dcsimg
A Flash Developer Resource Site

Page 1 of 2 12 LastLast
Results 1 to 20 of 21

Thread: My unique FlashKit e-mail address got Spammed

  1. #1
    Harry Tuttle phantomflanflinger's Avatar
    Join Date
    Aug 2001
    Location
    Somewhere in the 20th Century...
    Posts
    387

    My unique FlashKit e-mail address got Spammed

    I have a unique e-mail address for my Flashkit account and today a Spam got sent to it. It's never happened before as far as I know.

    I know this thread may have existed before, but here it is again.

    Details:

    Received: from ns.km11303.exportal.pl (HELO mk-smarthost-3.mail.uk.tiscali.com) ([62.141.56.157])
    by mk-smarthost-2.mail.uk.tiscali.com with ESMTP; 07 Nov 2006 07:05:48

    To: "FTA57" <viewsat@yahoo.com>
    From: "Fta Membership" <viewsat@yahoo.com>
    Subject: Re:Get Dish TV On Fta hardware software
    Date: Tue, 7 Nov 2006 02:04:51 -0500

    For all your free-to-air satellite receivers and accessories. We have the best prices,services, So if you need what it takes to get amazing fta satellite tv then come get your Satellite.

    Regards,

    http://www.ptvp.info

    FTA Superstore Information Group
    We're all in it together

  2. #2
    supervillain gerbick's Avatar
    Join Date
    Jul 2000
    Location
    undecided.
    Posts
    18,978
    Your to and from fields are the same - I hope that's only to mask your real address.

    However, this sounds like spam I just received on a "closed" account that I use for personal use only that's an unpublished account.

    Look at the long headers. You'll more than likely find that you were targeted by a bot that sent out blind e-mails to plain word combinations and wasn't sent directly to you.

    It happens.

    And for me, it was even stranger... the e-mail addy I have isn't even a dictionary word - it's a complex (alphanumeric and special character combination) address.

    [ Hello ] | [ gerbick ] | [ Ω ]

  3. #3
    Harry Tuttle phantomflanflinger's Avatar
    Join Date
    Aug 2001
    Location
    Somewhere in the 20th Century...
    Posts
    387
    No gerbick, I just pasted in what was there. My Flashkit address wasn't in the to or cc fields, but it was in the headers.

    My real address is flashkit@ (my details) here are the headers:

    smarthost-2.mail.uk.tiscali.com [212.74.114.38])
    by mail.(some ISP details) (8.13.8/8.13.8) with ESMTP id kA775qq5024371
    for <flashkit@(my details)>; Tue, 7 Nov 2006 00:05:54 -0700

    So, someone got my address from_here.
    We're all in it together

  4. #4

  5. #5
    Senior Member
    Join Date
    Jan 2005
    Posts
    1,582
    Spammers use progams, as already mentioned, that just randomly combine letters/numbers into literally billions of combinations, and send them out hoping to hit on one. I get spam on emails I've never used to join ANYTHING.

  6. #6
    Harry Tuttle phantomflanflinger's Avatar
    Join Date
    Aug 2001
    Location
    Somewhere in the 20th Century...
    Posts
    387
    The personal non-work mailbox I use for Flashkit actually has a wildcard (catch-all) on it. You'd think that means I get loads of Spam, but I get none - except - the one message detailed above, sent to flashkit@(my details.net) The chance of "flashkit" being chosen at random is negligible.

    I'm not saying the admins/mods/owners gave my address away, I'm saying someone stole it. I'm not kidding or trying to cause trouble here.
    We're all in it together

  7. #7
    Quote Originally Posted by phantomflanflinger
    I'm not kidding or trying to cause trouble here.
    I dont think anyone is suggesting that. It could be an old problem on our end from years ago depending on the age of this email address. We're looking into the issue to make sure that its not a new issue.

    edit... also, this thread in regards to what is probably the same issue and eludes to what I said about the age of the email address.

  8. #8
    Senior Member
    Join Date
    Jan 2005
    Posts
    1,582
    I don't see how, unless you posted it at some point. User profiles are not viewable by unregistered users, which means bots can't see it, and the email is hidden from even those who can view it. I don't see how it can be stolen.

