False Emails.

smoochy boys on tour

Azura

Mir3 Coder & Adviser
Legendary
Mar 12, 2005
3,249
111
300
If you have received an email from [email protected] can you please let me know as this is not me and is the email that 'hacked' my server.

It is now apparent that they stole the files, database and website and are emailing it to people.

Let me know, I cannot trace the email unfortunatly as finding out the little pri** would be nice.

Subject: Inferno Mir3 server files released
X-PHP-Script: howtogetindexedwithgoogle.com/forum/admincp/email.php for 76.73.108.18
From: "[email protected]" <[email protected]>
Sender: [email protected]
Message-ID: <[email protected]>
MIME-Version: 1.0
X-Priority: 3
X-Mailer: vBulletin Mail via PHP
Date: Sun, 21 Mar 2010 16:21:52 -0700 (PDT)
X-Cloudmark-Analysis: v=1.1 cv=K3bUqEfPWdt3GTY80urYfqLtI+k+b+UoqwK1/HzADaU= c=1 sm=0 a=ORa4HqFjfvEA:10 a=8nJEP1OIZ-IA:10 a=mLLqJeDCAAAA:8 a=NVBHBe0WAAAA:8 a=rIR1KuNDAAAA:8 a=THGLIshXbl-MquQ7jRAA:9 a=UwSwHK_qfd05vw75RcbjQ64b7IsA:4 a=wPNLvfGTeEIA:10 a=HpAAvcLHHh0Zw7uRqdWCyQ==:117
X-Antivirus: AVG for E-mail 8.5.437 [271.1.1/2761]
Content-Type: multipart/mixed; boundary="=======AVGMAIL-76E26907======="
 

Azura

Mir3 Coder & Adviser
Legendary
Mar 12, 2005
3,249
111
300
In talks with microsoft to get this issue sorted out and find out who the person is hopefully.
 

Azura

Mir3 Coder & Adviser
Legendary
Mar 12, 2005
3,249
111
300
Its not my msn, ITs someone who made the account pretending to be me then emailed my dedicated server company requesting my password. Idiotic company didnt do the right checks and gave them the password.

The person then has stole everything off the dedi and uploaded it, even my website and forum and emailing it all to people on lomcn.

Bad thing is the person didnt edit the DB's so everyones account information is still there.
 

Tashohnie

LOMCN Veteran
Veteran
Jan 13, 2009
855
4
104
I received this e-mail also and must admit I was a bit puzzled as to why you were releasing this.
 

mapadale

Guest
Its not my msn, ITs someone who made the account pretending to be me then emailed my dedicated server company requesting my password. Idiotic company didnt do the right checks and gave them the password.

The person then has stole everything off the dedi and uploaded it, even my website and forum and emailing it all to people on lomcn.

Bad thing is the person didnt edit the DB's so everyones account information is still there.
If they have hacked the website, then bravenet will have the IP address logged for that within the Cpanel. You should also beable to check yourself as well.
 

Azura

Mir3 Coder & Adviser
Legendary
Mar 12, 2005
3,249
111
300
When I say hacked website, I mean they rar'd the whole htdocs and uploaded it.
 

Azura

Mir3 Coder & Adviser
Legendary
Mar 12, 2005
3,249
111
300
Yes they rar'd everything, Server, Databases, Website. All Database information still there and website / forums.
 

mapadale

Guest
Yes they rar'd everything, Server, Databases, Website. All Database information still there and website / forums.
With a site rip, there should be an IP associated to the site. This will show all pages viewed and times, this would then indicate the person who is doing it.
 

Azura

Mir3 Coder & Adviser
Legendary
Mar 12, 2005
3,249
111
300
The guy gained access to the dedi because of the bad company, then rar'd my htdocs folder and uploaded it.

Dont think there will be an IP associate to that.
 

shorty606

Golden Oldie
Golden Oldie
Apr 10, 2005
867
0
122
There will be, someone still had to access the files to download them. You should have a log in your main server directory. Htlogs I think they are called.
 

