The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

deactivations@yahoo.com

Discussion in 'General Discussion' started by JPmorgan, Sep 6, 2003.

  1. JPmorgan

    JPmorgan BANNED

    Joined:
    Aug 19, 2003
    Messages:
    93
    Likes Received:
    0
    Trophy Points:
    6
    Im running Exim 4-22. Im seeing lots of these. Local user sending msg as if from Yahoo?

    2003-09-05 12:03:51 19vLs7-0001eK-KK <= deactivations453721@yahoo.com U=nobody P=local S=1437
    2003-09-05 12:03:53 19vLs7-0001eK-KK => bwp_20@yahoo.com R=lookuphost T=remote_smtp H=mx1.mail.yahoo.com [64.156.215.6]
    2003-09-05 12:03:53 19vLs7-0001eK-KK Completed
    2003-09-05 12:03:57 19vLsD-0001ef-B0 <= sean@xxxhotpicks.com H=(millwood.simplecom.net) [208.62.160.29] P=smtp S=3007
    2003-09-05 12:04:02 19vLsI-0001em-Ed <= deactivations453721@yahoo.com U=nobody P=local S=1445
    2003-09-05 12:04:05 19vLsI-0001em-Ed => possumposs@yahoo.com R=lookuphost T=remote_smtp H=mx1.mail.yahoo.com [64.157.4.79]
    2003-09-05 12:04:05 19vLsI-0001em-Ed Completed
    2003-09-05 12:04:09 19vLsP-0001f7-R7 <= deactivations453721@yahoo.com U=nobody P=local S=1441
    2003-09-05 12:04:12 19vLsP-0001f7-R7 => mstrojni@yahoo.com R=lookuphost T=remote_smtp H=mx2.mail.yahoo.com [64.156.215.6]
    2003-09-05 12:04:12 19vLsP-0001f7-R7 Completed
    2003-09-05 12:04:16 19vLsW-0001fK-Hh <= deactivations453721@yahoo.com U=nobody P=local S=1445
    2003-09-05 12:04:18 19vLsW-0001fK-Hh => stklparker@yahoo.com R=lookuphost T=remote_smtp H=mx2.mail.yahoo.com [64.156.215.5]
    2003-09-05 12:04:18 19vLsW-0001fK-Hh Completed
    2003-09-05 12:04:25 19vLsf-0001ff-7g <= deactivations453721@yahoo.com U=nobody P=local S=1445
    2003-09-05 12:04:28 19vLsf-0001ff-7g => annrebekah@yahoo.com R=lookuphost T=remote_smtp H=mx1.mail.yahoo.com [64.156.215.6]
    2003-09-05 12:04:28 19vLsf-0001ff-7g Completed
    2003-09-05 12:04:32 19vLsm-0001fw-Kw <= deactivations453721@yahoo.com U=nobody P=local S=1441
    2003-09-05 12:04:34 19vLsm-0001fw-Kw => dodgego9@yahoo.com R=lookuphost T=remote_smtp H=mx1.mail.yahoo.com [64.157.4.78]
    2003-09-05 12:04:34 19vLsm-0001fw-Kw Completed
    2003-09-05 12:04:43 19vLsx-0001gE-BW <= deactivations453721@yahoo.com U=nobody P=local S=1451
    2003-09-05 12:04:52 19vLt6-0001gO-FQ <= deactivations453721@yahoo.com U=nobody P=local S=1451
    2003-09-05 12:04:54 19vLt6-0001gO-FQ => themundtsters@yahoo.com R=lookuphost T=remote_smtp H=mx1.mail.yahoo.com [64.156.215$
    2003-09-05 12:04:54 19vLt6-0001gO-FQ Completed

    Wow just look at this;

    2003-09-05 12:12:21 19vM0L-0001yK-65 <= deactivations453721@yahoo.com U=nobody P=local S=1443
    2003-09-05 12:12:29 19vM0T-0001yX-EV <= deactivations453721@yahoo.com U=nobody P=local S=1439
    2003-09-05 12:12:38 19vM0c-0001ym-Lo <= deactivations453721@yahoo.com U=nobody P=local S=1447
    2003-09-05 12:12:48 19vM0m-0001yz-Rv <= deactivations453721@yahoo.com U=nobody P=local S=1439
    2003-09-05 12:12:58 19vM0w-0001zC-8X <= deactivations453721@yahoo.com U=nobody P=local S=1445
    2003-09-05 12:13:06 19vM14-0001zS-Q9 <= deactivations453721@yahoo.com U=nobody P=local S=1447
    2003-09-05 12:13:15 19vM1D-0001zh-N1 <= deactivations453721@yahoo.com U=nobody P=local S=1451
    2003-09-05 12:13:24 19vM1M-00020A-Ic <= deactivations453721@yahoo.com U=nobody P=local S=1441
    2003-09-05 12:13:32 19vM1U-00020b-Lf <= deactivations453721@yahoo.com U=nobody P=local S=1447
    2003-09-05 12:13:43 19vM1e-00020o-Vk <= deactivations453721@yahoo.com U=nobody P=local S=1449
    2003-09-05 12:13:52 19vM1o-00021P-2R <= deactivations453721@yahoo.com U=nobody P=local S=1445
    2003-09-05 12:14:01 19vM1x-000223-5a <= deactivations453721@yahoo.com U=nobody P=local S=1443
    2003-09-05 12:14:10 19vM26-00022M-DP <= deactivations453721@yahoo.com U=nobody P=local S=1439
    2003-09-05 12:14:21 19vM2H-00022f-8d <= deactivations453721@yahoo.com U=nobody P=local S=1449
    2003-09-05 12:14:29 19vM2P-00022q-MS <= deactivations453721@yahoo.com U=nobody P=local S=1445
    2003-09-05 12:14:38 19vM2Y-00023A-Rg <= deactivations453721@yahoo.com U=nobody P=local S=1437
    2003-09-05 12:14:47 19vM2h-00023N-Nh <= deactivations453721@yahoo.com U=nobody P=local S=1439
    2003-09-05 12:14:55 19vM2p-00023s-OD <= deactivations453721@yahoo.com U=nobody P=local S=1435
    2003-09-05 12:15:08 19vM32-00024k-2Y <= deactivations453721@yahoo.com U=nobody P=local S=1443
    2003-09-05 12:15:17 19vM3B-00024z-9p <= deactivations453721@yahoo.com U=nobody P=local S=1443
    2003-09-05 12:15:26 19vM3J-00025q-Ss <= deactivations453721@yahoo.com U=nobody P=local S=1437
    2003-09-05 12:15:35 19vM3S-00027W-TD <= deactivations453721@yahoo.com U=nobody P=local S=1437
    2003-09-05 12:15:44 19vM3c-00028R-4J <= deactivations453721@yahoo.com U=nobody P=local S=1439
    2003-09-05 12:15:53 19vM3l-000295-3T <= deactivations453721@yahoo.com U=nobody P=local S=1447


