Topic: I'm being pharmed! |
|
|---|---|
| Author | Thread |
|
Bipolar (III) Inmate From: f(x) |
posted 05-06-2006 22:49
 
Today when I checked my email, I found 30+ bounced messages under a domain I manage. I remember reading and article about pharming, it explained that this is a good indication of pharming and it will get worse. I colloected as many IPs as I could, compiled a list of 26 IPs, did a whois on a few (one of them was from Korea). |
|
Maniac (V) Mad Scientist From: :morF |
posted 05-07-2006 00:24
Well, your first piece of knowledge should be that the IPs you colleted will, most likely, not bethe IP addresses of your attacker/pharmer. With so many people around the world having unsecured proxy servers and not knowing it, such things are bound ot happen. Crackers compile lists of them, then route themselves through one, five, ten of these if they so choose, to obfusticate their trail. So their apparent originating IP addresses won't help you. As for where you'd go to prevent yourself being spam blacklisted... that I don't know. Perhaps Pugzly or one of the other webserver admins can help. I've got no experience in dealing with pharming. My suggestion, though, would be to warn your webhost (if you're not hosting yourself) and your domain name providor that it's happened, and provide them with copies of some of the bounced mails. |
|
Bipolar (III) Inmate From: f(x) |
posted 05-07-2006 01:38
quote:
|
|
Maniac (V) Mad Scientist From: :morF |
posted 05-07-2006 08:28
And by originator I mean the headers that would be included as part of the message body of the bounced (or apparently bounced) message. I should have made that clearer earlier. Tell me more, thugh, about what you read of pharming, and what makes you think that these emails are evidence of it? Because fro mthe small amount you've said so far, it sounds to me like the kind of faked messages that spammers send to me on a regular basis. |
|
Bipolar (III) Inmate From: f(x) |
posted 05-07-2006 22:50
I was talking about the headers in the message body. |
|
Maniac (V) Mad Scientist From: :morF |
posted 05-08-2006 08:32
I didn't ask for information on pharming, because I know about it already. I'm interested to know what you read that leads you to believe that this is evidence of pharming activity. Because, as I have already pointed out, there are several possible explainations for this type of activity, but you seem to be focussed down on one in particular. So I'd like to know why. |
|
Bipolar (III) Inmate From: f(x) |
posted 05-10-2006 03:02
I forgot where I saw that article, I thought I bookmarked it, but I didn't. |
|
Maniac (V) Mad Scientist From: :morF |
posted 05-11-2006 00:46
That these bounced mails have been faked in some way, as a different kind of spam attack, directed at you, not at someone else. If they've been bounced back at you from another domain, and it's part of a DNS hijack, then it must have taken a long time, because you wouldn't have gotten thme unless the domain had been returned to your control first. It's not that difficult to craft a fake 'bounce' message. Or it's possible that instead of someone hijacking your domain, they have instead faked their originating domain, to make it look as if the email has come from your domain. They don't need to go through the fairly complicated procedure of taking your domain away from you to do that. It's a simple matter of altering part of the SMTP header. |
|
Bipolar (III) Inmate From: f(x) |
posted 05-11-2006 03:35
quote:
|
- Copyright ©1994-2024 by Doctor Thaddeus Ozone, all rights reserved. -
- Grail copyright ©2000-2024 by Tyberius Prime, all rights reserved. -
Debug: This page needed 0.00337791 seconds to process.
