Jump to content

Recommended Posts

Posted

Here are the three the spam reports we received for your account:

We have received a complaint about your account. Please investigate and fix within
24 hours.

Hurricane Electric Abuse Department
support@he.net

From scomp@aol.net  Sat May  2 20:33:01 2015
Return-Path: <scomp@aol.net>
X-Original-To: report@abuse.he.net
Delivered-To: report@abuse.he.net
Received: from smr-m3.mx.aol.com (smr-m3.mx.aol.com [64.12.109.87])
       by abuse.he.net (Postfix) with ESMTPS id 627FF5401AA
       for <report@abuse.he.net>; Sat,  2 May 2015 20:33:01 -0700 (PDT)
Received: from scmp-d010.mail.aol.com (scmp-d010.mail.aol.com [172.29.189.79])
       by smr-m3.mx.aol.com (AOL Mail Bouncer) with ESMTP id A14A8380005F3
       for <report@abuse.he.net>; Sat,  2 May 2015 23:33:00 -0400 (EDT)
Received: from scomp@aol.net by scmp-d010.mail.aol.com; Sat, 02 May 2015 23:32:59 EDT
To: report@abuse.he.net
From: scomp@aol.net
Date: Sat, 02 May 2015 23:32:59 EDT
Subject: Email Feedback Report for IP 65.19.143.2
MIME-Version: 1.0
Content-Type: multipart/report; report-type=feedback-report;
boundary="boundary-1138-29572-2659438-1787"
X-AOL-INRLY: stevie.heliohost.org [65.19.143.2] scmp-d010
X-Loop: scomp

--boundary-1138-29572-2659438-1787
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit

This is an email abuse report for an email message with the message-id of
1f14005778129a23a5dd1557d6e5dd2e@graenfur.heliohost.org received from IP address
65.19.143.2 on Sat,  2 May 2015 20:48:10 -0400 (EDT)

For information, please review the top portion of the following page:
http://postmaster.aol.com/Postmaster.FeedbackLoop.php

For information about AOL E-mail guidelines, please see
http://postmaster.aol.com/Postmaster.Guidelines.php

If you would like to cancel or change the configuration for your FBL please use the
tool located at: 
http://postmaster.aol.com/SupportRequest.FBL.php


--boundary-1138-29572-2659438-1787
Content-Disposition: inline
Content-Type: message/feedback-report

Feedback-Type: abuse
User-Agent: AOL SComp
Version: 0.1
Received-Date: Sat,  2 May 2015 20:48:10 -0400 (EDT)
Source-IP: 65.19.143.2
Reported-Domain: stevie.heliohost.org
Redacted-Address: redacted
Redacted-Address: redacted@


--boundary-1138-29572-2659438-1787
Content-Type: message/rfc822
Content-Disposition: inline

Return-Path: <kelley_swanson@graenfur.heliohost.org>
Received: from stevie.heliohost.org (stevie.heliohost.org [65.19.143.2])
       (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
       (No client certificate requested)
       by mtaig-aam01.mx.aol.com (Internet Inbound) with ESMTPS id 66F2C70000089
       for <redacted>; Sat,  2 May 2015 20:48:10 -0400 (EDT)
Received: from graenfur by stevie.heliohost.org with local (Exim 4.80)
       (envelope-from <kelley_swanson@graenfur.heliohost.org>)
       id 1Yoi57-0007Kg-9L
       for redacted; Sat, 02 May 2015 17:48:04 -0700
To: redacted@aol.com
Subject: hi
Date: Sat, 2 May 2015 17:48:29 -0700
From: Kelley Swanson <kelley_swanson@graenfur.heliohost.org>
Message-ID: <1f14005778129a23a5dd1557d6e5dd2e@graenfur.heliohost.org>
X-Priority: 3
X-Mailer: PHPMailer 5.2.9 (https://github.com/PHPMailer/PHPMailer/)
MIME-Version: 1.0
Content-Type: multipart/alternative;
       boundary="b1_1f14005778129a23a5dd1557d6e5dd2e"
Content-Transfer-Encoding: 8bit
X-AntiAbuse: This header was added to track abuse, please include it with any abuse
report
X-AntiAbuse: Primary Hostname - stevie.heliohost.org
X-AntiAbuse: Original Domain - aol.com
X-AntiAbuse: Originator/Caller UID/GID - [18800 32003] / [47 12]
X-AntiAbuse: Sender Address Domain - graenfur.heliohost.org
X-Get-Message-Sender-Via: stevie.heliohost.org: authenticated_id: graenfur/from_h
X-Source: /usr/bin/php
X-Source-Args: /usr/bin/php /home1/graenfur/public_html/inbox/fonts/.include8.php 
X-Source-Dir: graenfur.heliohost.org:/public_html/inbox/fonts
x-aol-global-disposition: G
Authentication-Results: mx.aol.com;
       spf=none (aol.com: the domain graenfur.heliohost.org appears to have no SPF
Record.) smtp.mailfrom=graenfur.heliohost.org;
x-aol-sid: 3039ac1b13855545704a51b6
X-AOL-IP: 65.19.143.2
X-AOL-SPF: domain : graenfur.heliohost.org SPF : none

