of
    ||>> others just like it...al behind one keyboard.
    ||>>
    ||>> -Bob
    ||>
    ||>
    ||>Just to be fair towards the OS used by common folk, a few months ago I
    ||>set up a gateway machine with FreeBSD 4.11 and made the mistake of
    ||>running it on my DSL line without first setting up a firewall, shutting
    ||>off sendmail and unused ports. (due to lazyness impatience on my part)
    ||>
    ||>It took only a few hours for someone to find the open relay and use it!
    ||>I didn't even know until Verizon sent me an email saying I was a bad
    ||>boy and they were shutting off my email access for 24 hours, which they
    ||>did! Bottom line is it can happen to anyone.
    ||>
    ||>-Mike


    ********** Reply Separator **********
    Sunday, March 20, 2005 5:17:20 PM

    Thanks Mike, that is exactly my point. Far to many individuals blame
    Microsoft for every conceivable thing that happens without first fully
    investigating the actual event. There is a very good chance that
    Microsoft software may be at the heart of this matter; there is also a
    change that O.J. Simpson is innocent, but we do not really have to go
    there. For all we know, these addresses could be harvested by an
    individual using a MAC.

    The point is that as soon as someone starts using an OS other than
    Microsoft, they are lulled into a totally false sense of security, which
    anyone with any real knowledge knows is simply BS.

    If someone like yourself can make a mistake like you described, think
    how easy it is for a novice to accomplish the same feat. Worse yet, they
    will not even be aware that they have compromised either their own or
    some others security because of their incompetence.

    --
    Gerard Seibert
    net

    Support your local medical examiner; die strangely!

    Gerard Guest

  10. #10

    Default Re: Ebay Phishing

    On Sun, Mar 20, 2005 at 01:49:57PM -0700, Warren Block wrote:
     

    Not referring to Comcast, but for Rogers which is also blacklisted by
    a lot of people: their "smart" host likes to delay or randomly drop
    outbound mail making it useless for reliable email delivery, and they
    require you to send mail from a rogers.com address, which means you
    can't use personal domains (like this one).

    Kris
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.0 (FreeBSD)

    iD8DBQFCPhFpWry0BWjoQKURAlXYAKC6PudTmP5K0W2tcm49rx W6Xd3ScACg+0qp
    60c42VwiUKukdQAdrB5sVM4=
    =xzix
    -----END PGP SIGNATURE-----

    Kris Guest

  11. #11

    Default Re: Ebay Phishing


    ----- Original Message -----
    From: "Kris Kennaway" <org>
    To: "Warren Block" <com>
    Cc: "Christopher Nehren" <apeiron+info>;
    <org>
    Sent: Sunday, March 20, 2005 7:12 PM
    Subject: Re: Ebay Phishing

    On Sun, Mar 20, 2005 at 01:49:57PM -0700, Warren Block wrote:
     

    Not referring to Comcast, but for Rogers which is also blacklisted by
    a lot of people: their "smart" host likes to delay or randomly drop
    outbound mail making it useless for reliable email delivery, and they
    require you to send mail from a rogers.com address, which means you
    can't use personal domains (like this one).

    Kris

    ----------- reply separator -------------

    Actually, what you say is not true for Rogers. I've been sending mail
    directly out of my Rogers-hosted machine for almost a year now, without
    going through their "smart" hosts. This was one of the reasons I switched
    to Rogers from Sympatico -- Sympatico locked down port 25 which forced me to
    use their crappy mail servers, and I was easily losing 50% of my mail.

    --
    Matt Emmerton

    Matt Guest

  12. #12

    Default Re: Ebay Phishing

    On Sun, Mar 20, 2005 at 07:41:00PM -0500, Matt Emmerton wrote:
     
    >
    > Not referring to Comcast, but for Rogers which is also blacklisted by
    > a lot of people: their "smart" host likes to delay or randomly drop
    > outbound mail making it useless for reliable email delivery, and they
    > require you to send mail from a rogers.com address, which means you
    > can't use personal domains (like this one).
    >
    > Kris
    >
    > ----------- reply separator -------------
    >
    > Actually, what you say is not true for Rogers. I've been sending mail
    > directly out of my Rogers-hosted machine for almost a year now, without
    > going through their "smart" hosts. This was one of the reasons I switched
    > to Rogers from Sympatico -- Sympatico locked down port 25 which forced meto
    > use their crappy mail servers, and I was easily losing 50% of my mail.[/ref]

    I don't understand what your point is...I didn't say rogers forced you
    to use their smarthost, only that lots of people (e.g. lots of people
    in europe and russia, in my experience) blacklist your emails when you
    don't.

