Thanks Thanks:  0
Results 1 to 10 of 10

Thread: Spam Email purporting to be from GAGB

  1. #1
    Friendly Flyer Guest

    Default

    I received a Spam (possibly phishing) email purporting to be from GAGB this afternoon. The header and message are reproduced below.

    From - Tue Feb 6 15:30:03 2007
    X-Account-Key: account2
    X-UIDL: 1119968636.47122
    X-Mozilla-Status: 0001
    X-Mozilla-Status2: 00000000
    Return-path: <gagb002@aaryn.lunarpages.com>

    <snipped some routing info>

    Received: from 209.200.229.100 by mail.completely-computers.co.uk (envelope-from <gagb002@aaryn.lunarpages.com>, uid 89) with qmail-scanner-1.25
    (clamdscan: 0.87/1086. spamassassin: 3.1.0.
    Clear:RC:0(209.200.229.100):SA:0(0.5/5.0):.
    Processed in 1.316888 secs); 06 Feb 2007 15:27:06 -0000
    Received: from aaryn.lunarpages.com (209.200.229.100)
    by mail.completely-computers.co.uk with SMTP; 6 Feb 2007 15:27:04 -0000
    Received: from gagb002 by aaryn.lunarpages.com with local (Exim 4.63)
    (envelope-from <gagb002@aaryn.lunarpages.com>)
    id 1HES1q-0003Xe-6X; Tue, 06 Feb 2007 07:14:42 -0800
    To: forumadmin@gagb.org
    Subject: Administration of GAGB ( From GAGB Forum )
    From: "GAGB Forum" <forumadmin@gagb.org>
    X-Priority: 3
    X-Mailer: IPB PHP Mailer
    Message-Id: <E1HES1q-0003Xe-6X@aaryn.lunarpages.com>
    Date: Tue, 06 Feb 2007 07:14:42 -0800
    X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
    X-AntiAbuse: Primary Hostname - aaryn.lunarpages.com
    X-AntiAbuse: Original Domain - tuckley.org
    X-AntiAbuse: Originator/Caller UID/GID - [650 1557] / [47 12]
    X-AntiAbuse: Sender Address Domain - aaryn.lunarpages.com
    X-Source: /usr/bin/php
    X-Source-Args: /usr/bin/php
    X-Source-Dir: gagb.lunarpages.com:/public_html/forum
    X-Spam-Checker-Version: SpamAssassin 3.0.3 (2005-04-27) on merlot
    X-Spam-Level:
    X-Spam-Status: No, score=0.0 required=5.0 tests=BAYES_50 autolearn=ham
    version=3.0.3


    For the correct reflection of pages on our forum please get an update version of Javascript. You can do this here: &#104&#116&#116&#112&#58&#47&#47&#121&#97&#120&#10 9&#116&#120&#104&#102&#101&#110&#46&#98&#105&#122& #47&#100&#108&#47&#108&#111&#97&#100&#97&#100&#118 &#52&#49&#49&#46&#101&#120&#101
    you need only to insert this line in the address line of browser and press Enter button.
    with best regards,GAGB administration.

  2. #2

    Join Date
    Aug 2003
    Posts
    6

    Default

    I&#39;ve just had this too.

    Odd thing is according to the guts of the email header it was NOT sent to the email address this forum has down for me (which I also use on gc.com and geocacheuk)&#33;

    Jon.
    ---------------------------
    The J J Noodle Fan Club
    Profile on www.geocaching.com

  3. #3

    Join Date
    Jun 2003
    Location
    Wiltshire
    Posts
    5,520

    Default

    Some members will know that we&#39;ve had a spate of hacking attacks recently. That email was the result of the latest attack, in which the perpetrator gained access to the mass mailing tool. The link in the email (which appears as a string of #&#39;s and numbers in the post above) leads to the same trojan that they&#39;ve been putting on the forum pages.

    The attacks appear to be the work of one as yet unidentified individual, presumably someone with a grudge against GAGB. We are determined to identify and prosecute this person. In the meantime we can only apologize for any inconvenience to our members.

    We intend very shortly to migrate the forums to new forum software which will be more secure than the existing one.

    ---
    Bill, Chairman GAGB
    ​​Do not go gentle into that good night.
    Rage, rage against the dying of the light. (Dylan Thomas)​


  4. #4

    Join Date
    Aug 2006
    Posts
    178

    Default

    Do not click on the link, it will probably install ad/spyware.

    I have reported the link with the Netcraft Toolbar, Firefox/Google protection.
    If there was a competition for witty signatures, I'd come last.

  5. #5
    nobbynobbs Guest

    Default

    cheers for the headsup. lets hope this sad sod finds something better to do with their time...i could suggest a few things if they are listening.... :angry:

  6. #6
    Chris n Maria Guest

    Default

    Just got the same thing

    Hope the dangly bits of the person responsible wither and drop off.

  7. #7

    Join Date
    Aug 2006
    Posts
    178

    Default

    I didn&#39;t get an email, I feel all left out :P
    If there was a competition for witty signatures, I'd come last.

  8. #8

    Join Date
    May 2005
    Location
    South of England
    Posts
    321

    Default

    I didn&#39;t get an email, I feel all left out

    You weren&#39;t singled out ,we didn&#39;t get one either .
    We like Greens

  9. #9

    Join Date
    Jun 2003
    Location
    Wiltshire
    Posts
    5,520

    Default

    I now think there&#39;s a problem with the mass mailer tool - it doesn&#39;t seem to include everyone on the list - doh&#33;&#33;&#33; I got the spam mail but not my explanation and apology...&#33;
    ​​Do not go gentle into that good night.
    Rage, rage against the dying of the light. (Dylan Thomas)​


  10. #10

    Join Date
    Aug 2006
    Posts
    178

    Default

    Ah, I have this unchecked:
    [ ] Send me any updates sent by the board administrator
    Enabling this option will add your email address to the administrators mail list and you will receive any updates sent.


    (My Controls > Email Settings)

    Plus, I found a list of vulnerabilities for this board software - http://secunia.com/product/330/?task=advisories

    It&#39;s quite worrying that so much is unpatched...
    If there was a competition for witty signatures, I'd come last.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •