Author |
Message |
steve williams
Board Administrator Username: twobyfour
Post Number: 1442 Registered: 05-2005
| Posted on Wednesday, April 04, 2007 - 8:41 am: |
|
ok folks what is happening is unauthorized emails are getting written directly to the board overwriting files at random. the one from this a.m. is below, yesterday's was all in english this one is ? prob arabic. that's why the damage is limited each time and doesn't spread. also, it doesn't show up as a user and it comes through the host so i don't have an i.p. to ban. so, we're calling the host 'bluehost' today and saying 'whats up' . here's what it looks like Return-path: Envelope-to: lifeccus@box160.bluehost.com Delivery-date: Wed, 04 Apr 2007 01:45:04 -0600 Received: from lifeccus by box160.bluehost.com with local (Exim 4.63) (envelope-from ) id 1HZ0Av-00007c-Lv for lifeccus@box160.bluehost.com; Wed, 04 Apr 2007 01:45:02 -0600 From: root@box160.bluehost.com (Cron Daemon) To: lifeccus@box160.bluehost.com Subject: Cron /index.php X-Cron-Env: X-Cron-Env: X-Cron-Env: X-Cron-Env: X-Cron-Env: X-Cron-Env: Message-Id: Date: Wed, 04 Apr 2007 01:45:01 -0600 /bin/sh: /index.php: No such file or directory the rest is in arabic and discus doesn't recognize those characters so can't put it here. s |
Gary Blankenship
New member Username: garydawg
Post Number: 8 Registered: 07-2001
| Posted on Wednesday, April 04, 2007 - 8:48 am: |
|
If don't fix, move on? Smiles. Gary |
steve williams
Board Administrator Username: twobyfour
Post Number: 1443 Registered: 05-2005
| Posted on Wednesday, April 04, 2007 - 9:23 am: |
|
part 2 ok so now i have banned this i.p. address 86.137.158.91 as the originator of the spambot. i encourage you to write to this email address in the UK abuse@btbroadband.com and let them know your displeasure. i sent them a note this morning but more letters couldn't hurt . s |
~M~
Board Administrator Username: mjm
Post Number: 10112 Registered: 11-1998
| Posted on Wednesday, April 04, 2007 - 10:00 am: |
|
Dearest All -- to further expand on the details, the hacking is not being targeted at Wild directly. The spambot is hitting another site on the server and we are getting hit with the schrapnel. So, this is not someone with a beef against Wild specifically. We've finally identified the IP address which steve listed: 86.137.158.91. This IP address originates in the UK. The internet provider for that particular # is btbroadband.com. So, it's somebody on that internet provider. Please do write to the address steve listed as the more complaints that come flooding in, the harder it will be for this internet provider to ignore. They need to identify this particular person or persons and shut them down. Of course, we've banned that IP address at our server end, but it's a bit complicated so we still may be at risk. Don't be surprised if things still go wonky. The pattern is for this e-mail to hit between 1:00 and 2:00 am. (PST). You really don't have to write us notifying us that Wild is down or funky looking. We are well aware of that. If Wild is scrambled, don't even try posting anything as it definitely will not work. And the system will tell you that your profile/membership is unauthorized or missing. Please realize that steve is busy restoring things when this happens. However, if after we've restored Wild and it is looking relatively normal, you still have trouble accessing the site, i.e., your profile is missing or disabled, please do notify us about that. We'll get right to work on fixing your individual membership. We are very sorry for these repeated interruptions to our service and to all the inconveniences you are being made to suffer through. Thanks for hanging with us through all of this. You guys are great! Know that we are closer to a resolution and we will keep you updated as we can. Love, M & s |
LJ Cohen
Moderator Username: ljc
Post Number: 6557 Registered: 07-2002
| Posted on Wednesday, April 04, 2007 - 10:04 am: |
|
Email fired off to Btbroadband. Thanks for keeping us afloat. xo ljc Once in a Blue Muse Blog LJCohen
|
Fred Longworth
Advanced Member Username: sandiegopoet
Post Number: 1218 Registered: 05-2006
| Posted on Wednesday, April 04, 2007 - 10:25 am: |
|
Welcome to CSI Wild. Being a private defective, I can only admire Steve's sleuthwork. Fred |
Kathy Paupore
Moderator Username: kathy
Post Number: 881 Registered: 12-2003
| Posted on Wednesday, April 04, 2007 - 10:47 am: |
|
Will send an email off tomorrow. Have to work tonight. K You're invited to: Wild Flowers "A poem is made up of words and the spaces between them." WCWilliams
|
~M~
Moderator Username: mjm
Post Number: 66 Registered: 11-1998
| Posted on Wednesday, April 04, 2007 - 11:05 am: |
|
Dearest All -- just updating you on admin responsibilities. We are working on all the things that need doing (Weekly Creativity Challenge announcement from last week, POtW announcement, etc.). You should begin seeing these regular things that have been delayed appearing shortly. Also, please know that we are receiving your e-mails. However, every time we must stop to answer one, that takes us away from the tasks at hand (repairing Wild and investigating the spambot / speaking with our host server being top priorities at the moment). So, if you do not receive a response in a timely manner, that doesn't mean we haven't read your mail. The best way to keep updated about this situation is to check ESSENTIAL OILS often. As with this thread, we are trying to keep everyone updated in this central clearinghouse as it is easier and speedier than responding to individual e-mails. Please check here first before writing us if at all possible. Again, thanks for your patience. Please know that we are repairing / investigating / researching / rebuilding / typing as fast as our fingers will go! Love, M & s |
|