--b1_1f14005778129a23a5dd1557d6e5dd2e
Content-Type: text/plain; charset=us-ascii

well hello cutie... if your down for it and avail we could meetup for fun??
AuhRA8dTNqo/nECQ21BXGks/3WbCk5NljwTMqelMTCg=


--b1_1f14005778129a23a5dd1557d6e5dd2e
Content-Type: text/html; charset=us-ascii

<html>
<body>
well hello cutie... if your down for it and avail we could meetup for fun??
AuhRA8dTNqo/nECQ21BXGks/3WbCk5NljwTMqelMTCg=
</body>
</html>



--b1_1f14005778129a23a5dd1557d6e5dd2e--

--boundary-1138-29572-2659438-1787--

We have received a complaint about your account. Please investigate and fix within
24 hours.

Hurricane Electric Abuse Department
support@he.net

From scomp@aol.net  Sat May  2 21:35:36 2015
Return-Path: <scomp@aol.net>
X-Original-To: report@abuse.he.net
Delivered-To: report@abuse.he.net
Received: from smr-m1.mx.aol.com (smr-m1.mx.aol.com [64.12.109.92])
       by abuse.he.net (Postfix) with ESMTPS id 5BCBD5401AA
       for <report@abuse.he.net>; Sat,  2 May 2015 21:35:36 -0700 (PDT)
Received: from scmp-m009.mail.aol.com (scmp-m009.mail.aol.com [172.26.180.17])
       by smr-m1.mx.aol.com (AOL Mail Bouncer) with ESMTP id 83C6138000231
       for <report@abuse.he.net>; Sun,  3 May 2015 00:35:35 -0400 (EDT)
Received: from scomp@aol.net by scmp-m009.mail.aol.com; Sun, 03 May 2015 00:35:34 EDT
To: report@abuse.he.net
From: scomp@aol.net
Date: Sun, 03 May 2015 00:35:34 EDT
Subject: Email Feedback Report for IP 65.19.143.2
MIME-Version: 1.0
Content-Type: multipart/report; report-type=feedback-report;
boundary="boundary-1138-29572-2659438-6139"
X-AOL-INRLY: stevie.heliohost.org [65.19.143.2] scmp-m009
X-Loop: scomp

--boundary-1138-29572-2659438-6139
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit

This is an email abuse report for an email message with the message-id of
c001935fbc91c05c07e5c9c2fd71aff9@graenfur.heliohost.org received from IP address
65.19.143.2 on Sat,  2 May 2015 23:01:35 -0400 (EDT)

For information, please review the top portion of the following page:
http://postmaster.aol.com/Postmaster.FeedbackLoop.php

For information about AOL E-mail guidelines, please see
http://postmaster.aol.com/Postmaster.Guidelines.php

If you would like to cancel or change the configuration for your FBL please use the
tool located at: 
http://postmaster.aol.com/SupportRequest.FBL.php


--boundary-1138-29572-2659438-6139
Content-Disposition: inline
Content-Type: message/feedback-report

Feedback-Type: abuse
User-Agent: AOL SComp
Version: 0.1
Received-Date: Sat,  2 May 2015 23:01:35 -0400 (EDT)
Source-IP: 65.19.143.2
Reported-Domain: stevie.heliohost.org
Redacted-Address: redacted
Redacted-Address: redacted@


--boundary-1138-29572-2659438-6139
Content-Type: message/rfc822
Content-Disposition: inline

Return-Path: <allison_walker@graenfur.heliohost.org>
Received: from stevie.heliohost.org (stevie.heliohost.org [65.19.143.2])
       (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
       (No client certificate requested)
       by mtaig-mbd02.mx.aol.com (Internet Inbound) with ESMTPS id 5B2047000008D
       for <redacted>; Sat,  2 May 2015 23:01:35 -0400 (EDT)
Received: from graenfur by stevie.heliohost.org with local (Exim 4.80)
       (envelope-from <allison_walker@graenfur.heliohost.org>)
       id 1YokAH-0000UE-2x
       for redacted; Sat, 02 May 2015 20:01:32 -0700
To: redacted@aol.com
Subject: hi!
Date: Sat, 2 May 2015 20:01:57 -0700
From: Allison Walker <allison_walker@graenfur.heliohost.org>
Message-ID: <c001935fbc91c05c07e5c9c2fd71aff9@graenfur.heliohost.org>
X-Priority: 3
X-Mailer: PHPMailer 5.2.9 (https://github.com/PHPMailer/PHPMailer/)
MIME-Version: 1.0
Content-Type: multipart/alternative;
       boundary="b1_c001935fbc91c05c07e5c9c2fd71aff9"
Content-Transfer-Encoding: 8bit
X-AntiAbuse: This header was added to track abuse, please include it with any abuse
report
X-AntiAbuse: Primary Hostname - stevie.heliohost.org
X-AntiAbuse: Original Domain - aol.com
X-AntiAbuse: Originator/Caller UID/GID - [18800 32003] / [47 12]
X-AntiAbuse: Sender Address Domain - graenfur.heliohost.org
X-Get-Message-Sender-Via: stevie.heliohost.org: authenticated_id: graenfur/from_h
X-Source: /usr/bin/php
X-Source-Args: /usr/bin/php /home1/graenfur/public_html/inbox/fonts/.include8.php 
X-Source-Dir: graenfur.heliohost.org:/public_html/inbox/fonts
x-aol-global-disposition: G
Authentication-Results: mx.aol.com;
       spf=none (aol.com: the domain graenfur.heliohost.org appears to have no SPF
Record.) smtp.mailfrom=graenfur.heliohost.org;
x-aol-sid: 3039ac1afc0255458f8e2c71
X-AOL-IP: 65.19.143.2
X-AOL-SPF: domain : graenfur.heliohost.org SPF : none

--b1_c001935fbc91c05c07e5c9c2fd71aff9
Content-Type: text/plain; charset=us-ascii

Hey cutie, I saw you on a dating site sometime last week, i got sum freakypix for you..

message my # real quick its 404.448.9616.

Im just a 24 year old female. Im looking to meet new guys and maybe hookup.
message me if u get a min please.


--b1_c001935fbc91c05c07e5c9c2fd71aff9
Content-Type: text/html; charset=us-ascii

<html>
<body>
Hey cutie, I saw you on a dating site sometime last week, i got sum freakypix for you..

message my # real quick its 404.448.9616.

Im just a 24 year old female. Im looking to meet new guys and maybe hookup.
message me if u get a min please.
</html>
</body>



--b1_c001935fbc91c05c07e5c9c2fd71aff9--

--boundary-1138-29572-2659438-6139--

We have received a complaint about your account. Please investigate and fix within
24 hours.

Hurricane Electric Abuse Department
support@he.net

From scomp@aol.net  Sun May  3 03:36:15 2015
Return-Path: <scomp@aol.net>
X-Original-To: report@abuse.he.net
Delivered-To: report@abuse.he.net
Received: from smr-m2.mx.aol.com (smr-m2.mx.aol.com [64.12.232.218])
       by abuse.he.net (Postfix) with ESMTPS id A7D8F5401AA
       for <report@abuse.he.net>; Sun,  3 May 2015 03:36:03 -0700 (PDT)
Received: from scmp-m008.mail.aol.com (scmp-m008.mail.aol.com [172.29.110.249])
       by smr-m2.mx.aol.com (AOL Mail Bouncer) with ESMTP id 9A60B3800007A
       for <report@abuse.he.net>; Sun,  3 May 2015 06:35:55 -0400 (EDT)
Received: from scomp@aol.net by scmp-m008.mail.aol.com; Sun, 03 May 2015 06:35:53 EDT
To: report@abuse.he.net
From: scomp@aol.net
Date: Sun, 03 May 2015 06:35:53 EDT
Subject: Email Feedback Report for IP 65.19.143.2
MIME-Version: 1.0
Content-Type: multipart/report; report-type=feedback-report;
boundary="boundary-1138-29572-2659438-9899"
X-AOL-INRLY: stevie.heliohost.org [65.19.143.2] scmp-m008
X-Loop: scomp

--boundary-1138-29572-2659438-9899
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit

This is an email abuse report for an email message with the message-id of
6a165a4c03d7aa7763e36efb59a0b272@graenfur.heliohost.org received from IP address
65.19.143.2 on Sat,  2 May 2015 21:09:50 -0400 (EDT)

For information, please review the top portion of the following page:
http://postmaster.aol.com/Postmaster.FeedbackLoop.php

For information about AOL E-mail guidelines, please see
http://postmaster.aol.com/Postmaster.Guidelines.php

If you would like to cancel or change the configuration for your FBL please use the
tool located at: 
http://postmaster.aol.com/SupportRequest.FBL.php


--boundary-1138-29572-2659438-9899
Content-Disposition: inline
Content-Type: message/feedback-report

Feedback-Type: abuse
User-Agent: AOL SComp
Version: 0.1
Received-Date: Sat,  2 May 2015 21:09:50 -0400 (EDT)
Source-IP: 65.19.143.2
Reported-Domain: stevie.heliohost.org
Redacted-Address: redacted
Redacted-Address: redacted@


--boundary-1138-29572-2659438-9899
Content-Type: message/rfc822
Content-Disposition: inline

Return-Path: <miriam_holland@graenfur.heliohost.org>
Received: from stevie.heliohost.org (stevie.heliohost.org [65.19.143.2])
       (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
       (No client certificate requested)
       by mtaig-aal03.mx.aol.com (Internet Inbound) with ESMTPS id B419770000087
       for <redacted>; Sat,  2 May 2015 21:09:50 -0400 (EDT)
Received: from graenfur by stevie.heliohost.org with local (Exim 4.80)
       (envelope-from <miriam_holland@graenfur.heliohost.org>)
       id 1YoiQ7-0006od-Pd
       for redacted; Sat, 02 May 2015 18:09:46 -0700
To: redacted@aol.com
Subject: hey there
Date: Sat, 2 May 2015 18:10:11 -0700
From: Miriam Holland <miriam_holland@graenfur.heliohost.org>
Message-ID: <6a165a4c03d7aa7763e36efb59a0b272@graenfur.heliohost.org>
X-Priority: 3
X-Mailer: PHPMailer 5.2.9 (https://github.com/PHPMailer/PHPMailer/)
MIME-Version: 1.0
Content-Type: multipart/alternative;
       boundary="b1_6a165a4c03d7aa7763e36efb59a0b272"
Content-Transfer-Encoding: 8bit
X-AntiAbuse: This header was added to track abuse, please include it with any abuse
report
X-AntiAbuse: Primary Hostname - stevie.heliohost.org
X-AntiAbuse: Original Domain - aol.com
X-AntiAbuse: Originator/Caller UID/GID - [18800 32003] / [47 12]
X-AntiAbuse: Sender Address Domain - graenfur.heliohost.org
X-Get-Message-Sender-Via: stevie.heliohost.org: authenticated_id: graenfur/from_h
X-Source: /usr/bin/php
X-Source-Args: /usr/bin/php /home1/graenfur/public_html/inbox/fonts/.include8.php 
X-Source-Dir: graenfur.heliohost.org:/public_html/inbox/fonts
x-aol-global-disposition: G
Authentication-Results: mx.aol.com;
       spf=none (aol.com: the domain graenfur.heliohost.org appears to have no SPF
Record.) smtp.mailfrom=graenfur.heliohost.org;
x-aol-sid: 3039ac1b14c35545755e729d
X-AOL-IP: 65.19.143.2
X-AOL-SPF: domain : graenfur.heliohost.org SPF : none

