Welcome to WebmasterWorld Guest from 54.163.168.15

Forum Moderators: lawman

Received a spam email today to my webmasterworld dedicated email alias

   
12:05 am on Aug 7, 2014 (gmt 0)

10+ Year Member



Well today I received a spam email at webmasterworld(at)mycompanyname.com. This email was made as an alias and specifically only to webmaster world. I can't even send email from this address so there is no way other than this site for it be harvested. Today for the first time ever I received spam to this email from vViagra and a tiny url that of course I did NOT click on... I'm changing the email today (and deleted the old one) along with my password. I don't know if the database of this site was compromised or someone on the inside hoped to make some money by selling lists....I do know it's unlikely they 'guessed' that particular email. Hopefully that will be the last of it. If it happens again on the new one I'm creating...then there is an ongoing issue at work here. Has anyone else received this spam email?
12:28 am on Aug 7, 2014 (gmt 0)

WebmasterWorld Administrator incredibill is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



There's no issue here or we'd get lots of complaints.

More than likely it was harvested from your email or server, esp. if you have shared hosting.

Do you use gmail, yahoo mail, or any of the others that have been relentlessly harvested for your primary domain?
1:55 pm on Aug 7, 2014 (gmt 0)

WebmasterWorld Administrator brett_tabke is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



You've been here for over a decade and probably received alot of notifications from the site before. eg: email rolling across many networks.

ISP's sell email addresses that come across their networks and even some peering partners sell email addresses that pass on their backbone networks.

Want to test your ISP? Create a super long email address of random numbers and letters. Then send yourself email at Gmail or yahoo. Sometimes as soon as an hour you will get spammed. Other times it can be months.

Here is a fun one: create an email address and never use it and watch it get spam. How? Your isp or an admin sold the account names - or the email system is compromised for no other reason than to harvest email addresses.
2:31 pm on Aug 8, 2014 (gmt 0)

WebmasterWorld Senior Member penders is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month



I posted a similar question a few months back...
I get spam to my Webmaster World email address. [webmasterworld.com]
2:47 pm on Aug 8, 2014 (gmt 0)

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



Some time back I generated a number of random, not guessable, e-mail addresses.
Most received spam within 6-months, and the ones that didn't were never actually used for anything. That indicates to me the exercise of sending an e-mail is where the sniffers start their work. The precise route for the sent e-mail is probably difficult to know, but all that is needed is a sniffer in between and the e-mail is harvested. The same thing happened in reverse when I sent one e-mail, from a safe computer, to one of those addresses.

If the unused ones get spam it will point to the isp having been hacked, or sold on e-mails, or simply suffered a bot attack.

The experiment is still ongoing.
3:12 pm on Aug 8, 2014 (gmt 0)

WebmasterWorld Senior Member penders is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month



...probably received alot of notifications from the site before.


That indicates to me the exercise of sending an e-mail is where the sniffers start their work.


Although, it would seem that in Voxman's case, the last time they posted on WebmasterWorld was close to 5 years ago!? Which, if the email address is only ever used with WebmasterWorld, was the last time an email was sent to that address and the last time the email address was "exposed"?

Is the "homepage" link in your profile associated with "mycompanyname.com", or even your username?

A wild guess perhaps? (In 5 years there could have been a lot of wrong guesses!?)
5:00 pm on Aug 8, 2014 (gmt 0)

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



Although, it would seem that in Voxman's case, the last time they posted on WebmasterWorld was close to 5 years ago!? Which, if the email address is only ever used with WebmasterWorld, was the last time an email was sent to that address and the last time the email address was "exposed"?


Posting date is not an indication of the last time e-mail was used: Subscriptions or even old mailing list harvested some time back could have be re-used. I've seen old e-mails from ten years ago receive e-mail spam when they were removed, or remained unused for a number of years. The e-mail spammers don't care about accuracy, they only care about having adequate records to spam.

Is the "homepage" link in your profile associated with "mycompanyname.com", or even your username?


It's the same with any publicly displayed profile. The spammers will harvest what data they can get, and they will try all sorts of ways to follow links and sites.

I suspect it's not uncommon for people to use specific addresses with specific services, and that e-mail may be the service name. It's easily guessable.
5:52 pm on Aug 10, 2014 (gmt 0)

5+ Year Member



Spammers will affix all known usernames to all known domain
names to sent out their crap. After all, the incremental
cost is ZERO.

E.g., a valid email discovered viz: webmasterworld@example.com
would result in "webmasterworld" being prefixed to every domain
named to be spammed. They're using what I call the "John Theory".
If there is a john@example.com, there is a very good chance there
are plenty of john@everyplace.else.