Azura

Mir3 Coder & Adviser
Legendary
Mar 12, 2005
3,249
111
300
The company couldnt access the server after the gu ychanged the password so they reformated.
 

twisterdmk

LOMCN Veteran
Veteran
May 13, 2009
759
28
115
USA
From [email protected] Sun Mar 21 23:22:01 2010
X-Apparently-To: [email protected] via 67.195.15.204; Mon, 22 Mar 2010 00:21:50 -0700
Return-Path: <[email protected]>
X-YMailISG: lyDFFEsWLDufE8_4aXg8USnIOx3.PS0i4Qnt_oGUVe2ZVdbzk2Q_WxttS_LjYaII814vlkzosLZcuq20M2g58IXXU5dEKw8SqpH0DlWXufnPhAxQKqLyTmvjZMdpiq3HConeEowJCPdczz8E0cfycie6C2bdCebOrxQB5KIsKFtapTNr71XkMPLUOvAFUJnbM6.tpOX2wr_HsAD.vIXBZ_O_pZYoiZrD1pkncHqWtpHCeufS79_lrCkjWkWdfyvA8y7HRCkmC46v2SUHbaW.__0cCkLQVUKvdADfDdK.Qf1fgqv.1CkWPHhGovKoRrP5HWz5kmbeT3Yx9JKMug4IjwXzXhBD9e_lBLBcDvXDG5D4obbpQiCP9R.4IQXGbg4z9UNsOXOcybcpca01CaQnwlIOSbwyLeZOdSw-
X-Originating-IP: [65.39.211.68]
Authentication-Results: mta1120.mail.mud.yahoo.com from=; domainkeys=neutral (no sig); from=hotmail.com; dkim=neutral (no sig)
Received: from 127.0.0.1 (EHLO hostmail3.bravehost.com) (65.39.211.68) by mta1120.mail.mud.yahoo.com with SMTP; Mon, 22 Mar 2010 00:21:50 -0700
Received: from localhost (unknown [127.0.0.1]) by hostmail3.bravehost.com (Postfix) with ESMTP id 7F5D61986A6 for <[email protected]>; Sun, 21 Mar 2010 23:22:01 +0000 (UTC)
X-Virus-Scanned: amavisd-new at bravehost.com
Received: from hostmail3.bravehost.com ([65.39.211.68]) by localhost (rosberg.vc.bravenet.com [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id VMkvVTDiZqG0 for <[email protected]>; Sun, 21 Mar 2010 16:22:01 -0700 (PDT)
Received: (from [email protected]) by gamma.vc.bravenet.com (mini_sendmail/1.3.6 29jun2005); Sun, 21 Mar 2010 16:22:01 PDT (sender [email protected])
To: [email protected]
Subject: Inferno Mir3 server files released
X-PHP-Script: howtogetindexedwithgoogle.com/forum/admincp/email.php for 76.73.108.18
From: "[email protected]" <[email protected]> Add sender to Contacts
Sender: [email protected]
Message-ID: <[email protected]>
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 8bit
X-Priority: 3
X-Mailer: vBulletin Mail via PHP
Date: Sun, 21 Mar 2010 16:22:01 -0700 (PDT)
Content-Length: 519

Was the e-mail header that I had if any help
 

Diddy

Dedicated Member
Dedicated Member
May 12, 2006
13
0
47
i also received the email have you contacted the host where the files have been uploaded to to have them removed?
 

JealY

LOMCN VIP
VIP
Nov 28, 2004
5,354
52
305
England
What kind of server company doesn't know how to access their hardware after a simple password change? :/
 

Azura

Mir3 Coder & Adviser
Legendary
Mar 12, 2005
3,249
111
300
I think they resell so they rather me pay for a format then actually setting the datacenter to do the ntpassword reset.
 

Chris22

LOMCN Veteran
Veteran
Jun 10, 2009
372
1
45
I think they resell so they rather me pay for a format then actually setting the datacenter to do the ntpassword reset.

They give out your password, then after the site gets hacked, get you to pay for them to sort it......eh :cursing: