Security Basics mailing list archives
Malicious PHP site(s)?
From: Sean G <vitamindster () gmail com>
Date: Wed, 8 Jun 2011 02:22:33 -0500
OK, for sometime now, I have been receiving odd emails from someone whom I do not know at all.. "Seth Spangler" his email address changing on an irregular basis. Basic it's just an email with a link that ends with .php. I don't have a testing machine at my disposal as of current.. I was wondering if some who knows php rather well, would be able to inform me of what happens when the link is clicked? (I have never clicked out to test it) or if you have heard of this person. If not, I do understand this is a busy list. Feel free to contact me directly as I would like to learn as much as possible about this -- well I assume it is an attack of some sort -- and what the consequences are. From what I have observed thus far is that this person has a long list of email address and is probably phising in one manner or another. Any help would be greatly appreciated. *************************************** The following is one of the emails with headers and all: __________________________START________________________________________ Delivered-To: vitamindster () gmail com Received: by 10.220.193.135 with SMTP id du7cs67631vcb; Tue, 7 Jun 2011 20:05:01 -0700 (PDT) Received: by 10.52.91.84 with SMTP id cc20mr173867vdb.306.1307502300568; Tue, 07 Jun 2011 20:05:00 -0700 (PDT) Return-Path: <sethspangler4 () aol com> Received: from imr-da06.mx.aol.com (imr-da06.mx.aol.com [205.188.169.203]) by mx.google.com with ESMTP id n6si58107vdf.155.2011.06.07.20.05.00; Tue, 07 Jun 2011 20:05:00 -0700 (PDT) Received-SPF: pass (google.com: domain of sethspangler4 () aol com designates 205.188.169.203 as permitted sender) client-ip=205.188.169.203; Authentication-Results: mx.google.com; spf=pass (google.com: domain of sethspangler4 () aol com designates 205.188.169.203 as permitted sender) smtp.mail=sethspangler4 () aol com; dkim=pass header.i=@mx.aol.com Received: from mtaomg-mb03.r1000.mx.aol.com (mtaomg-mb03.r1000.mx.aol.com [172.29.41.74]) by imr-da06.mx.aol.com (8.14.1/8.14.1) with ESMTP id p5834pQm029213 for <vitamindster () gmail com>; Tue, 7 Jun 2011 23:04:51 -0400 Received: from core-mde003a.r1000.mail.aol.com (core-mde003.r1000.mail.aol.com [172.29.46.9]) by mtaomg-mb03.r1000.mx.aol.com (OMAG/Core Interface) with ESMTP id 8EF57E000089 for <vitamindster () gmail com>; Tue, 7 Jun 2011 23:04:51 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mx.aol.com; s=20110426; t=1307502291; bh=7XxGUUe9lFyI9UIeYcEEa+tewyLGqKEK+3u/cr6J4U0=; h=To:Subject:MIME-Version:From:Content-Type:Message-Id:Date; b=yEYXHTEzdiEp6+UvI05vZgUpgvQ4JnnF9XpjOHvoMdHCspyP5kpqulDvXbBgYTaOr W65rDRxjrt2gxiJPiT9pA6c9C1BuWYZ5n4ksTAo7nmMAF0+H8YNzHAs1bTRleb5ISA C3PTOS1KFAJrZ2xBlehoFXv7FWgbRpgCbv1En6uA= To: vitamindster () gmail com Content-Transfer-Encoding: quoted-printable Subject: Re:.. X-MB-Message-Source: WebUI X-AOL-IP: 112.105.145.118 X-MB-Message-Type: User MIME-Version: 1.0 From: sethspangler4 () aol com Content-Type: text/plain; charset="us-ascii" X-Mailer: AOL Webmail 33790-MOBILE Received: from 112.105.145.118 by webmail-m160.sysops.aol.com (64.12.183.155) with HTTP (WebMailUI); Tue, 07 Jun 2011 23:04:51 -0400 Message-Id: <8CDF39FF7ED24D9-7D4-61DFA () webmail-m160 sysops aol com> X-Originating-IP: [112.105.145.118] Date: Tue, 7 Jun 2011 23:04:51 -0400 (EDT) x-aol-global-disposition: G X-AOL-SCOLL-SCORE: 0:2:159035312:93952408 X-AOL-SCOLL-URL_COUNT: 0 x-aol-sid: 3039ac1d294a4deee6d328dd http://orthodontic-clinic.gr/indexz45X.php ___________________________END________________________________________ -- If web address does not post please contact me and I either make a plain text file and post on my site or I can forward you what I have been receiving whichever is to your liking. Thank you, ---- Sean Golash University of District of Columbia Student/Researcher/Consultant Senior, BSIT Major* {**Emphasis on Security**}* GeoLocation: Washington, DC Web: http://seangolash.net ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Malicious PHP site(s)? Sean G (Jun 08)
- Message not available
- Malicious PHP site(s)? Attila Sukosd (Jun 09)
- Message not available
- RE: Malicious PHP site(s)? Sacks, Cailan C (Jun 09)
- Re: Malicious PHP site(s)? Andy Peters (Jun 10)
- Re: Malicious PHP site(s)? gold flake (Jun 12)
- Security requirments michele.maturo (Jun 13)
- Re: Security requirments Todd Haverkos (Jun 13)