Welcome to your Green Bay Packers Online Community!

Since 2006, PackersHome has been providing a unique experience for fans.
Your participation is greatly anticipated!
Login or Register.
3 Pages123>
Options
View
Go to last post Go to first unread
Offline Zero2Cool  
#1 Posted : Friday, January 21, 2011 7:40:04 PM(UTC)
Zero2Cool

Rank: Legend

Yahoo! Fantasy Football - Gold: 2009FleaFlicker Fantasy Football - Silver: 2010Yahoo! NCAA March Madness - Silver: 2011ESPN NCAA March Madness - Bronze: 2010Yahoo! NCAA March Madness - Bronze: 2013

United States
Posts: 25,609
Joined: 10/13/2006(UTC)
Location: Green Bay, WI

Applause Given: 1,832
Applause Received: 1,977

Words can not depict how pissed off I am right now. Someone reported PackersHome.com as a SPAM website, that sends spam.

If I can not find the malicious script, PackersHome.com will be deleted, permanently and I can't do anything about it. Arvixe was nice enough to allow me this time to search for the issue and resolve it.

I'm doing another full site backup as we speak.


This is the email that could end PH.com
Quote:
MIME element (message/feedback-report)
Encapsulated message (message/rfc822)
Headers of embedded message (message/rfc822)
Delivered-To: x
Received: by 10.90.132.18 with SMTP id f18cs52994agd;
Thu, 13 Jan 2011 18:14:35 -0800 (PST)
Received: by 10.91.8.20 with SMTP id l20mr467016agi.147.1294971275657;
Thu, 13 Jan 2011 18:14:35 -0800 (PST)
Return-Path:
Received: from rhino.arvixe.com (stats.rhino.arvixe.com [74.86.163.xxx])
by mx.google.com with ESMTPS id 1si1480406ano.176.2011.01.13.18.14.35
(version=TLSv1/SSLv3 cipher=RC4-MD5);
Thu, 13 Jan 2011 18:14:35 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of doogie@rhino.arvixe.com designates 74.86.163.xxx as permitted sender) client-ip=74.86.163.xxx;
Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of doogie@rhino.arvixe.com designates 74.86.163.xxx as permitted sender) smtp.mail=xxx@rhino.arvixe.com
Received: from xxxby rhino.arvixe.com with local (Exim 4.69)
(envelope-from )
id 1PdZBT-0004of-PC
[size=18]for x; Thu, 13 Jan 2011 18:14:35 -0800
To: x
Subject: I've come across an interesting download[/size]
X-PHP-Script: www.packershome.com/index.php for 112.201.206.16
Date: Thu, 13 Jan 2011 18:14:35 -0800
From: jotam
Message-ID:
X-Priority: 3
X-Mailer: PHPMailer [version 1.73]
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="b1_211ffbc2d5b41ba727c216efb6a5ec07"
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - rhino.arvixe.com
X-AntiAbuse: Original Domain - gmail.com
X-AntiAbuse: Originator/Caller UID/GID - [881 878] / [47 12]
X-AntiAbuse: Sender Address Domain - rhino.arvixe.com

UserPostedImage
Click here and find the LATEST Packers News!
Sponsor
Offline Pack93z  
#2 Posted : Friday, January 21, 2011 7:45:25 PM(UTC)
Pack93z

Rank: Hall of Famer

PackersHome NFL Pick'em - Bronze: 2012

United States
Posts: 12,732
Joined: 3/16/2007(UTC)
Location: North Central Wisconsin

Applause Given: 380
Applause Received: 1,016

Anything that we can do to help?
I think when there's enough will and aggression, there's no shortage of talent either.

UserPostedImage
Offline Zero2Cool  
#3 Posted : Friday, January 21, 2011 7:48:17 PM(UTC)
Zero2Cool

Rank: Legend

Yahoo! Fantasy Football - Gold: 2009FleaFlicker Fantasy Football - Silver: 2010Yahoo! NCAA March Madness - Silver: 2011ESPN NCAA March Madness - Bronze: 2010Yahoo! NCAA March Madness - Bronze: 2013

United States
Posts: 25,609
Joined: 10/13/2006(UTC)
Location: Green Bay, WI

Applause Given: 1,832
Applause Received: 1,977

Originally Posted by: " Go to Quoted Post
Anything that we can do to help?


I don't know, man. I'm so pissed off and discouraged right now, its just not good.

I hate spam and hate script kiddies even more.


