Posts posted by ThumpAZ
If you are not serving it on an uncommon HTTP port, then it is very doubtful that any firewall is blocking him.
Can he access other areas of the site without problems? I ask this because script blocking could be a culprit. Also, your own blocking rules could be catching him.
Also, can you describe the steps he takes and the screens returned to him. These can be important from time to time.
You could try setting up an new UN and PW in a simple manner (all lower case, blah blah blah) and see if that new account/lack of complexity to rule out mistakes does the trick. Even with cut n paste, it could still give issues (say an HTML/Rich Text email message is somehow copying in formatting along with the expected characters).
just a quick adder...
whatever it is, it has its own SMTP engine. I can say this because the "helo" name is the computer name. This will not happen in a standard email that is going through a remotely hosted email server (yours would be a FQDN like this example of an email to me "from 'username' by server54.totalchoicehosting.com with local-bsmtp (Exim 4.24)
So whatever it is, it is on that machine for sure. I tried pinging and a short scan of the IP listed in your header for typical bad guy ports and nothing odd came up (your firewall is working well against amateurs, didn't really hit it hard).
I went to the site at the IP address in the line and it was definitely not a reputable site. After reading around on the web for a bit, it appears that much of the stuff about dcsresearch is not reputable. I haven't looked deeply, but I would assume that there are spoofed copies floating around or something.
I did a little more research and nothing else in there is questionable.
As for the email issue, do you have ANYTHING else? I see nothing that would do this kind of thing to you.
You maybe could grab a copy of SpyBot or something and scan with that. This is a more thorough scan, but it is still mainly for malware and spyware... not virus or trojan activities.
If you do the search for dll, exe and other files of the executable type it will narrow your search and give you a better shot at finding the culprit. Typically, you will be able to spot a smoking gun quickly. Try to narrow your search to the day before and day of the questionable email.
To be honest, you will typically see a LOT more activity if you have a virus or trojan.
You could stoop and ask folks in your address list if they have received any odd messages from you lately, as those are typically the first places for viri and such to get some names from.
If you understand how, I can provide you with an ethernet sniffer so you can log everything and see if activity is going on behind the scenes. I will even be nice and tell you how to filter out passwords so you can feel safe sending the log files over for analyzing.
Let me know if you want to proceed with advanced diagnostics
I have been using it for some time, but mainly to make floor plans and such into 3D walkthrus and such.
If anyone has any good sites they have used it would be most helpful. I can do the basics and have done all the tutorials (really cool 57 Chevy). but I cannot seem to get the grasp of some simpler things.
Thanks in advance
O1 - Hosts: 220.127.116.11 www.dcsresearch.com
this is/can lead to spyware and should be removed
Other than that, I really don't see anything too suspicious. I will do some more research, though.
Sorry for the slower reply... forgot all about this discussion.
I am looking into some items right now, but nothing looks immediately like it could cause the emails you described.
I am not a dedicated customer at TCH, but have been/am at other hosts.
Would be willing to swap (horror) stories with ya.
One thing that can be a gotcha, though, is Spam filters.
Some of the settings allow you to mark SPAM for the following conditions:
From server does not match the from address server indicated(not normally used)
From address does not match the reply to address (hopefully the ISP does not also force you to announce their server as from address)
Reverse DNS lookup on all incoming email can get you due to the first item (high-bandwidth usage, not often used)
ISP has been blocklisted by one or more of the many lists out there and has not taken the steps to get themselves unblocked
you will probably be just fine, but I thought I would give fair warning, just in case you start getting bounces.
Sscaring the horses... sounds like something I would be afflicted with
It was an article in W.C. Privy's Bathroom Companion... same place I got the quote I posted.
I am an avid reader of useless trivia. My favorites are by the Bathroom Reader's Institute and are published as "Uncle John's Bathroom Reader" I have all 15 volumes!
you can find them at BRI.com
I was thinking so... I just got through reading an article that disected the passage of the never ending tea party.
