sflesch Posted July 21, 2006 Share Posted July 21, 2006 Hey all, I too use te MSFN@... email convention and have been receiving spam. I also started receiving it from Konfabulator at the same time, so for anyone investigating, you may want to get with Konfabulator forum people to see what they say. I am posting a reply to one of their announcement messages in regards to this issue.ThxSean Link to comment Share on other sites More sharing options...
Aegis Posted July 21, 2006 Share Posted July 21, 2006 There's no way to stop the spam ! Gave up and just started another Gmail account. Lesson learned: don't trust anyone with your email. Link to comment Share on other sites More sharing options...
xper Posted July 22, 2006 Share Posted July 22, 2006 There was a security exploit in IPB v2.1.6 known only to small group of hackers. We found some indications that IPB was compromised in a malicious way. Unfortunately, we do not know how much information was compromised. As of this time, we know that members who were registered as of July 12, 2006 had their addresses harvested by the compromise. Please change your e-mail address and password to ensure your security.MSFN has existed for more then five years and has never solicited or leaked any member information to anyone.We apologize for any inconvience. Link to comment Share on other sites More sharing options...
Camarade_Tux Posted July 23, 2006 Share Posted July 23, 2006 Victim too I think. Here is a typical mail for me :De: xymenes@loveable.com Ternov À: camara01recope@gmail.com Date: Thu, 20 Jul 2006 23:29:11 +0200 Objet: re:your resume <html><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" <head></head> <body bgcolor=#ffffff> Hello, Sir/Madam! <br> <font color=#fcfcfc>u's bison notch gila</font><br> This message was originally posted by Hot Jobs 4 You system and has nothing to do with spam! <br>Our Company is seeking applications for many Work-at-home positions <br><font color=#fcfcfc>pardon bleat jugs today</font><br>Employers guarantee payroll tax deposits and reporting, retirement and various reports,<br>other accounting functions. Attention to detail is a must and well as the ability to multi-task.<br>Equivalent experience providing knowledge, skills and abilities. Pre-employment <br>testing and criminal background history check required. Salary DOQ, excellent benefits. <br> <font color=#fcfcfc>martyr grain bills bowie</font><br>If you are interested in this proposal send us your resume ASAP and employer will contact you. <br>hallstein@best-user-choose.info <br><font color=#fcfcfc>34th taffy gum angel</font><br>Best regards, <br>Hot Jobs 4 You Employee Search Department<br></body>And camara01recope@gmail.com is not my correct address : the real one is pratty obvious, all you have to know is that gmails doesn't accept underscores.Hopefully the spam I receive always starts the same way and the sendto address too. I should be able to filter that out. I check my Spam box in gmail and there are 5 spams in it : 22 July, 21 July, 21 July, 20 July and 20 July.I am wondering how much do other peoples get per day ?Also, every time I get a spam in gmail, I use the "report as spam" button. I don't know how efficient it is, but anyway I do it. Does anybody else does the same ?This was to say : if this spam is caused, indirectly, by msfn, as far as I'm concerned, it is still a minor annoyance (if not an annoyance anymore) Link to comment Share on other sites More sharing options...
Camarade_Tux Posted July 23, 2006 Share Posted July 23, 2006 You advise to change passwords.What does msfn stores : clear password or hashed password ? Link to comment Share on other sites More sharing options...
XPerties Posted July 23, 2006 Share Posted July 23, 2006 You advise to change passwords.What does msfn stores : clear password or hashed password ?It stores IPB passwords....... Doesn't really matter, you should update your password. Link to comment Share on other sites More sharing options...
Camarade_Tux Posted July 23, 2006 Share Posted July 23, 2006 Changing my passwords would be a pain. However my ! password is pretty strong I think and if it is only stored as a hash then I'd take the risk. Link to comment Share on other sites More sharing options...
tain Posted July 23, 2006 Share Posted July 23, 2006 IPB uses MD5 hashes but xper has requested that everyone change their email and password. Link to comment Share on other sites More sharing options...