I utilize a wildcard email account (and a Very Good spam pre-
processor: Maia). I regularly see spam of the like:
joe@ , bob@ , citi@ , wellsfargo@ , susan@ , etc., usw.
in the Maia spam cache -- even tho' none of those email addys
are in use here. And, I see the obfuscation varieties.
To wit: linkedin_2014@ , yahoo_1952@ , john099@ , etc.

Tho', I don't really spend much time investigating all the
crap that shows up in the spam cache each day. I check every
so often to see what new tricks the slimeballs are up to.
The description above covers a Very Old 'Trick'.

Jonesy
7:21 pm on Aug 11, 2014 (gmt 0)

10+ Year Member



again...this is an alias....no email can be sent from it therefore there was no way to harvest. I think Jonesy might be on to something except I find it hard to believe they would think that webmasterworld@companyname.com would be as good as let's say john@companyname.com We do not have shared hosting and have a very secure server. Interesting about the sniffers though...I never thought of that possibility.
3:14 am on Aug 12, 2014 (gmt 0)

WebmasterWorld Senior Member tangor is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month



The spammers don't care, or worry, if their addesses are known to be goo. They burst sent to ALL of them, after all, computers don't get tired, they just wear out. :) (hardware MFGs usually guarantee 50,000/hrs MTBF, or about 5.7 YEARS 24/7/365)

I have systems appraoching 19 years of age, and all of them capable of pushing this kind of krap hour after hour, day after day... and the name rotators at 100-399 emails batch just keep pushing out bogus addresses or the DOMAIN which is what they are really after... It's all about numbers...

Will ask if you received within the last year an update of service at Webmasterworld (most of us did regarding the new home page layout) to that not used but placed in your profile email address. If that's the case I suspect that NETWORK SNIFFERS at ISPs outside of Webmasterworld, or YOUR ISP (though they might be doing that, too!) are the place which sold off your address... and it ended up on a spammer's list.
8:56 am on Aug 13, 2014 (gmt 0)

10+ Year Member




System: The following message was spliced on to this thread from: http://www.webmasterworld.com/webmasterworld/4695105.htm [webmasterworld.com] by engine - 10:05 am on Aug 13, 2014 <small>(utc +1)</small>


In my mailserwer log files I see that someone was trying to log-in using my email address and password used to login to webmasterworld forums.

Those are unique - were given nowhere else but webmasterworld. It wasn't brute-force/dictionary. Someone knew the email and password associated with it and tried to log-in to my mailserver.

I noticed some spam on that email address too - also see "Voxman" post.

Therefore I assume that webmasterworld email&password database leaked to spammers. As far I can see it happened before 25 Dec 2013.
2:12 pm on Aug 13, 2014 (gmt 0)

WebmasterWorld Administrator brett_tabke is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



> again...this is an alias....no email can be sent from it therefore there was no way to harvest.

There are a dozen hops between the site and you. All dozen of them could have harvested your email. You have had it for 10 years and received alot of notifications from this site.

Then there is your email server - most email servers have been stealth compromised atleast once in the last decade.

If there were an issue with privacy and WebmasterWorld used email addresses - there would be 500 reports in here. Not 2.

How do you think those guys in Russia got 1billion usernames and passwords and no one noticed until they found the database of valid usernames and passwords? What hole in what software allowed them to acquire all those valid ids?

> database leaked to spammers.

Absolute bs. If there were an issue, there would be hundreds of reports. There have been nearly a million accounts made on WebmasterWorld in the last 15 years. We'd of heard of an issue by now - go figure. I'd check your own password program and computer for viruses and malware. You easily could have had someone sniff those u/pw id's.

Moving the site to full https is something that has been under discussion. That would block username/password submission from being sniffed on your own network.
6:53 am on Aug 14, 2014 (gmt 0)

10+ Year Member



Absolute bs. If there were an issue, there would be hundreds of reports. There have been nearly a million accounts made on WebmasterWorld in the last 15 years. We'd of heard of an issue by now - go figure. I'd check your own password program and computer for viruses and malware. You easily could have had someone sniff those u/pw id's.


I can't believe there is "admin" under your name. I told you that your db was hacked. And you're accusing me of being lame without checking things on your side FIRST and checking what kind of administrator I am SECOND.

If you dare to check - my previous visit was in ~2004 (10 years ago). The password for this forum was never stored anywhere but this forum since then - due to multiple OS reinstall erasing entire hdd.

