Discussion Board
Welcome Guest! You can login or register. Login or Register.
2 Pages12>

Options
Go to last post Go to first unread
Zero2Cool  
#1 Posted : Friday, January 21, 2011 7:40:04 PM(UTC)
Words can not depict how pissed off I am right now. Someone reported PackersHome.com as a SPAM website, that sends spam.

If I can not find the malicious script, PackersHome.com will be deleted, permanently and I can't do anything about it. Arvixe was nice enough to allow me this time to search for the issue and resolve it.

I'm doing another full site backup as we speak.


This is the email that could end PH.com
Quote:
MIME element (message/feedback-report)
Encapsulated message (message/rfc822)
Headers of embedded message (message/rfc822)
Delivered-To: x
Received: by 10.90.132.18 with SMTP id f18cs52994agd;
Thu, 13 Jan 2011 18:14:35 -0800 (PST)
Received: by 10.91.8.20 with SMTP id l20mr467016agi.147.1294971275657;
Thu, 13 Jan 2011 18:14:35 -0800 (PST)
Return-Path:
Received: from rhino.arvixe.com (stats.rhino.arvixe.com [74.86.163.xxx])
by mx.google.com with ESMTPS id 1si1480406ano.176.2011.01.13.18.14.35
(version=TLSv1/SSLv3 cipher=RC4-MD5);
Thu, 13 Jan 2011 18:14:35 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of doogie@rhino.arvixe.com designates 74.86.163.xxx as permitted sender) client-ip=74.86.163.xxx;
Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of doogie@rhino.arvixe.com designates 74.86.163.xxx as permitted sender) smtp.mail=xxx@rhino.arvixe.com
Received: from xxxby rhino.arvixe.com with local (Exim 4.69)
(envelope-from )
id 1PdZBT-0004of-PC
[size=18]for x; Thu, 13 Jan 2011 18:14:35 -0800
To: x
Subject: I've come across an interesting download[/size]
X-PHP-Script: www.packershome.com/index.php for 112.201.206.16
Date: Thu, 13 Jan 2011 18:14:35 -0800
From: jotam
Message-ID:
X-Priority: 3
X-Mailer: PHPMailer [version 1.73]
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="b1_211ffbc2d5b41ba727c216efb6a5ec07"
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - rhino.arvixe.com
X-AntiAbuse: Original Domain - gmail.com
X-AntiAbuse: Originator/Caller UID/GID - [881 878] / [47 12]
X-AntiAbuse: Sender Address Domain - rhino.arvixe.com
Pack93z  
#2 Posted : Friday, January 21, 2011 7:45:25 PM(UTC)
Anything that we can do to help?
Zero2Cool  
#3 Posted : Friday, January 21, 2011 7:48:17 PM(UTC)
" said: Go to Quoted Post
Anything that we can do to help?


I don't know, man. I'm so pissed off and discouraged right now, its just not good.

I hate spam and hate script kiddies even more.


I don't know what to do. I'm deleting the other software's that I had running and hoping that it was one of them that was the culprit and doing a few other things to prevent a shut down.
Zero2Cool  
#4 Posted : Friday, January 21, 2011 8:09:17 PM(UTC)
I've done several things behind the scenes to prevent this issue occurring again and one that directly effects each of you. Unfortunately, you will need to enter a numerical security code when you log in to help ensure you're not a robot.

I'm still digging through options and files to see what else I can do.
peteralan71  
#5 Posted : Friday, January 21, 2011 8:40:23 PM(UTC)
fuuuuuuuuuuuuuck. sorry man. good luck.
longtimefan  
#6 Posted : Friday, January 21, 2011 8:43:11 PM(UTC)
Just cuz someone reported you as spam the host takes their word for it?
Pack93z  
#7 Posted : Friday, January 21, 2011 8:43:36 PM(UTC)
The jig is up, the news is out, they've finally found me.. ;)

UserPostedImage

Now.. seriously.. can you block the bots from hitting the pages?
wpr  
#8 Posted : Friday, January 21, 2011 8:49:57 PM(UTC)
Man that is terrible. MUST HAVE BEEN A BEARS FAN.
Nonstopdrivel  
#9 Posted : Friday, January 21, 2011 8:59:51 PM(UTC)
How did it not occur to the host that your domain and IP address may have been (probably were) spoofed? Back up your database onto a thumb drive just in case the worst happens.

I have unlimited web space and bandwidth that I'd be happy to donate if it came to that, though I doubt it will.
Zero2Cool  
#10 Posted : Friday, January 21, 2011 9:05:21 PM(UTC)
" said: Go to Quoted Post
Now.. seriously.. can you block the bots from hitting the pages?