  9. #9
    Harry Tuttle phantomflanflinger's Avatar
    Join Date
    Aug 2001
    Location
    Somewhere in the 20th Century...
    Posts
    387
    I couldn't find that thread when I searched: I'd have posted there.

    Yes, it's FTA again, the same bunch Spamming again. They must have tracked the e-mails being sent to users from your server. I dunno how.

    They may have collected my e-mail address a long time ago, but it has never been shown publicly on Flashkit.
    We're all in it together

  10. #10
    Just a heads-up, we're still looking into this. Our security folks are researching your email address to see if and how it may have gotten out. I'll keep you posted.

  11. #11
    Harry Tuttle phantomflanflinger's Avatar
    Join Date
    Aug 2001
    Location
    Somewhere in the 20th Century...
    Posts
    387
    Thanks. I can't be the only one either.
    We're all in it together

  12. #12
    Harry Tuttle phantomflanflinger's Avatar
    Join Date
    Aug 2001
    Location
    Somewhere in the 20th Century...
    Posts
    387
    Got another today:

    Envelope-to: {email}MYEMAILADDRESS{/email}
    Delivery-date: Sat, 06 Jan 2007 04:33:47 +0000
    Received: from ptb-mxcore02.MYISP.net ({IP_ADDRESS})
    by fhw-sunmxcore07.MYISP.net with esmtp (MYISP MXCore v2.00) id 1H33Fb-0004OV-7s
    for {email}MYEMAILADDRESS{/email};
    Sat, 06 Jan 2007 04:33:47 +0000
    Received: from mail.MYISP.net ({IP_ADDRESS})
    by ptb-mxcore02.MYISP.net with esmtp (MYISP MXCore v2.00) id 1H33Fa-0006Pb-IR
    for {email}MYEMAILADDRESS{/email}; Sat, 06 Jan 2007 04:33:46 +0000
    Received: (from root@localhost)
    by mail.MYISP.net (8.13.8/8.13.8) id l064XiCp058483
    for {email}MYEMAILADDRESS{/email}; Fri, 5 Jan 2007 21:33:44 -0700 (MST)
    Received: from gator145.hostgator.com (gator145.hostgator.com {IP_ADDRESS})
    by mail.MYISP.net (8.13.8/8.13.8) with ESMTP id l064XhRN058452
    for <
    MY UNIQUE FLASHKIT E-MAIL ADDRESS
    >; Fri, 5 Jan 2007 21:33:44 -0700 (MST)
    Received: from {IP_ADDRESS} (port=1377 helo=km11303)
    by gator145.hostgator.com with esmtpa (Exim 4.63)
    (envelope-from <ellsion@clickdishtv.com>)
    id 1H33A2-0001l5-M1; Fri, 05 Jan 2007 22:28:03 -0600
    Message-ID: <380-220071664272921@km11303>
    To: "SuperTester" <ellsion@clickdishtv.com>
    Errors-to: {email}ellsion@clickdishtv.info{/email}
    From: "Free-To-Air TV" <ellsion@clickdishtv.com>
    Subject: Re: Satellite Support Free TV Dish/Bev FTA
    Date: Fri, 5 Jan 2007 23:27:29 -0500
    MIME-Version: 1.0
    Content-type: text/plain; charset=windows-1252
    X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
    X-AntiAbuse: Primary Hostname - gator145.hostgator.com
    X-AntiAbuse: Original Domain - MYDOMAIN.MYISP.net
    X-AntiAbuse: Originator/Caller UID/GID - {47 12} / {47 12}
    X-AntiAbuse: Sender Address Domain - clickdishtv.com
    X-Source:
    X-Source-Args:
    X-Source-Dir:
    Content-Transfer-Encoding: 8bit
    X-MIME-Autoconverted: from quoted-printable to 8bit by mail.MYISP.net id l064XhRN058452