And now I see in my log files that someone tried to log-in using credentials used for this forum ONLY and not used/stored for 10 years. For 10 years the login/pwd was never traveling through the net.

If it is the first time you hear about this - so be it. Now do run do some checks on your side. Hint: check in your mailserver logs if someone tried to log in into your mailbox using credentials from webmasterworld forum.
10:20 pm on Aug 18, 2014 (gmt 0)

5+ Year Member



heh.. Just today I received a spam to my Webmaster World email
addy that scored low enough to slip under the rigorous spam
filtering at my ISP. I'm not sure if that email addy has been
otherwise spammed, because I rarely investigate/inspect the slime
that shows up in the spam bucket.

But, one conspiracy theory just might attribute the result to
my participation in this thread. heh...

Jonesy
3:30 am on Aug 19, 2014 (gmt 0)

WebmasterWorld Senior Member tangor is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month



And now I see in my log files that someone tried to log-in using credentials used for this forum ONLY and not used/stored for 10 years. For 10 years the login/pwd was never traveling through the net.


It is the same address you used to join WW? That then would be the address that WW used to notify you of changes, announcements, etc. and thus might have been sniffed over the years. That does not imply a data breach at WW.
11:35 am on Aug 19, 2014 (gmt 0)

WebmasterWorld Administrator incredibill is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



WebmasterWorld has over 100K members, many that use a dedicated email address, and there would be a flood of complaints if there was a real issue.

I could give you about 20 ways your email address could be captured by wifi sniffers, hacked hosts, etc.

WebmasterWorld sends you email, therefore it leaves a trail that can be discovered and harvested at 2rd party locations.

Hope that helps.
1:23 pm on Aug 19, 2014 (gmt 0)

WebmasterWorld Senior Member fotiman is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month



I think the most important piece of info from lemat's first message was this:

using my email address and password used to login to webmasterworld forums

The email address could be harvested any number of ways, as already discussed above. But if lemat's webmasterworld password is unique to WebmasterWorld (as stated above), AND it's not some generic password like "1234", AND the attempts to access the mailbox did not include thousands of other attempts with random passwords, then that does imply that there may have been a data breach at WebmasterWorld and should be taken very seriously by the admin's here. It is worth investigating.
7:46 pm on Aug 24, 2014 (gmt 0)

10+ Year Member



I think there must be a language barrier since english is not my primary language - because almost everyone is not able to read&understand a word from my posts.

You said:
@tangor
might have been sniffed over the years

@incrediBILL
could be captured by wifi sniffers, hacked hosts, etc


I said:

For 10 years the login/pwd was never traveling through the net.

...(10 years ago). The password for this forum was never stored anywhere but this forum since then


So, tell me how exactly my email and my password might be sniffed? How exactly something which haven't been used, stored or transmitted ON MY SIDE, could be sniffed FROM ME?


I said: you were hacked.
You (admins here) said: No, it was you who were hacked.
And now we are playing ping-pong trying to put the blame on the other's side.
I am able to back my words with facts - you have only wild guesses.

@Fotiman
At least someone understood me. Thank you.

By the way: I guess everyone rushed to the mailserver logs to check if there has been such login attempts or at least changed passwords? Riiiiight?
1:13 pm on Sep 12, 2014 (gmt 0)

WebmasterWorld Administrator brett_tabke is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



>So, tell me how exactly my email and my password might be sniffed?

When you login here - your name/password travels through atleast two dozen systems. Anyone of those could have read it. More-than-likely, your isp sold the data. (almost all major isp's around the world sell data)
1:42 pm on Sep 12, 2014 (gmt 0)

WebmasterWorld Senior Member fotiman is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month



Brett, didn't you read the next sentence?
How exactly something which haven't been used, stored or transmitted ON MY SIDE, could be sniffed FROM ME?

I read this to mean that lemat hasn't logged in for years, and so therefore that username/password would not be traveling anywhere.
4:58 pm on Sep 18, 2014 (gmt 0)

WebmasterWorld Administrator brett_tabke is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



Yes I did Fotiman. If there were a problem, it would be well known by now. Far to many industry tech nerds here for red flags to be flying like snow if there were an issue.

First place to start, is to check your machine - and every machine over that many years - for malware.
5:40 pm on Nov 20, 2014 (gmt 0)

10+ Year Member



How exactly any malware on my side might sniff something which is not stored on my side?!

How exactly a rogue ISP might sniff something which wasn't travelling through the net?
 

Featured Threads

My Threads

Hot Threads This Week

Hot Threads This Month