Yes, the flood control does that, but if you click a few links too fast, it'll ban you for 60 seconds or something like that, maybe 10 minutes? I had it on the site for awhile, which seemed to speed things up, but Wade got lost, lol.

" said: Go to Quoted Post
Just cuz someone reported you as spam the host takes their word for it?

Yes, one person, sent one email and BYE BYE PH.com pretty disturbing huh?
bozz_2006  
#11 Posted : Friday, January 21, 2011 9:06:59 PM(UTC)
Wow. That's ridiculous. Sorry Kevin. I hope you figure it out quickly, because every second of trying to figure it out is a waste of your time. What a joke.
Zero2Cool  
#12 Posted : Friday, January 21, 2011 9:15:00 PM(UTC)
" said: Go to Quoted Post
How did it not occur to the host that your domain and IP address may have been (probably were) spoofed? Back up your database onto a thumb drive just in case the worst happens.

I have unlimited web space and bandwidth that I'd be happy to donate if it came to that, though I doubt it will.


There's a malicious script that is using my server to send emails. I've done everything I can think of to ensure its gone, including deleting the other software on the site.














I feel a little better now, full site backup and full database backup completed.
Nonstopdrivel  
#13 Posted : Friday, January 21, 2011 9:26:59 PM(UTC)
Yes, but can it be proved that the malicious script that is using your server is actually located on your server?
Zero2Cool  
#14 Posted : Friday, January 21, 2011 9:27:27 PM(UTC)
" said: Go to Quoted Post
Yes, but can it be proved that the malicious script that is using your server is actually located on your server?


Yes.
Nonstopdrivel  
#15 Posted : Friday, January 21, 2011 9:28:27 PM(UTC)
So then the real question becomes, how did it get there? Did you install it inadvertently or did someone else place it there? If it's the former, it's a matter of being careful in the future. If it's the latter, that's really concerning.
Zero2Cool  
#16 Posted : Friday, January 21, 2011 9:29:54 PM(UTC)
" said: Go to Quoted Post
So then the real question becomes, how did it get there? Did you install it inadvertently or did someone else place it there? If it's the former, it's a matter of being careful in the future. If it's the latter, that's really concerning.


I had five website software installed and did not ensure each was up to date after they were installed. It could have been from any one of them.

Seeing as DragonFly CMS ... I've never had an issue, I'm inclined to believe it was something with Joomla install.
wpr  
#17 Posted : Friday, January 21, 2011 10:08:39 PM(UTC)
" said: Go to Quoted Post
I'm inclined to believe it was something with Joomla install.


:xcensoredx: a pox on Joomla. :pottytrain2: :wickedfart:

glad you were able to fix it Z.
kobe16  
#18 Posted : Friday, January 21, 2011 10:27:26 PM(UTC)
glad u were able to fix this problem. I love this site and i would have hated it if it was deleted.
Wade  
#19 Posted : Saturday, January 22, 2011 2:28:40 AM(UTC)
" said: Go to Quoted Post


Yes, the flood control does that, but if you click a few links too fast, it'll ban you for 60 seconds or something like that, maybe 10 minutes? I had it on the site for awhile, which seemed to speed things up, but Wade got lost, lol.


Well, feel free to put it up again if that's what it takes. I'm lost most of the time, anyway.

Besides, it was sort of interesting getting banned for a change.
coltonja  
#20 Posted : Saturday, January 22, 2011 2:55:05 AM(UTC)
So you go it fixed, Zero?
Rss Feed
Users browsing this topic
Guest
2 Pages12>
Forum Jump
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.