    -----Original Message-----
    From: Free-To-Air TV {mailto:ellsion@clickdishtv.com}
    Sent: 06 January 2007 04:27
    To: SuperTester
    Subject: Re: Satellite Support Free TV Dish/Bev FTA

    Welcome Satellite FTA Testers PPV/MOVIES/SPORTS/XXX/LOCAL CHANNELING and much much more

    {url}http://www.dishiptv.com{/url}

    FREE TO AIR SATELLITE TV OVER 900 CHANNELS +++ GUARANTEED

    Get your FTA Hardware Software and related fixes faster than ever. We offer shipping worldwide and also have the best Free To Air units on the market. Our scripts have a remarkable uptime and flawless scripting errors so you can enjoy your TV and longterm programming. Live Help Toll Free Assistance and a Private Forum all in a once stop shop. Become part of our team today and get your holiday bonuses while they last.


    NB I have elided my personal details and changed [ to {. (duh!)
    We're all in it together

  13. #13
    Senior Member
    Join Date
    Jan 2005
    Posts
    1,582
    Why are you posting this here? Every email gets spam. If you want proof, create a new email, but do not use it. Not on a forum, not to send any email, not on an e-commerce site. The email will get spam.

  14. #14
    Harry Tuttle phantomflanflinger's Avatar
    Join Date
    Aug 2001
    Location
    Somewhere in the 20th Century...
    Posts
    387
    I'm sorry it's hard for you to understand.

    As clearly stated above, my unique Flashkit address is a unique alias on a wildcard e-mail address. It's like this: flashkit@mywildcardemail.domain

    absolutely_anything@mywildcardemail.domain would reach me. But these 2 Spams are the only 2 Spams I've received, both were sent to flashkit@mywildcardemail.domain I don't get any other Spam.
    We're all in it together

  15. #15
    supervillain gerbick's Avatar
    Join Date
    Jul 2000
    Location
    undecided.
    Posts
    18,978
    Dude, flashkit is a library word, combo of library terms.

    I set up a spam test a while back... thisisaspamtest @ mydomain.com actually and never used it.

    It gets spam. I have another e-mail address, maggooglah @ mydomain.com and it's not received a thing. In fact, I did it to see how quickly spam harvesters and "guessers" would get a combination that would allow it to send mail to me blindly. Check out Security Focus and you'll see how people are just pumping out millions of e-mails daily to library words and combinations. 76azmk1 @ mydomain.com wouldn't probably get a thing.

    Use non-library terms if you want to avoid spam mail. Seriously.

    [ Hello ] | [ gerbick ] | [ Ω ]

  16. #16
    Harry Tuttle phantomflanflinger's Avatar
    Join Date
    Aug 2001
    Location
    Somewhere in the 20th Century...
    Posts
    387
    So 'flashkit' is the one and only choice they made, out of millions of combinations, all of which would have also successfully got through?
    We're all in it together

  17. #17
    supervillain gerbick's Avatar
    Join Date
    Jul 2000
    Location
    undecided.
    Posts
    18,978
    ...I don't know how to explain it to you. I mean... Flash, kit... two library words.

    Combining them together to hit a person... it's not that hard. Combining up to four library items, I've seen it. Bots don't care, they have time to string together stuff.

    But non-library items/names - in fact, I set up a test when you originally posted this to see how long it could take - don't seem to be hit as much as library words. So... flashkitphantom @ mydomain.com might get hit faster than u8baeblz @ mydomain.com.

    In fact, I created 5 e-mails and the two nonsensical e-mail addresses haven't been hit. The one with my real last name got hit. One with my username here got hit. And one with regular library terms in combination got hit. thisisaspamtest was the one that got hit.

    Does that mean that's your problem? No.

    It could be.

    Trace the headers. It just could be a "good guess" situation you're all up in arms about. If it really affects you, kill that address, don't set up an e-mail with standard library terms in the address.

    Have fun... spam harvesting is a lot more advanced than you'd think. Research it all out. It's what I get paid to do for some clients

    [ Hello ] | [ gerbick ] | [ Ω ]

  18. #18
    Harry Tuttle phantomflanflinger's Avatar
    Join Date
    Aug 2001
    Location
    Somewhere in the 20th Century...
    Posts
    387
    I am not up in arms but I do not like to be treated like an idiot. Not when I am trying to help you.