I cannot recall who said this, but it is very poigniant(sp?)
"god limited man in his capacity for knowledge, too bad he did not do the same for stupidity"
"Why, sometimes I’ve believed as many as six impossible things before breakfast."
- Lewis Carroll
Isn't this a quote from Alice in Wonderland, by the Mad Hatter?
I like the new avatar boxturt
My favs are the Truth commercials about not smoking. They have a unique way of making it real.
Amen... makes me _almost_ wanna quit
Bill just answered the question as to why he is always up...Two days later a package arrives at the office from this client. A new sony playstation 2. Just to say thank you.
He is always up, surviving on Jolt Cola and Mountain Dew while trying to "just get past this stinkin' level."
Now we all know the _real_ truth as to why he is always awake.
Fair enough. Didn't read the forum headings to see this one. Thanks
You did see this thread, right?
Shoulda known LOL
He reminds me of a time as a teenager when my mom caught me sneaking out of the house
OMG!!! I just left the online user's list, posted this and then went back to the list and guess who shows up as soon as I click page 2 (he appeared on page 1 and pushed my name down a notch)!!!
He's not human He's Not Human!!!
That is just too friggin wierd. I guess you have something watching the board for when your name is mentioned and pulls you right in to the post LOL
This is the first time I have been on the boards and not seen that HG is lurking around or spreading goodwill and cheer to customers and employees alike.
I guess he is only human and has actually gone to sleep!
I wonder, does he have Terabyte wishes and OC48 dreams? LOL
are all of your original files in Home>f1,2,3 still there, and the Luc>one,two,three files were just added?
What I am suspecting is that the folder names were the same, and were not deleted properly. The risk is that the files could have automatically overwritten stuff in the Home dir.
Most FTP progs allow you to set the warning level for overwrites... Not allowed, ask before, automatic. I NEVER set mine to automatic... just in case.
Check your files that are supposed to be in the Home dir and make sure they are not the ones that _were_ in the Luc dir (simple check of modified date should be sufficient for most)
In the realm of professional photography on the web, I am sure someone has figured this out.
I need to find a script that will not allow the user to print the image that appears on the page. I have already instituted the watermarking of images, but that defaces some images and makes them unappealing to visitors.
Whether this script will allow the printing of the page and doesn't let the images show up is one way,
If it is a page that is only an image and the print function is disabled is another way. Wouldn't it be fun to make it seem like the print was happening, but what came up on the paper was a message stating that they need to contact the photographer for prints.
Are you sure that the files wre actually deleted? I ask this because I have used FTP programs in the past that would delte the folder, but then move the files underneath it into the parent directory (get rid of the folder, but the files just got moved up one level).
I have also seen it where the files showed as deleted at the time, but therre are remnants of the file left over that the OS tries to recover as files due to some restore function... thinking that you didn't really want to get rid of the files..."did you " I hate OS's that try to "think" for you. If I wanted to get rid of something, why should it care?
EDIT: Just reread your post... you mean to tell me that the files are in ALL of the subfolders, not just in one location?
If this is the case, then I would suspect something in the site itself has been given orders to replicate certain file types to all directories. I have done things like this to rapidly deploy stuff that I was going to use for different project subdomains across a primary domain.
I went up into the mountains last weekend on a 4-wheelin' run (TOTAL BLAST!!!) and it went like this:
Go up the hill, look down at the clouds
Go down the hill, get rained on
Go up the hill, look down at the clouds
Go down the hill, get snowed on
Go up the hill, look down at the clouds
Go down the hill, get sleeted on
Was a lot of fun, and made a relatively easy trail rather interesting with the off-camber, muddy, ridge road sections with several-hundred foot drop-offs.
Coverage of the run should be in Primedia's Four Wheel and Off-Road magazine in a couple months if the pics came out OK... it was way overcast.
I just added mine. I hope you enjoy the comments I put in the box. Feel free to post them or use them if you find the words appealing.
No one knows about C4D??? Aww man. shucks.