Hi guys.
I got a message from "The Planet" today.. but not sure whate to do or where to look...
They told me that they had recieved a complaint about spam comming from my server and attached a txt file to the ticket. That had the following in it:
--------------------------------------------------------------------------
Received: from aus.worldofhosting.com ([70.84.168.26])
by vms172071.mailsrvcs.net
(Sun Java System Messaging Server 6.2-6.01 (built Apr 3 2006))
with ESMTP id <0K0F00LBH63YXSW0@vms172071.mailsrvcs.net> for midilaw@gte.net;
Mon, 05 May 2008 18:47:58 -0500 (CDT)
Received: (qmail 21143 invoked by uid 48); Tue, 06 May 2008 06:29:31 +1000
Received: from 90.2.a8c0.static.theplanet.com
(90.2.a8c0.static.theplanet.com [192.168.2.144])
by webmail.paulrappandco.com.au (Horde MIME library) with HTTP; Tue,
06 May 2008 06:29:23 +1000
Date: Tue, 06 May 2008 06:29:23 +1000
From: The Senate Hoouse <info@atm.com>
Subject: ATM CARD AWARD (6.8 MILLION DOLLARS)
X-Originating-IP: [70.84.168.26]
To: undisclosed-recipients: ;
Reply-to: linda107102@yahoo.com.hk
Message-id: <20080506062923.pr6uxvw3wgowskk0@webmail.paulrappandco.com.au>
MIME-version: 1.0
Content-type: text/plain; charset=ISO-8859-1; DelSp=Yes; format=flowed
Content-transfer-encoding: 7bit
Content-disposition: inline
User-Agent: Internet Messaging Program (IMP) H3 (4.1.5)
This is to officially inform you that ATM Card with a fund worth $6.8 Million
Dollars has been accredited in your favor, Please Contact Mrs. Linda Hill
(linda107102@yahoo.com.hk) With the following,
Full Name:
Delivery Address:
Age:
Occupation:
Phone Number:
Country:
Best Regards.
Senator David Mark.
MIME element (text/html)
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.6000.16640" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT face=Arial>Gentlemen:</FONT></DIV>
<DIV><FONT face=Arial>It appears from the highlighted portions of the message
detail pasted below that theplanet.com is being used for phishing and other
improper purposes.</FONT></DIV>
<DIV><FONT face=Arial></FONT> </DIV>
<DIV><FONT face=Arial>I have forwarded this to you for whatever action you may
deem appropriate.</FONT></DIV>
<DIV><FONT face=Arial></FONT> </DIV>
<DIV><FONT face=Arial>S. Kelsey</FONT></DIV>
<DIV><FONT face=Arial>California</FONT></DIV>
<DIV><FONT face=Arial></FONT> </DIV>
<DIV><FONT face=Arial></FONT> </DIV>
<DIV><FONT face=Arial></FONT> </DIV>
<DIV><FONT face=Arial></FONT> </DIV>
<DIV><FONT face=Arial>Received: from aus.worldofhosting.com
([70.84.168.26])<BR> by vms172071.mailsrvcs.net<BR> (Sun Java System
Messaging Server 6.2-6.01 (built Apr 3 2006))<BR> with ESMTP id
<<A
href="mailto:0K0F00LBH63YXSW0@vms172071.mailsrvcs.net">0K0F00LBH63YXSW0@vms172071.mailsrvcs.net</A>>
for <A href="mailto:midilaw@gte.net">midilaw@gte.net</A>;<BR> Mon, 05 May
2008 18:47:58 -0500 (CDT)<BR>Received: (qmail 21143 invoked by uid 48); Tue, 06
May 2008 06:29:31 +1000<BR><STRONG><FONT size=4>Received: from
90.2.a8c0.static.theplanet.com<BR> (90.2.a8c0.static.theplanet.com
[192.168.2.144])</FONT></STRONG><BR> by webmail.paulrappandco.com.au
(Horde MIME library) with HTTP; Tue,<BR> 06 May 2008 06:29:23
+1000<BR>Date: Tue, 06 May 2008 06:29:23 +1000<BR>From: The Senate Hoouse <<A
href="mailto:info@atm.com">info@atm.com</A>><BR>Subject: ATM CARD AWARD (6.8
MILLION DOLLARS)<BR>X-Originating-IP: [70.84.168.26]<BR>To:
undisclosed-recipients: ;<BR>Reply-to: <A
href="mailto:linda107102@yahoo.com.hk">linda107102@yahoo.com.hk</A><BR>Message-id:
<<A
href="mailto:20080506062923.pr6uxvw3wgowskk0@webmail.paulrappandco.com.au">20080506062923.pr6uxvw3wgowskk0@webmail.paulrappandco.com.au</A>><BR>MIME-version:
1.0<BR>Content-type: text/plain; charset=ISO-8859-1; DelSp=Yes;
format=flowed<BR>Content-transfer-encoding: 7bit<BR>Content-disposition:
inline<BR>User-Agent: Internet Messaging Program (IMP) H3 (4.1.5)</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=Arial></FONT> </DIV>
<DIV> </DIV>
<DIV><FONT face=Arial>This is to officially inform you that ATM Card with a fund
worth $6.8 Million<BR>Dollars has been accredited in your favor, Please Contact
Mrs. Linda Hill<BR>(<A
href="mailto:linda107102@yahoo.com.hk">linda107102@yahoo.com.hk</A>) With the
following,<BR>Full Name:<BR>Delivery Address:<BR>Age:<BR>Occupation:<BR>Phone
Number:<BR>Country:</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=Arial>Best Regards.<BR>Senator David
Mark.<BR></FONT></DIV></BODY></HTML>
-----------------------------------------------------------------------------
Can anyone point me in the direction of what I should be looking for??
Spammer on my server???
-
breun
- Long Time Forum Regular
- Posts: 2813
- Joined: Sat Aug 20, 2005 9:30 am
- Location: The Netherlands
Looks like a message sent using Horde Webmail at webmail.paulrappandco.com.au. Could very well be a compromised account (guessed password).
Lemonbit Internet Dedicated Server Management