Jump to content

Site Compromised?

mlundblad

By mlundblad
in Abuse Related

 Share

Recommended Posts

mlundblad Newbie

mlundblad

Posted
Posted

Dear all,

 

Recently I'm getting SPAM in my inbox, but these messages are not sent to my "primary" email account itself but sent to a number of different aliases that I have created for different purposes (like emails from bayt.com, ipcheck.com, pingdom.com, ebay.com, etc. etc. etc.). Normally these aliases should only be known to the account from the service that they are created for.

Lets take an example;

- I create an alias ipcheck@lundblad.com that forwards emails to my "real" mailbox

- I create an account on ipcheck.com for some server monitoring and set emails to be sent to ipcheck@lundblad.com

After this I receive emails from ipcheck.com whenever there is an alert from the account. Spammers would no know about this alias so I should get no SPAM on this alias.

 

Then what happened about two weeks ago is that receive SPAM on this alias, so my reaction was "how come? have ipcheck.com sold my email address???". Action I took was to change the alias ipcheck@lundblad.com to something different, it was quiet for about 24 hours when I started to get SPAM on this new alias!!!

 

So my querstion is, have the server(s) at TCH been compromised, how come otherwise a specific alias is "leaked"???

 

Thanks & Best Regards,

 

 

Mattias Lundblad

 

PS. My account happens to be on dantooine.

TCH-Andy Grand Master

TCH-Andy

Posted
Posted

Hi Matias,

 

The short answer is No, none of our servers have been compromised.

 

I had a look at the log file for incoming email to you over the last few hours ... a very small section of it is;

 

cole@lundblad.com

coleman@lundblad.com

conner@lundblad.com

cook@lundblad.com

cooper@lundblad.com

cox@lundblad.com

cqha4cyhgeaaaaa@lundblad.com

craig@lundblad.com

crawford@lundblad.com

cross@lundblad.com

cruz@lundblad.com

 

As you can see, someone is simply running through typical names, and seeing if they arrive or not. If you send a read receipt or anything for any of them - they know they have a live address.

 

I would suspect that is the cause - although ipcheck may of course be selling on your email address - I don't know about them.

mlundblad Newbie

mlundblad

Posted
  • Author
Posted

Yes, I agree with the guessing theory, but in this case they sent emails to this alias: 'ipcheck-abv@lundblad.com'!!! Would take some time to simply guess that one!

And a few days later I got SPAM on several other aliases that I have created!!!

Further more, after changing the alias 'ipcheck-abv' to something different I started getting SPAM on the new alias!!!

So I will monitor the situation and see what action to take.

 

Regards,

 

 

Mattias

 

Hi Matias,

 

The short answer is No, none of our servers have been compromised.

 

I had a look at the log file for incoming email to you over the last few hours ... a very small section of it is;

 

cole@lundblad.com

coleman@lundblad.com

conner@lundblad.com

cook@lundblad.com

cooper@lundblad.com

cox@lundblad.com

cqha4cyhgeaaaaa@lundblad.com

craig@lundblad.com

crawford@lundblad.com

cross@lundblad.com

cruz@lundblad.com

 

As you can see, someone is simply running through typical names, and seeing if they arrive or not. If you send a read receipt or anything for any of them - they know they have a live address.

 

I would suspect that is the cause - although ipcheck may of course be selling on your email address - I don't know about them.

dscotese Apprentice

dscotese

Posted
Posted

I know that a lot of "free" services out there are only monetarily free. They charge you nothing, but they offer something that requires you to provide an email address that you'll check regularly. That way, they can sell the email address as a valuable connection to your attention.

 

If you pay for the service, however, it is likely that the provider will be making more money by keeping you as a customer than by allowing spam to come to you because of them.

 

I just checked ipcheck.com and got a page that says "site closed".

 

I consider my $4/month to TCH extemely well spent, and I trust them to keep my email address private. Of course, if you were paying a service fee to ipcheck.com, then none of this applies :-).

 

Dave.

carbonize Experienced

carbonize

Posted
Posted

Personally I use Spamihilator to filter spam from my pop accounts and it's over 99% effective for me. If you use Thunderbird there is also the Spamato extension for spam filtering. You can't stop spam from being sent to you but you can stop it getting to your inbox.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...