The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Cpanel Message Center Fraud Email

Discussion in 'Security' started by bear, Jul 1, 2012.

  1. bear

    bear Well-Known Member

    Joined:
    Sep 24, 2002
    Messages:
    113
    Likes Received:
    1
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Received via email, an obvious phishing scam. Wanted to make Cpanel and others aware, as it resembled the infamous "your account is over quota" one from "your email administrator" that was being passed around recently. Here it is:
    The login was actually to the phishing site (in part: gestalt.as/modules/mod_feed/cpanel) and these are the partial headers:
    To: webmaster@<<redacted>>
    Subject: Problem with DNS setup on host-name
    X-PHP-Script: [multimedios.tv/redirect.php]Multimedios TV for 201.143.12.183
    From: cPanel Inc <messagecenter@cpanel.net>

    Be careful out there. ;)
     
    #1 bear, Jul 1, 2012
    Last edited: Jul 1, 2012
  2. Eric

    Eric Administrator
    Staff Member

    Joined:
    Nov 25, 2007
    Messages:
    746
    Likes Received:
    11
    Trophy Points:
    18
    Location:
    Texas
    cPanel Access Level:
    Root Administrator
    Howdy,

    For what it's worth I reported it to the abuse contact on file.

    Thanks!
     
  3. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,456
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    I've updated this thread title so that others can hopefully find it easier.
     
  4. RickG

    RickG Well-Known Member

    Joined:
    Feb 28, 2005
    Messages:
    238
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    North Carolina
    cPanel - clients have reported a couple of these this morning:

    Header information (some content removed) ...

    Received: from host.ozhost5.com (host.ozhost5.com [205.234.103.90])
    Received: from nobody by host.ozhost5.com with local (Exim 4.80) (envelope-from <nobody@host.ozhost5.com>)
    From: cPanel Inc <messagecenter@cpanel.net>
    Reply-To: messagecenter@cpanel.net
    MIME-Version: 1.0
    Content-Type: text/html
    Date: Mon, 12 Nov 2012 23:54:10 +1100
    X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
    X-AntiAbuse: Sender Address Domain - host.ozhost5.com
    X-Source-Args: /usr/local/apache/bin/httpd -k start -DSSL
    X-Source-Dir: keyturn.com.au:/public_html
    Return-Path: nobody@host.ozhost5.com
     
Loading...

Share This Page