I don't know what to do. I'm deleting the other software's that I had running and hoping that it was one of them that was the culprit and doing a few other things to prevent a shut down.

UserPostedImage
Click here and find the LATEST Packers News!
Offline Zero2Cool  
#4 Posted : Friday, January 21, 2011 8:09:17 PM(UTC)
Zero2Cool

Rank: Legend

Yahoo! Fantasy Football - Gold: 2009FleaFlicker Fantasy Football - Silver: 2010Yahoo! NCAA March Madness - Silver: 2011ESPN NCAA March Madness - Bronze: 2010Yahoo! NCAA March Madness - Bronze: 2013

United States
Posts: 25,609
Joined: 10/13/2006(UTC)
Location: Green Bay, WI

Applause Given: 1,832
Applause Received: 1,977

I've done several things behind the scenes to prevent this issue occurring again and one that directly effects each of you. Unfortunately, you will need to enter a numerical security code when you log in to help ensure you're not a robot.

I'm still digging through options and files to see what else I can do.

UserPostedImage
Click here and find the LATEST Packers News!
Offline peteralan71  
#5 Posted : Friday, January 21, 2011 8:40:23 PM(UTC)
peteralan71

Rank: 3rd Round Draft Pick

Posts: 1,221
Joined: 12/14/2008(UTC)
Location: North Dakota

Applause Given: 29
Applause Received: 7

fuuuuuuuuuuuuuck. sorry man. good luck.
Green Bay: Home of the Green & Gold. And the hunter orange. And the camouflage.

UserPostedImage
Offline longtimefan  
#6 Posted : Friday, January 21, 2011 8:43:11 PM(UTC)
longtimefan

Rank: Pro Bowl

Posts: 3,499
Joined: 11/30/2006(UTC)

Applause Given: 1
Applause Received: 21

Just cuz someone reported you as spam the host takes their word for it?
Offline Pack93z  
#7 Posted : Friday, January 21, 2011 8:43:36 PM(UTC)
Pack93z

Rank: Hall of Famer

PackersHome NFL Pick'em - Bronze: 2012

United States
Posts: 12,732
Joined: 3/16/2007(UTC)
Location: North Central Wisconsin

Applause Given: 380
Applause Received: 1,016

The jig is up, the news is out, they've finally found me.. ;)

UserPostedImage

Now.. seriously.. can you block the bots from hitting the pages?
I think when there's enough will and aggression, there's no shortage of talent either.

UserPostedImage
Offline wpr  
#8 Posted : Friday, January 21, 2011 8:49:57 PM(UTC)
wpr

Rank: Hall of Famer

PackersHome NFL Pick'em - Gold: 2012PackersHome NFL Pick'em - Gold: 2013FleaFlicker Fantasy Football - Bronze: 2013

United States
Posts: 12,317
Joined: 8/8/2008(UTC)

Applause Given: 2,725
Applause Received: 1,310

Man that is terrible. MUST HAVE BEEN A BEARS FAN.
"You don't hurt 'em if you don't hit 'em." Chesty Puller



UserPostedImage

Offline Nonstopdrivel  
#9 Posted : Friday, January 21, 2011 8:59:51 PM(UTC)
Nonstopdrivel

Rank: Hall of Famer

United States
Posts: 11,689
Joined: 9/14/2008(UTC)
Location: Germany

Applause Given: 364
Applause Received: 263

How did it not occur to the host that your domain and IP address may have been (probably were) spoofed? Back up your database onto a thumb drive just in case the worst happens.

I have unlimited web space and bandwidth that I'd be happy to donate if it came to that, though I doubt it will.
UserPostedImage
Offline Zero2Cool  
#10 Posted : Friday, January 21, 2011 9:05:21 PM(UTC)
Zero2Cool

Rank: Legend

Yahoo! Fantasy Football - Gold: 2009FleaFlicker Fantasy Football - Silver: 2010Yahoo! NCAA March Madness - Silver: 2011ESPN NCAA March Madness - Bronze: 2010Yahoo! NCAA March Madness - Bronze: 2013

United States
Posts: 25,609
Joined: 10/13/2006(UTC)
Location: Green Bay, WI

Applause Given: 1,832
Applause Received: 1,977

Originally Posted by: " Go to Quoted Post
Now.. seriously.. can you block the bots from hitting the pages?


Yes, the flood control does that, but if you click a few links too fast, it'll ban you for 60 seconds or something like that, maybe 10 minutes? I had it on the site for awhile, which seemed to speed things up, but Wade got lost, lol.