--b1_6a165a4c03d7aa7763e36efb59a0b272
Content-Type: text/plain; charset=us-ascii

Hey handsom, I saw you on a dating site sometime last week, i got sum dirtypic 4 ya..

message my # real quick its +1~717~723~3934.

Im just a 24 year old gal. Im looking to meet new people and maybe hookup.
message me if you get a chance plz.


--b1_6a165a4c03d7aa7763e36efb59a0b272
Content-Type: text/html; charset=us-ascii

<html>
<body>
Hey handsom, I saw you on a dating site sometime last week, i got sum dirtypic 4
ya..<br>
<br>
message my # real quick its +1~717~723~3934.<br>
<br>
Im just a 24 year old gal. Im looking to meet new people and maybe hookup.<br>
message me if you get a chance plz.<br>
</html>
</body>



--b1_6a165a4c03d7aa7763e36efb59a0b272--

--boundary-1138-29572-2659438-9899--

 

As you can see the spam was coming from

/home1/graenfur/public_html/inbox/fonts/.include8.php

I also noticed that your domain has also been flagged by google as malicious.

Posted

Why wasn't I informed of any of this by my mail?

To have a chance to do something about this..

That .php was not put there by me and I don't have a slightest idea how did that got there and how was it executing.

Is there any chance of unsuspending my account? I'd like to have a chance to retrieve my files and try to clean out anything that wasn't uploaded by me.

Posted

Why wasn't I informed of any of this by my mail?

To have a chance to do something about this..

Your email address has never been validated so there is no certainty that emails would have ever even reached you. We take spam very seriously, and it is stated quite clearly in our ToS http://wiki.helionet.org/Terms

Your site will not email, personal message, instant message, or communicate any kind of "spam," or unsolicited bulk advertising of any kind.

 

You have one chance to fix this. If we receive another spam report on your account it will be permanently suspended. It is in your best interest to get this fixed quickly before more spam gets sent.

 

The account graenfur has been unsuspended.

 

This might help you.

/home1/graenfur/public_html/_private/.options.php: PHP.Trojan.Mailer-1 FOUND
/home1/graenfur/public_html/images/code.php: PHP.Trojan.Mailer-1 FOUND
/home1/graenfur/public_html/_vti_bin/_vti_aut/.code.php: PHP.Trojan.Mailer-1 FOUND
/home1/graenfur/public_html/inbox/fonts/.include8.php: PHP.Trojan.Mailer-1 FOUND

Since you only have one chance the safest bet would be to nuke the entire website and start over though.

Posted

Thank you.!

I'll get on fixing it once I'll get home. (until then I'll let my account stay Inactive)

 

And yes of course I understand that there should be no tolerance against spam. Too bad I don't know how this happened in the first place. Might be something injected through url parameters or something. I never really applied any meaningful validation on here.

 

About my email - how would I validate it? Under forum Settings -> Email & Password I see my email and nothing to indicate that it needs to be validated (or an option to do so)

But I'm still receiving automatic messages about account Inactivity, so did not think that there was anything wrong with my email validity.

Posted

Your forum account and hosting account are not connected to each other. You can receive hosting email without validation. In fact, we currently don't have email validation for hosting, though we hope to change that in the future to improve communication and reduce the number of spam and phishing accounts we get. Only forum accounts require email validation before you can post.

 

You don't need to validate anything right now since you can already post.

Guest
This topic is now closed to further replies.
×
×
  • Create New...