    cPanel.net Support Ticket Number:
     
    #1 JPmorgan, Sep 6, 2003
    Last edited: Sep 6, 2003
  2. JPmorgan

    JPmorgan BANNED

    Joined:
    Aug 19, 2003
    Messages:
    93
    Likes Received:
    0
    Trophy Points:
    6
    We found the bastard. He placed a identical copy of Yahoo's website on our box then he sent people email claiming that they were abusing Yahoo privs. Naturally those people went to his/our fake website and unsubscribed themselves at the same time getting their email addresses. You should see what we found in his webspace. Amazing! Just amazing. Scripts to mimic yahoo sites, mailer.php that was setup to send this message to the clients;

    <?

    $message = "<p>SafeHarbor Pre-Suspension</P>";
    $message .= "<P>Dear customer,</P>";
    $message .= "<p>We regret to inform you that your Yahoo account will be suspended due to the violation of our site policy b$
    $message .= "<p>* Misrepresentation of Identity (User) - Representing yourself as another Yahoo user or registering using t$
    $message .= "<p>Due to the suspension of this account, please be advised you are prohibited from using Yahoo in any way. Th$
    $message .= "<p>Please note that this suspension does not relieve you of your agreed-upon obligation to pay any fees you ma$
    $message .= "<p>According to our site policy you will have to confirm that you are the real owner of the Yahoo account by c$


    $message .= "<a href='http://64.246.xx.xxx/~secure-/Yahoo/yahoo.html'>http://www.yahoo.com?rand=%cd4343cgefjh4hGYTS#aufdag<$

    $message .= "<p>Our appologies for this unconvenience.</p><p>Thank You for using Yahoo!</p><p><a href='http://www.yahoo.com$

    $headers = "MIME-Version: 1.0\r\n";
    $headers .= "Content-type: text/html; charset=iso-8859-1\r\n";
    $headers .= "From: Support <deactivations453721@yahoo.com>\r\n";
    $to=$_POST["mail"];
    mail($to, "Safe-Harbour", $message, $headers);

    He signed up on the 4th only a few days ago. Glad we found him. Now we have to send a letter of appology to Yahoo and hopefully they will not shut us down.

    cPanel.net Support Ticket Number:
     
    #2 JPmorgan, Sep 6, 2003
    Last edited: Sep 6, 2003
  3. JPmorgan

    JPmorgan BANNED

    Joined:
    Aug 19, 2003
    Messages:
    93
    Likes Received:
    0
    Trophy Points:
    6
    More information on this guy.

    He goes by the name of David Parks and the ip his using is

    152.163.252.196 - - [06/Sep/2003:02:13:04 -0700] "POST /~secure-/Yahoo/mailer.php HTTP/1.1" 200 5

    His using the domain name; http://secure-co-inc.com which according to WHOIS is not even registered.

    cPanel.net Support Ticket Number:
     
  4. RobertOnTheAir

    RobertOnTheAir Active Member

    Joined:
    Aug 2, 2003
    Messages:
    33
    Likes Received:
    0
    Trophy Points:
    6
    I hope ya reported this URL to domain authorities. It's against the rules to have a domain without correct contact information. They can lose the domain. Especially if they're using it for bad things. :D

    cPanel.net Support Ticket Number:
     
  5. JPmorgan

    JPmorgan BANNED

    Joined:
    Aug 19, 2003
    Messages:
    93
    Likes Received:
    0
    Trophy Points:
    6
    I reported him to Yahoo and they are pretty slack about it! He didnt have a domain. All he was usering is http://ourip/~username/Yahoo/mailer.php to kick of his messages. The domain he registered doesnt even exist. Not registered so he didnt need to register one to access his site. Acutally the fake site requested users to enter their passwords and yahoo email address which was capatured then email to him so his probably got loads of yahoo accounts that his using illegially.

    cPanel.net Support Ticket Number:
     
  6. GetWired

    GetWired Active Member

    Joined:
    Aug 4, 2003
    Messages:
    39
    Likes Received:
    0
    Trophy Points:
    6
  7. bmcpanel

    bmcpanel Well-Known Member

    Joined:
    Jun 1, 2002
    Messages:
    546
    Likes Received:
    0
    Trophy Points:
    16
    Too bad you can't reach through the computer and break his f*cking neck!

    cPanel.net Support Ticket Number:
     
Loading...

Share This Page