Security Basics mailing list archives
Malicious PHP site(s)?
From: Sean G <vitamindster () gmail com>
Date: Wed, 8 Jun 2011 02:22:33 -0500
OK, for sometime now, I have been receiving odd emails from someone
whom I do not know at all.. "Seth Spangler" his email address changing
on an irregular basis. Basic it's just an email with a link that ends
with .php. I don't have a testing machine at my disposal as of
current.. I was wondering if some who knows php rather well, would be
able to inform me of what happens when the link is clicked? (I have
never clicked out to test it) or if you have heard of this person. If
not, I do understand this is a busy list. Feel free to contact me
directly as I would like to learn as much as possible about this --
well I assume it is an attack of some sort -- and what the
consequences are. From what I have observed thus far is that this
person has a long list of email address and is probably phising in one
manner or another.
Any help would be greatly appreciated.
***************************************
The following is one of the emails with headers and all:
__________________________START________________________________________
Delivered-To: vitamindster () gmail com
Received: by 10.220.193.135 with SMTP id du7cs67631vcb;
Tue, 7 Jun 2011 20:05:01 -0700 (PDT)
Received: by 10.52.91.84 with SMTP id cc20mr173867vdb.306.1307502300568;
Tue, 07 Jun 2011 20:05:00 -0700 (PDT)
Return-Path: <sethspangler4 () aol com>
Received: from imr-da06.mx.aol.com (imr-da06.mx.aol.com [205.188.169.203])
by mx.google.com with ESMTP id n6si58107vdf.155.2011.06.07.20.05.00;
Tue, 07 Jun 2011 20:05:00 -0700 (PDT)
Received-SPF: pass (google.com: domain of sethspangler4 () aol com
designates 205.188.169.203 as permitted sender)
client-ip=205.188.169.203;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of
sethspangler4 () aol com designates 205.188.169.203 as permitted sender)
smtp.mail=sethspangler4 () aol com; dkim=pass header.i=@mx.aol.com
Received: from mtaomg-mb03.r1000.mx.aol.com
(mtaomg-mb03.r1000.mx.aol.com [172.29.41.74])
by imr-da06.mx.aol.com (8.14.1/8.14.1) with ESMTP id p5834pQm029213
for <vitamindster () gmail com>; Tue, 7 Jun 2011 23:04:51 -0400
Received: from core-mde003a.r1000.mail.aol.com
(core-mde003.r1000.mail.aol.com [172.29.46.9])
by mtaomg-mb03.r1000.mx.aol.com (OMAG/Core Interface) with ESMTP id
8EF57E000089
for <vitamindster () gmail com>; Tue, 7 Jun 2011 23:04:51 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mx.aol.com;
s=20110426; t=1307502291;
bh=7XxGUUe9lFyI9UIeYcEEa+tewyLGqKEK+3u/cr6J4U0=;
h=To:Subject:MIME-Version:From:Content-Type:Message-Id:Date;
b=yEYXHTEzdiEp6+UvI05vZgUpgvQ4JnnF9XpjOHvoMdHCspyP5kpqulDvXbBgYTaOr
W65rDRxjrt2gxiJPiT9pA6c9C1BuWYZ5n4ksTAo7nmMAF0+H8YNzHAs1bTRleb5ISA
C3PTOS1KFAJrZ2xBlehoFXv7FWgbRpgCbv1En6uA=
To: vitamindster () gmail com
Content-Transfer-Encoding: quoted-printable
Subject: Re:..
X-MB-Message-Source: WebUI
X-AOL-IP: 112.105.145.118
X-MB-Message-Type: User
MIME-Version: 1.0
From: sethspangler4 () aol com
Content-Type: text/plain; charset="us-ascii"
X-Mailer: AOL Webmail 33790-MOBILE
Received: from 112.105.145.118 by webmail-m160.sysops.aol.com
(64.12.183.155) with HTTP (WebMailUI); Tue, 07 Jun 2011 23:04:51 -0400
Message-Id: <8CDF39FF7ED24D9-7D4-61DFA () webmail-m160 sysops aol com>
X-Originating-IP: [112.105.145.118]
Date: Tue, 7 Jun 2011 23:04:51 -0400 (EDT)
x-aol-global-disposition: G
X-AOL-SCOLL-SCORE: 0:2:159035312:93952408
X-AOL-SCOLL-URL_COUNT: 0
x-aol-sid: 3039ac1d294a4deee6d328dd
http://orthodontic-clinic.gr/indexz45X.php
___________________________END________________________________________
--
If web address does not post please contact me and I either make a
plain text file and post on my site or I can forward you what I have
been receiving whichever is to your liking.
Thank you,
----
Sean Golash
University of District of Columbia
Student/Researcher/Consultant
Senior, BSIT Major* {**Emphasis on Security**}*
GeoLocation: Washington, DC
Web: http://seangolash.net
------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase,
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------
Current thread:
- Malicious PHP site(s)? Sean G (Jun 08)
- Message not available
- Malicious PHP site(s)? Attila Sukosd (Jun 09)
- Message not available
- RE: Malicious PHP site(s)? Sacks, Cailan C (Jun 09)
- Re: Malicious PHP site(s)? Andy Peters (Jun 10)
- Re: Malicious PHP site(s)? gold flake (Jun 12)
- Security requirments michele.maturo (Jun 13)
- Re: Security requirments Todd Haverkos (Jun 13)