Unconfigured Ad Widget

Collapse

Announcement

Collapse
No announcement yet.

hijacked email

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • hijacked email

    ...And now I'm getting email auto-replies to the above post?? What the h*ll is going on??!!

  • #2
    hijacked email

    A LOT of email addresses are now being hijacked, Doug. This is one of the latest techniques by spammers -- they hijack innocent domains and/or addresses and send mail forged to be from there. The only way around this is to implement better security on email. However, the reailty is that there is SO MUCH MONEY in spam (and anti-spam) and in anonymous email that nobody wants to enforce email security. Joe

    Comment


    • #3
      hijacked email

      I can't imagine anyone responding to any spammer. The repetition just doesn't cut the marketing muster. After all, if an individual does not respond to a Viagra posting, what makes the spammer think that the same person will respond to V!agra, or Vi*gr@. OTOH no one ever went broke underestimating the intelligence of the American public, and since there's one born every minute you raise a valid point. Side note to whomever: I don't need any watches, and I am not interested in penny stocks. Dave

      Comment


      • #4
        hijacked email

        Believe it or not, Dave, very little in spam is as it appears. The only truism is what Joe posted. There is a LOT of money involved. There is a lot to be said about spam, but it is as much a study of human frailty as of frail technology. Simple human greed can't be overstated. The billions harvested by ridiculous Nigerian emails attest to that. That is just a small amount of the money involved, however, and the only type of spam where a reply is looked for to complete the scam. The penny stock stuff is a simple pump and dump scam. Buy penny stock, send out millions of spam emails saying that the "target" price is five cents, and what do you have? You can just the slow wheels turning, let's see, if I buy $100, tomorrow I'll have $500. Golly, where do I buy that there stuff? Spammer having already bought worthless stock for a penny per is actually the one who gets $500 the next day. Other than spam being illegal, this is actually entirely legal and attempted on sites like Yahoo every day. But a little pump and dump post on Yahoo gets nothing like the eyes of millions of spam emails. Beyond that, you get into really evil stuff, predators around the world who think that Americans are idiots, and Americans who meet and exceed those low expectations every hour of every day. And those predators are not kids in a basement. These are very smart, organized criminal organizations. People with bank accounts and charge cards with their Windows PC's out on the internet are just babes in the woods to these predators. There has been a tremendous upsurge in spam recently. This followed the discovery of some new techniques to own people's PC's if you can just get them to visit a link. You can imagine the temptations offered for that click. All that is weak in spirit and flesh, but sex, drugs, and easy money pretty much sums it up. But how to get those who don't succumb to temptation? Why you appeal to the goodness of their humanity. There are over a million web site links, including blogs, that will own your PC if you merely click on them. You can imagine the variety of them, good and bad, and the intentions, good and bad, that will ensnare those babes in the woods. What happens once ensnared? They don't know it, but their keystrokes are sent to an IP address somewhere, where passwords and other identity info is harvested. Their PC's become part of a world wide zombie network that sends out even more spam. Or directed as part of a blackmail denial of service attack on an organization. Or directed to attack in a swarm to break web sites. PHP sites are favorites. I hope people who like to say PHP because it sounds cool have a clue when they write something with it to put out on the internet. If they don't, they'll be just more babes in the woods. rd

        Comment


        • #5
          hijacked email

          Ralph Daugherty wrote: The penny stock stuff is a simple pump and dump scam. Ralph I understand this. Here's what I don't understand: What makes the spammers believe that if an individual has not swallowed the bait on the first, fourth, or tenth spamming, that the same individual will buy into it on the 55th attempt, particularly if the message is disguised, misspelled, or otherwise obfuscated. I also don't understand why authorities cannot track down a point of origin to such pervasiveness. Does Bill Gates get Spam? There doesn't seem to be much complaining coming from Redmond. One might hypothsize that the reason not much is mentioned is because they are all happy with their "male enhancement" purchases. It is a possiblity. Dave

          Comment


          • #6
            hijacked email

            Well, of course Bill has an assistant who screens his email, so he's not going to see it. (or all the flame email he gets. But the reason I don't complain about it is I have Postini spam service for my ISP email server. I rarely see spam, and when a new technique is developed (such as message content in images now which preclude scanning for text) Postini and other professional companies work on ways to flag and hold them. That's part of the big money involved. $2 a month from every email user to trap spam is a lot of money. But the real problem is no cost to the spammers. Trying to track feedback on spam success takes effort and money. It costs nothing to send as much spam as possible to everyone. No amount of engineering with current frail technology will provide a solution either. Even if you identified source of spam and sent a bill, it would just be clueless Windows users whose PC's are the culprit and who get the bill to pay, or be kicked off the internet. I never see any of this stuff unless I log into the spam cache that holds the last couple weeks of trapped spam and look to see if anything should have got to me. I rarely find anything that should have gone through, so it works well. Basically spam is a huge problem comprising nearly all email, but is effectively hidden from most people except that good email is also not getting through now. There are lots of complaints that it's getting to be hit or miss for an email to get through some of the cable internet email servers. Spam is the basic culprit behind this. There probably won't be a solution until firewalls with IP address white lists are set up to block offenders, for example even now at this point blocking the commands to the zombie PC's. My site gets hit night and day from attackers all over the world, but mostly former Soviet Union and China. I've blocked the IP addresses, that's basically what it's going to take. rd