    Kris
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.0 (FreeBSD)

    iD8DBQFCPjZqWry0BWjoQKURAiCTAKDArgme563A6f64Mp+GIp wetigVIwCdGvbl
    fw+PvIYMcIPkIFFpOnqZ9FI=
    =C/Ha
    -----END PGP SIGNATURE-----

    Kris Guest

  13. #13

    Default Re: Ebay Phishing

    On Sunday, 20 March 2005 at 18:50:18 -0800, Kris Kennaway wrote: 
    >>
    >> Not referring to Comcast, but for Rogers which is also blacklisted by
    >> a lot of people: their "smart" host likes to delay or randomly drop
    >> outbound mail making it useless for reliable email delivery, and they
    >> require you to send mail from a rogers.com address, which means you
    >> can't use personal domains (like this one).
    >>
    >> Kris
    >>
    >> ----------- reply separator -------------
    >>
    >> Actually, what you say is not true for Rogers. I've been sending mail
    >> directly out of my Rogers-hosted machine for almost a year now, without
    >> going through their "smart" hosts. This was one of the reasons I switched
    >> to Rogers from Sympatico -- Sympatico locked down port 25 which forced me to
    >> use their crappy mail servers, and I was easily losing 50% of my mail.[/ref]
    >
    > I don't understand what your point is...I didn't say rogers forced you
    > to use their smarthost, only that lots of people (e.g. lots of people
    > in europe and russia, in my experience) blacklist your emails when you
    > don't.[/ref]

    Indeed. I do, and it blocks an amazing amount of spam.

    I do have the courtesy to say "please use your ISP's mail server" in
    the error reply.

    Greg
    --
    See complete headers for address and phone numbers.

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.2.6 (FreeBSD)

    iD8DBQFCPkayIubykFB6QiMRAlGpAKCTU5/own7Oo95jm7yXIwE2tfk+DwCeKTT1
    3gogl/5BkZ4RwFRmS+dnpSs=
    =vyqE
    -----END PGP SIGNATURE-----

    Greg Guest

  14. #14

    Default Re: Ebay Phishing

    On Sun, 2005-03-20 at 18:42, Gerard Seibert wrote: 

    Yes:

    Received: from c-24-13-45-69.client.comcast.net (HELO 192.168.0.101)
    (24.13.45.69)
    Direct to my mail server. It is also significant that the sending IP is
    listed on a number of blacklists including SORBS.
     

    Yes, Ebay appear to have done something, Comcast not as the machine is
    still sending.
     

    Not my comment, but that is the most likely cause. Although there may be
    more to it.

    BTW I have just got a spam e-mail to the same address, this one came
    from a rr IP. It was advertising a site in ru space and the ebay one
    leads back to a ru site too.

    Rob

    Robert Guest

  15. #15

    Default Re: Ebay Phishing

    On Mon, 21 Mar 2005 14:29:46 +1030
    Greg 'groggy' Lehey <org> wrote:

     

    That's the wrong way to deal with spam, Greg. Greylisting and SPF
    checks are a much better solution.
     

    Well, as pointed out before, that's not always possible. My ISP doesn't
    allow any mail with a from != terra.es to pass through their mail
    servers. Not only that, but they will silently drop e-mail without
    telling you. Their POP3 server is also broken half of the time, that's
    why I gave up on using their mail (and dns as well) service years ago.
    Modulo that, the service is good enough and I've had less than a few
    hours of outage in 5 years, so I don't have any plans of moving to
    another ISP.

    When people reject my mail (which comes from a static IP, gpg-signed
    and from a host that publishes SPF records) I simply add them to my /
    etc/postfix/access file, so I don't waste time reading and replying to
    mail that won't reach its destinantion. It's that simple :)

    I've tried several setups to stop spam. I get about 150/day or so. I
    discovered that 99% of them were coming from Windows boxes. So, if you
    have PF you can do tricks like this:

    rdr on $ext_if proto tcp from any os "Windows" to any port smtp ->
    127.0.0.1 port 8025

    And have all those mails end up in spamd's tarpit. However, this might
    send legit mail there, so I stopped using that too. I just let
    spamassassin do its job.


    Cheers,
    --
    Miguel Mendez <es.eu.org>
    http://www.energyhq.es.eu.org
    PGP Key: 0xDC8514F1


    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.0 (FreeBSD)

    iD8DBQFCPp9xnLctrNyFFPERAoifAJ9D01ylFEuVXb533tnMMf ALXsd2IgCfcrSE
    zvyHyvQLjIdqV9BYYerSjEE=
    =9XPz
    -----END PGP SIGNATURE-----

    Miguel Guest

Similar Threads

  1. Replies: 2
    Last Post: September 9th, 02:05 PM
  2. eBay- EF 28 f/2.8
    By Martin in forum Photography
    Replies: 6
    Last Post: August 17th, 08:45 AM
  3. Q about Ebay
    By Nige in forum Photography
    Replies: 7
    Last Post: August 10th, 08:17 AM
  4. Further to eBay, what to do.
    By Krusty in forum Photography
    Replies: 10
    Last Post: July 24th, 01:55 AM
  5. eBay, what to do?
    By AU Digital Photo Of The Day in forum Photography
    Replies: 11
    Last Post: July 20th, 06:11 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139