Notification

Icon
Error

Fan Shout
Barfarn (4h) : Bart's not on injury report, he's startin'
Smokey (4h) : I hope that means that he (Bart Starr) is in better health these days .
Zero2Cool (4h) : Bart Starr returning to Lambeau Field for Packers-Saints game Sunday
Porforis (20h) : Glad to have King back. And House. Packers need 'em.
Zero2Cool (23h) : Good! smack some posts in the forum right?!? :-) can't wait to read it
uffda udfa (18-Oct) : No more clutter.
Cheesey (18-Oct) : Go get him Uncle Ted!!
Zero2Cool (18-Oct) : Former Packers pass-rusher Datone Jones is back on the market.
Zero2Cool (18-Oct) : Good news for #Packers secondary: rookie CB Kevin King and vet CB Davon House (quad) both practiced. King has cleared concussion protocol.
Zero2Cool (18-Oct) : Vince Biegel back on practice field!!
Zero2Cool (18-Oct) : Maybe this little shout has no value if people gonna use it instead of the forum.
Zero2Cool (18-Oct) : He's not writing. He's shouting, and its making the shout kind of without point with the clutter.
buckeyepackfan (18-Oct) : Just like last year at 4-6. The guy is just too funny!
buckeyepackfan (18-Oct) : GOOD news Uffda is already all but writing The Packers off for 2017!
uffda udfa (18-Oct) : Masturbation talk from Barfan? Nothing could make me COME back, quicker.
wpr (18-Oct) : Maybe the shout box needs to take a timeout. People keep using it. ;)
Zero2Cool (18-Oct) : Why do this is in shout? So frustrating. Post in forums. Thanks
Barfarn (18-Oct) : Masterbation will relieve some of that nervous tension!
uffda udfa (17-Oct) : Now, a guy they really liked and have groomed for 3 years is the guy. Tons of toys on O. Let's see how it runs with a great coach, now.
uffda udfa (17-Oct) : The Flynn Patriots game has been used to say that he is. Seneca and Scott showed otherwise.
uffda udfa (17-Oct) : Hundley is going to settle the debate once and for all in whether Mike McCarthy is a great coach, or not.
uffda udfa (17-Oct) : Doesn't speak well to the talent acquired by the org, does it? Easy to say talent is great until Rodgers is gone and you have to see it wit
Porforis (17-Oct) : Could Sam Bradford come into the Packers and post a winning record from here on out? Are there any non-starters in the NFL that could?
Zero2Cool (17-Oct) : Teddy is replaceable. Aaron is not. Vikings have a really good defense. We do not. Understand??
Zero2Cool (17-Oct) : You are wise enough to know the difference. Right?
uffda udfa (17-Oct) : Here's one for you, Z. Vikes lose Teddy B. and go out and aggressively get Bradford. Packers lose 12 and go out and get a UDFA.
uffda udfa (17-Oct) : :) Evans had a pre-draft visit with Packers.
Zero2Cool (17-Oct) : Put it in a topic. My lord why so difficult lol
uffda udfa (17-Oct) : http://www.nfl.com/draft/2017/profiles/jerod-evans?id=2558099
uffda udfa (17-Oct) : http://www.foxsports.com/nfl/story/former-virginia-tech-qb-jerod-evans-issues-warning-after-going-undrafted-043017
uffda udfa (17-Oct) : Oh, Jerod Evans formerly of Va Tech is our Hokie QB plan
uffda udfa (17-Oct) : Was previously on Eagles PS
uffda udfa (17-Oct) : Tweeted the below due to huge chip on his shoulder for going undrafted after leaving early.
uffda udfa (17-Oct) : Packers add Jerod Evans to PS. He went undrafted: https://twitter.com/rodfor6_/status/858382534274682884
Smokey (17-Oct) : NO a 6 point favorite to beat the Packers in GB .
Please sign in to use Fan Shout
2017 Packers Schedule
Sunday, Sep 10 @ 3:25 PM
SEAHAWKS
Sunday, Sep 17 @ 7:30 PM
at Falcons
Sunday, Sep 24 @ 3:25 PM
BENGALS
Thursday, Sep 28 @ 7:25 PM
BEARS
Sunday, Oct 8 @ 3:25 PM
at Cowboys
Sunday, Oct 15 @ 12:00 PM
at Vikings
Sunday, Oct 22 @ 12:00 PM
SAINTS
Sunday, Oct 29 @ 12:00 AM
- BYE -
Monday, Nov 6 @ 7:30 PM
LIONS
Sunday, Nov 12 @ 12:00 PM
at Bears
Sunday, Nov 19 @ 12:00 PM
RAVENS
Sunday, Nov 26 @ 7:30 PM
at Steelers
Sunday, Dec 3 @ 12:00 PM
BUCCANEERS
Sunday, Dec 10 @ 12:00 PM
at Browns
Sunday, Dec 17 @ 12:00 PM
at Panthers
Saturday, Dec 23 @ 7:30 PM
VIKINGS
Sunday, Dec 31 @ 12:00 PM
at Lions
Think About It
Think About It
Recent Topics
13m / Green Bay Packers Talk / uffda udfa

1h / Green Bay Packers Talk / wpr

2h / Green Bay Packers Talk / wpr

2h / Green Bay Packers Talk / Dulak

4h / Fantasy Sports Talk / Smokey

9h / Green Bay Packers Talk / PackFanWithTwins

19h / Green Bay Packers Talk / Barfarn

23h / Green Bay Packers Talk / yooperfan

18-Oct / Green Bay Packers Talk / isocleas2

18-Oct / Green Bay Packers Talk / wpr

17-Oct / Around The NFL / Zero2Cool

17-Oct / Green Bay Packers Talk / gotarace

17-Oct / Green Bay Packers Talk / nerdmann

17-Oct / Green Bay Packers Talk / musccy

17-Oct / Green Bay Packers Talk / nerdmann

Headlines