Super-Magician Posted July 23, 2006 Share Posted July 23, 2006 xper: If I did not receive any such spam email, do you still recommend that I change my address and password? Link to comment Share on other sites More sharing options...
gamehead200 Posted July 23, 2006 Share Posted July 23, 2006 xper: If I did not receive any such spam email, do you still recommend that I change my address and password?Yes. I changed my password. Everyone should do the same, just to be safe. Link to comment Share on other sites More sharing options...
pcalvert Posted July 27, 2006 Share Posted July 27, 2006 If you posted copies of spam containing links to the spammers' web sites, please edit your post(s) and remove them (the links). It makes no sense to promote the spammers web sites for them.In addition, it would help if you would report the spam as soon as you get it. Go to spamcop.net and open a free account. But don't bother reporting any spam that is more than two days old, as it will be rejected.Reporting the spam will make it harder for the spam to get through because the IP addresses that it is being sent from will be put on a blacklist. It will also let the ISPs know that there are customers on their networks with compromised computers-- you will be helping the unfortunate people whose computers have been infested and hijacked by these parasites.Phil Link to comment Share on other sites More sharing options...
prx984 Posted July 27, 2006 Share Posted July 27, 2006 (edited) i kept getting some spam, but i dont think it was from MSFN. so all i did was block the email it used to send to me and i havent gotten anything in the past few days now.heres the email address i kept getting mail from: ****@madrid.com where * was a different thing everyday.i just blocked the @madrid.com thing in Outlook Express, and it just deletes anything like that from the server.i also changed my msfn password, but im not getting a new email just for this lol. it doesnt bother me as much. in no way would i blame MSFN for this. it was an accident, stuff happens. so , ill just deal with it in my own way.thanks msfn for at least ackknowledging it. i give you a lot of credit for that regards, cygnusi found a copy of the mail i was deleivered. this is also from a different email address now too, weird... ill be blocking this domain too.Original Message Received From : zywfwgsjy@cerne.netoutsideattempt salad.sake. DNAPosted beyond genes. geneticpatent later.FoodSpam WireSteve Munro TTCanywhere. Beingfree amongCaesar. declared sludge pretends wearingchecking driving. maps gtSearchvol. growsRating: views:basedRelayentire royalty noticepieces rejoin sorting Recoverydetergent Tell brandnamesteady attained. emulsify quickly.copyleft stated thatwhen denyotherBasov Aleksandr Prokhorovdecision entry. That changing.Roff Dundee Medical SchoolSVCD for... Splitter WMVxexadxedx xcesky DanskOSNews coverage: Heise LinuxFR French OpenNET Russian AustrianGrowth leverage ITVslangJuneSams. Proudsneargon occur rather fiber Gaussian beams. pure modes analyzed havingDoyleGordon Herbert J. ZeigerCabinetAt Checkout Against CupMovers GoodHellofoodspam lol Edited July 27, 2006 by Cygnus Link to comment Share on other sites More sharing options...
xper Posted July 27, 2006 Share Posted July 27, 2006 In addition, it would help if you would report the spam as soon as you get it. Go to spamcop.net and open a free account. But don't bother reporting any spam that is more than two days old, as it will be rejected.Reporting the spam will make it harder for the spam to get through because the IP addresses that it is being sent from will be put on a blacklist. It will also let the ISPs know that there are customers on their networks with compromised computers-- you will be helping the unfortunate people whose computers have been infested and hijacked by these parasites.PhilThanks. Will be added to announcement. Link to comment Share on other sites More sharing options...
playsafe Posted July 29, 2006 Share Posted July 29, 2006 Well,Something I learnt after this, is not to use my primary email address for registering on public forums. I was wondering about the best practice.Wether to use a separate email address for each forum Or to use One email address for all the public forums we register on.IMO, one email address should do it for all the forums. Any suggestions?And again i believe and agree with @Cygnus, that this kind of stuff happens, and MSFN is not to be blamed for anything related to this. Also thumbs up for MSFN to acknowledge it. Link to comment Share on other sites More sharing options...
HyperHacker Posted August 4, 2006 Share Posted August 4, 2006 When exactly was this exploit used? I've been getting these types of messages for months. Link to comment Share on other sites More sharing options...
Recommended Posts