Originally Posted by: " Go to Quoted Post
Just cuz someone reported you as spam the host takes their word for it?

Yes, one person, sent one email and BYE BYE PH.com pretty disturbing huh?

UserPostedImage
Click here and find the LATEST Packers News!
Offline bozz_2006  
#11 Posted : Friday, January 21, 2011 9:06:59 PM(UTC)
bozz_2006

Rank: 1st Round Draft Pick

Posts: 2,949
Joined: 7/15/2008(UTC)

Applause Given: 19
Applause Received: 11

Wow. That's ridiculous. Sorry Kevin. I hope you figure it out quickly, because every second of trying to figure it out is a waste of your time. What a joke.
UserPostedImage
Offline Zero2Cool  
#12 Posted : Friday, January 21, 2011 9:15:00 PM(UTC)
Zero2Cool

Rank: Legend

Yahoo! Fantasy Football - Gold: 2009FleaFlicker Fantasy Football - Silver: 2010Yahoo! NCAA March Madness - Silver: 2011ESPN NCAA March Madness - Bronze: 2010Yahoo! NCAA March Madness - Bronze: 2013

United States
Posts: 25,609
Joined: 10/13/2006(UTC)
Location: Green Bay, WI

Applause Given: 1,832
Applause Received: 1,977

Originally Posted by: " Go to Quoted Post
How did it not occur to the host that your domain and IP address may have been (probably were) spoofed? Back up your database onto a thumb drive just in case the worst happens.

I have unlimited web space and bandwidth that I'd be happy to donate if it came to that, though I doubt it will.


There's a malicious script that is using my server to send emails. I've done everything I can think of to ensure its gone, including deleting the other software on the site.














I feel a little better now, full site backup and full database backup completed.

UserPostedImage
Click here and find the LATEST Packers News!
Offline Nonstopdrivel  
#13 Posted : Friday, January 21, 2011 9:26:59 PM(UTC)
Nonstopdrivel

Rank: Hall of Famer

United States
Posts: 11,689
Joined: 9/14/2008(UTC)
Location: Germany

Applause Given: 364
Applause Received: 263

Yes, but can it be proved that the malicious script that is using your server is actually located on your server?
UserPostedImage
Offline Zero2Cool  
#14 Posted : Friday, January 21, 2011 9:27:27 PM(UTC)
Zero2Cool

Rank: Legend

Yahoo! Fantasy Football - Gold: 2009FleaFlicker Fantasy Football - Silver: 2010Yahoo! NCAA March Madness - Silver: 2011ESPN NCAA March Madness - Bronze: 2010Yahoo! NCAA March Madness - Bronze: 2013

United States
Posts: 25,609
Joined: 10/13/2006(UTC)
Location: Green Bay, WI

Applause Given: 1,832
Applause Received: 1,977

Originally Posted by: " Go to Quoted Post
Yes, but can it be proved that the malicious script that is using your server is actually located on your server?


Yes.

UserPostedImage
Click here and find the LATEST Packers News!
Offline Nonstopdrivel  
#15 Posted : Friday, January 21, 2011 9:28:27 PM(UTC)
Nonstopdrivel

Rank: Hall of Famer

United States
Posts: 11,689
Joined: 9/14/2008(UTC)
Location: Germany

Applause Given: 364
Applause Received: 263

So then the real question becomes, how did it get there? Did you install it inadvertently or did someone else place it there? If it's the former, it's a matter of being careful in the future. If it's the latter, that's really concerning.
UserPostedImage
Rss Feed 
Users browsing this topic
Guest
3 Pages123>
Forum Jump  
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.

Notification

Icon
Error



Recent Topics
2m / Green Bay Packers Talk / uffda udfa

1h / Fantasy Sports Talk / Zero2Cool

2h / Random Babble / Wade

3h / Green Bay Packers Talk / Wade

5h / Green Bay Packers Talk / Dulak

5h / Green Bay Packers Talk / MintBaconDrivel

5h / Green Bay Packers Talk / Mucky Tundra

14h / Green Bay Packers Talk / beast

16h / Random Babble / dhazer

17h / Green Bay Packers Talk / DakotaT

17h / Green Bay Packers Talk / Tezzy

22h / Around The NFL / musccy

21-Jul / Green Bay Packers Talk / beast

21-Jul / Random Babble / wpr

20-Jul / Green Bay Packers Talk / beast


Tweeter

Copyright © 2006-2014 PackersHome.com™. All Rights Reserved.