Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Cpanel Message Center Fraud Email

Discussion in 'Security' started by bear, Jul 1, 2012.

  1. bear

    bear Well-Known Member

    Joined:
    Sep 24, 2002
    Messages:
    124
    Likes Received:
    2
    Trophy Points:
    168
    cPanel Access Level:
    Root Administrator
    Received via email, an obvious phishing scam. Wanted to make Cpanel and others aware, as it resembled the infamous "your account is over quota" one from "your email administrator" that was being passed around recently. Here it is:
    The login was actually to the phishing site (in part: gestalt.as/modules/mod_feed/cpanel) and these are the partial headers:
    To: webmaster@<<redacted>>
    Subject: Problem with DNS setup on host-name
    X-PHP-Script: [multimedios.tv/redirect.php]Multimedios TV for 201.143.12.183
    From: cPanel Inc <messagecenter@cpanel.net>

    Be careful out there. ;)
     
    #1 bear, Jul 1, 2012
    Last edited: Jul 1, 2012
  2. Eric

    Eric Administrator
    Staff Member

    Joined:
    Nov 25, 2007
    Messages:
    751
    Likes Received:
    11
    Trophy Points:
    143
    Location:
    Texas
    cPanel Access Level:
    Root Administrator
    Howdy,

    For what it's worth I reported it to the abuse contact on file.

    Thanks!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,235
    Likes Received:
    384
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    I've updated this thread title so that others can hopefully find it easier.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. RickG

    RickG Well-Known Member

    Joined:
    Feb 28, 2005
    Messages:
    238
    Likes Received:
    2
    Trophy Points:
    168
    Location:
    North Carolina
    cPanel - clients have reported a couple of these this morning:

    Header information (some content removed) ...

    Received: from host.ozhost5.com (host.ozhost5.com [205.234.103.90])
    Received: from nobody by host.ozhost5.com with local (Exim 4.80) (envelope-from <nobody@host.ozhost5.com>)
    From: cPanel Inc <messagecenter@cpanel.net>
    Reply-To: messagecenter@cpanel.net
    MIME-Version: 1.0
    Content-Type: text/html
    Date: Mon, 12 Nov 2012 23:54:10 +1100
    X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
    X-AntiAbuse: Sender Address Domain - host.ozhost5.com
    X-Source-Args: /usr/local/apache/bin/httpd -k start -DSSL
    X-Source-Dir: keyturn.com.au:/public_html
    Return-Path: nobody@host.ozhost5.com
     
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice