Anyone find a fix for this? I have tried x skin and x2 skin and boxtrapper is gone from there.
Bout time boxtrapper was deleted... or was it?? Check tomorrow, the boxtrapper virii will be back on its own.
Boxtrapper needs to be removed from cpanel and made to not come back. It WILL get your mail server blacklisted AND might even generate a fine to be paid before getting delisted by this prick: .
More information that took 2 seconds to find:
No, it's worse than that. The collateral damage from widely used C/R
systems, even with implementations that avoid the stupid bugs, will
destroy usable e-mail.
Challenge systems have effects a lot like spam. In both cases, if only a
few people use them they're annoying because they unfairly offload the
perpetrator's costs on other people, but in small quantities it's not a
big hassle to deal with. As the amount of each goes up, the hassle factor
rapidly escalates and it becomes harder and harder for everyone else to
use e-mail at all.
Challenge-Response Anti-Spam Systems Considered Harmful
You're probably receiving this because I've received a challenge-response (C-R) message from your mail system. If you're receiving this, that is....
Spam is a growing, heck, exploding problem. No doubt. Regardless, C-R is a flawed tactic, for the following reasons.
0. Weak, and trivially abused, verification basis.
Even where used, C-R systems are readily bypassed by spammers.
The 'FROM:' header of e-mail can be, and routinely is, spoofed. It offers no degree of authentication or evidence of identity.
C-R uses the "From:" header (with implementation-specific variations) as an authentication key. While a given key is going to have a relatively low likelihood of being cleared by a given user, there are keys that will have a high likelihood of being cleared. Off the top of my head, @microsoft.com, @aol.com, @ebay.com, @*.gov, and other major commercial, financial, and governmental institutions, would be likely to be cleared by a large number of users. Similar "social engineering" tactics are already used by spammers.
C-R moves you back to square one of the fact that SMTP can't provide authentication of e-mail headers. At the very least, contextual analysis of headers (as Alan admits) is necessary. If you're already taking this step, heuristic and Bayesian methods are a low-overhead next step, which have proven to be highly effective and accurate.