    As far as I can tell, you are unable to understand one simple fact. I will try yet again to explain.

    My Flashkit e-mail address is a wildcard e-mail address, which forwards to my main e-mail address. Or, to put it another way, my Flashkit e-mail address is a catch-all e-mail address, which forwards to my main e-mail address.

    If you sent an e-mail to:
    349058@mywildcardemail.net it would forward to my main e-mail address.
    anything@mywildcardemail.net it would forward to my main e-mail address.
    flashkit@mywildcardemail.net it would forward to my main e-mail address.

    But both these spams were sent to flashkit@mywildcardemail.net and both were then forwarded to my main e-mail address. Anything_before the_@ would forward.

    These are the only two Spams I've had via the forwarder. I expected more when I set this forwarder up - it's a catch-all, Spammers "can't miss". But this is all I've had.
    Last edited by phantomflanflinger; 01-08-2007 at 07:48 AM.
    We're all in it together

  19. #19
    supervillain gerbick's Avatar
    Join Date
    Jul 2000
    Location
    undecided.
    Posts
    18,978
    Who is treating you like an idiot? Quote it. I'm not seeing it at all.

    I just said what I said and you came back with "I want to know how it happened?" (basically) so I went deeper with my explanation and even checked it out myself with an experiment. And you seem to be the only person having this problem... helping two admins and a supermod (??), we're helping you realize that this is a problem, it's acknowledged, but yet the problem starts with how you used library items for an e-mail. Do you know how easy it is to guess library word items? Like I suggested before, do a little research. Bots are getting smarter by the second; literally.

    I know this is real. But if it's an e-mail you created just for Flashkit, I'm quite sure changing it to a non-library item is not that much of a problem. In the past year, I've changed my e-mail here twice... now to a non-library e-mail addy, no bad mail yet.

    Anyway, dunno what to tell you. I know that nobody in this thread has treated you like an idiot though. Not one bit.

    Spam is a huge problem. And still... using library items in combination will invariably mean that you will get hit. Catch all or not. And I'm saying that I have to agree with the admins... it was not spawned by Flashkit. I don't get anything from this site and I've been here for over 6 years.

    And wanna see "up in arms"? Let me get something from this site I didn't ask for. I'm liable to be on CNN. I hate spam mail too.

    Dunno dude. Like I said... change your flashkit e-mail to something that's non-library and more nonsensical.

    [ Hello ] | [ gerbick ] | [ Ω ]

  20. #20
    Flash Game Developer mesmerize's Avatar
    Join Date
    Dec 2005
    Location
    United Kingdom, near Leicester.
    Posts
    485
    gerbick,

    you keep mentioning your point about how robots can use library terms to 'eventually' hit your address. He's already said that can not be possible but again (even in the last post) you mentioned it.

    In his case the library terms could not have been used or he would have hundred of these emails, as he's set up to catch all emails sent to *@phantomflanflinger.tiscali.co.uk The robot in question has to have his direct address from somewhere to show the value flashkit@phantomflanflinger.tiscali.co.uk

    I think what's annoying him, is that you keep going on that he shouldn't worry about it, as spam bots can hit you even with 4 library terms, but in this case it is not possible.

    So what remains is where did they get it from and he's assuming your database as that's the only place he has used it.

    I hope that puts an end to your circular discussion.
    :-)

    phantomflanflinger,

    MORE IMPORTANTLY:
    Could your email getting out have anything to do with this crazy idea you had, back then:
    http://board.flashkit.com/board/show...07#post2053807

    Ha ha, sorry I had to laugh when I found this.
    I'm sure you'll laugh when you see it.
    If it is anything to do with this, your lucky you've only had 2 spams since then. I get 14 a day average.

    Best regards,
    David
    Last edited by mesmerize; 01-11-2007 at 06:19 PM.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  




Click Here to Expand Forum to Full Width

HTML5 Development Center