            Comment


            • #7
              hijacked email

              Hi,[*] This question is directed at Ralph's post, "I hope people who like to say PHP because it sounds cool have a clue when they write something with it to put out on the internet."[*] Please provide more information about your warning. (I don't have a clue about your PHP comments.) We are planning to move forward with PHP web sites. Should we rethink our plans?[*] Thank you

              Comment


              • #8
                hijacked email

                My mcpressonline.com email address has been hijacked by something and is being used to send spam. I know this because I frequently get message rejected notices. It's been going on for a while now. Anyone else experiencing this with their mcpressonline.com email address? I sent an email to MCPressOnline's webmaster, but I got no response. What should my next step be?

                Comment


                • #9
                  hijacked email

                  Hi daf, I would suggest being fully informed and then rethinking if necessary. I've had a PHP site for the last four years, running phpBB. There's tens of thousands of PHP board sites alone, but millions of attacks on them. Robots find .php extensions in Google and seek them out like a heat seeking missile. The payload is just as bad. PHP software development teams such as phpBB put out frequent patches to try to stem attack vectors. The same thing is going on in Windows as is widely publicized. Much of this is related, but I would get a real good idea of what your PHP software development benefits and efforts required tradeoffs would be to be able to make an informed decision. You could search and read random articles, but I would get info on version 5 best practices from a very good book or two on PHP security and determine what software security strategies you will employ as part of that. I Googled "Secure PHP" and got around 100,000 hits. I Googled "PHP is secure" and got 225, and some of them were laughing. But you can develop with version 5 with a professional architectural configuration unlike the historical norm. But next to no open source PHP software will run that way. But that coupled with running on iseries without familiar Windows and Unix foils for crack attempts would make you safer than most. When I Googled "Secure PHP" I lifted a sample paragraph from a link on the first page. This gives you both a taste of a typical security problem and a taste of what programming in PHP looks like. I pasted to Code. You could Google and read for hours on PHP exploits. I haven't, and here's why. I wrote my PC DOS assembler program Double Deck Pinochle in Java. I'm going to run it from a web site someday, but not today. Lo and behold, you'd think Java was a four letter word the way web hosts, including my PHP web host, react to the concept of running Java. Basically, no way. Now, it would just be peachy if I rewrite again from Java to PHP as some passable equivalent. But the Double Deck Pinochle game actually performs useful work, like a typical RPG program! That means it's got lots of code to make lots of decisions. And no matter how you break it down, x amount of code has to run to get a result. But PHP is like interpreter BASIC, which is not a slam because I originally developed it in interpreter BASIC on a TRS-80 in 32K on a 2 Mhz CPU. (That 25 years later it takes 32 Meg and a 2 Ghz CPU to do exactly the same thing in Java is a fitting testament to the wonders of progress in software engineering. But I digress.) PHP itself is a code module you choose to install to Apache, and Apache has it in its executable when it encounters a .php (extension(s) as configured) web page. That's the ROM BASIC aspect of it. The PHP code you write is pulled up as a text file by Apache when referenced by a web page and interpreted, yes, just exactly as BASIC was interpreted yea those many years ago, and code of any consequence such as what we would require in an RPG program (with code dispersed in any manner whatsoever, but nevertheless code), is interpreted line by line to execute. Several such PHP modules could be referenced, but in the very next web page it starts all over again. iseries meet Groundhog Day. As a consequence, a commercial endeavor of any significance will require Zend's caching software to keep that from happening, which is the reason Zend is doing this for free. It's a solution, but you should factor in Zend's product cost as part of the solution cost in a business environment. And having done that, what does it get you? If there is some vague notion of open source but nothing specific identified, little of it if it even was useful would run in a version 5 environment with a configuration necessary to protect your enterprise. And I took a look a while back at just what had been developed open source in PHP and it was primarily content management, with some e-commerce, but nothing I saw as anything approaching the complexity of an RPG business module. The content management stuff is just suck it in and pump it out, such as suck in a web page, and write portions to various fields in a file. Then when someone clicks to view it later, suck it back out and display it. Very little beyond that and administration, and so every event is self contained to a web page. You basically don't care if their connection dropped off the face of the earth after they clicked submit because they will be back if they do, and they won't be back if they won't. Each web page is stateless, just as the web browser / server was designed. But there are a couple of robust eCommerce open source PHP packages that I'm sure run just fine without Zend's caching, so content management taken a bit further with state and sessions is certainly there, especially in version 5 which added more support for sessions. I've gone on on this because I had to decide whether to go this route or not, and I'm going to look at RPG-CGI first. The API calls are in at least three or four freely available modules it looks like, and there is also a freely available Java JSP web page solution to wrap around your RPG code as an RPG based alternative to RPG-CGI. I just really can't see any benefit in PHP whatsoever when we have the iseries and RPG. The given benefits are usually that it's easier for non-professional programmers to deal with, and other related benfits like "I just write something and try it and see if it works" type testimonials, and some of that is based on not having to declare variables, which again takes us back to interpreter BASIC. Which is where I think I started, so I'll just leave it there for now. rd
                  Code

                  Comment

                  Working...
                  X