Results 1 to 8 of 8
  1. #1
    Join Date
    Jan 2002
    Location
    Ohio
    Posts
    3,139

    * LOL... It looks like I'm spamming myself...

    I've been receiving some emails from myself... Does anyone know of a way to block this BS? I've looked at this below and should I just block the IP 212.249.12.194 or is there more to this? Too bad only a few people know what MGCJerry even means...

    Does anyone else get this kind of crap?

    From [email protected] Fri Jun 14 17:53:01 2002
    Return-path: <[email protected]>
    Envelope-to: [email protected]
    Delivery-date: Fri, 14 Jun 2002 17:53:01 +0100
    Received: from [212.249.12.194] (helo=localhost1611.com)
    by hazel.vosn.net with smtp (Exim 3.35 #1)
    id 17IuHe-0007Zb-00
    for [email protected]; Fri, 14 Jun 2002 17:50:52 +0100
    From: "mgcjerry" <[email protected]>
    Reply-To: "mgcjerry" <[email protected]>
    To: [email protected]
    Date: Fri, 14 Jun 2002 12:53:23 -0400
    Subject: 6/14/2002 12:53:23 PM
    X-Mailer: Microsoft Outlook Express 5.00.2919.1990
    MIME-Version: 1.0
    X-Precedence-Ref: 1234056789zxcvbnm
    Content-Type: text/html; charset="us-ascii"
    Content-Transfer-Encoding: quoted-printable
    Message-Id: <[email protected]>
    Glioblastoma Multiforme (GBM) Brain Cancer Awareness. May is Brain Cancer awareness month. Gray Matters!
    Incurable, 6-18 months prognosis, survivors longer than 3 years less than 1% chance.
    Don't like what I say? Ignore me.

  2. #2
    Join Date
    Aug 2000
    Location
    Tacoma, Washington
    Posts
    9,576
    looks like someone who has your address in their address book got whacked with the Klez virus. It's pretty much the MO of this one. It collects an e-mail address from the book before it sends itself so it can hide somewhat.

    I've had a few people contact me asking what this odd e-mail was. The first time I went pale, checked my virus definitions then ran a full scan... twice. Was all clear.

    About all you can do do is make sure your backyard is clean.

    Greg Moore
    Former Webhost... now, just a guy.

  3. #3
    Join Date
    Jan 2002
    Location
    Ohio
    Posts
    3,139
    Well... At least you have an idea what it might be, but it was a nice HTML advertisment for a "email mailing list", so I said the heck with this, since I will never email myself, I blocked anything from [email protected] in cPanel. This wasnt my first one of these.

    Either way

    SPAMMERS

    KLEZ

    *gasp* me in someone's addressbook... Well, theres always a first to everything.
    Glioblastoma Multiforme (GBM) Brain Cancer Awareness. May is Brain Cancer awareness month. Gray Matters!
    Incurable, 6-18 months prognosis, survivors longer than 3 years less than 1% chance.
    Don't like what I say? Ignore me.

  4. #4
    Join Date
    Aug 2000
    Location
    Tacoma, Washington
    Posts
    9,576
    well you might have ended up on someone's list I suppose. I know a few ass-scratches have added my personal address to spam lists for whatever reason, as well as our support address - I'm presuming people canned for spamming, or enquires along the same lines. Possible that address is being used as a bounce?

    Spammers are filthy dirtbags and I have no doubt they'd jump at the chance to use a legit address to whore their wares, as long as it doesn't get back to them

    Greg Moore
    Former Webhost... now, just a guy.

  5. #5
    Join Date
    Aug 2000
    Location
    NYC
    Posts
    6,627
    Regarding Klez, by the way -- and no, that doesn't look like a Klez email header to me, several of the lines don't fit the mold, but since it was mentioned -- you don't have to be in someone's address book in order to be the recipient of "from:" address in their Klez-generated mail. The program will search for email addresses in other places too, most importantly perhaps in your browser cache. So if your address is on a web page and someone who has visited that page has Klez active on their machine, your address could be one that is used.
    Specializing in SEO and PPC management.

  6. #6
    Join Date
    Jan 2002
    Location
    Ohio
    Posts
    3,139
    Well I did a run to spamcop, and found that IP 212.249.12.194 was blacklisted, but I don't know if I did the right IP..

    212.249.12.194 is and should be listed.
    Did I lookup the right IP, (I will block this IP if I did the lookup right )

    So far though, I havent received anymore from myself yet
    Glioblastoma Multiforme (GBM) Brain Cancer Awareness. May is Brain Cancer awareness month. Gray Matters!
    Incurable, 6-18 months prognosis, survivors longer than 3 years less than 1% chance.
    Don't like what I say? Ignore me.

  7. #7
    Join Date
    Sep 2000
    Location
    Alberta, Canada
    Posts
    3,109
    Blocking the IP address (which is correct) might do some good, but I don't know how much.

    Looks like someone doing some retaliation against "monkeys.com" as they provide the "WPoison" script -- it provides dummy addresses to Spam Bots.

    whois for 212.249.12.194 : [email protected]
    Using last-resort contacts:[email protected]
    Whois found: [email protected]
    [show] "nslookup 194.12.249.212.formmail.relays.monkeys.com" (checking ip) not found
    [show] "nslookup 194.12.249.212.proxies.relays.monkeys.com"

    Most likely, they are using a script to provide phony "From" addresses and trying to hide themselves. Mind you, "ch" which is China, is well known for using Servers (with approval) for Spamming.

    I too, have received Email using my Domain Name as the "From" and "To" addresses, but I was able to track it down to an ISP with an open relay. Someday, all open relays will be closed. It's shame really, when the Internet protocols were being put together and people thought it would be used with integreity by all, they didn't think about not everyone having the same frame of mind. Oh well.
    PotentProducts.com - for all your Hosting needs
    Helping people Host, Create and Maintain their Web Site
    ServerAdmin Services also available

  8. #8
    Join Date
    Mar 2002
    Location
    Northern Ireland
    Posts
    272
    hmmm... I think may mate has got sometihng like that before, and as far as I know blocking the IP address doesn;t have any affect

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •