52 replies to this topic

[pseudocoder]

Mercules, on 20 February 2013 - 01:37 PM, said:

Ummmm...

Yes, there was a Redirect script. During that time if you attempted to log into the forum they probably did capture your e-mail address as that is your username and possibly your password which you went and changed when you found out because you read the announcements, right?

Just a note, that amounts to a client-side vulnerability. PGI's website was malicious at that point but you also have a responsibility to protect your computer from compromised websites. A decent virus scanner will pick up the malicious script as soon as you load the page and BEFORE you enter your credentials.

Edited by pseudocoder, 20 February 2013 - 01:42 PM.

[Fiachdubh]

Hey I just got this great eye opening fact sheet about how Sandy Hook was a hoax! Thank God the internet is here to tell us the truth. Now to wait for that Nigerian Prince to finish depositing his millions into my bank account. What a day!!

[Kylere]

You have a registered domain, %variable%@registereddomain.sux

Before you make accusations of malfeasance it is better to be aware of what the flux capacitor you are talking about.

[Particle Man]

Looks like OP needs to get himself some internet security software.

i dont know if it's a good thing that someone that runs his own mail server (wtf that means) and registers websites doesnt know to secure his own system and then accuses other sites when he gets spammed due to his lack of security.

[Kraven Kor]

You've never heard of SMTP Spoofing or other nefarious tricks to make an email look like it came from "someone you know?"

MWO is not sending you spam.

You are getting spam that is pretending to come from MWO.

[Ihasa]

I never got that particular email at the address I registered for MWO. I did however get it quite some time ago at an email address I use for online shopping and just laughed at the inferior intellect of the tin foil crowd before pressing delete.

[Loewe]

Kraven Kor, on 20 February 2013 - 01:46 PM, said:

You've never heard of SMTP Spoofing or other nefarious tricks to make an email look like it came from "someone you know?"

MWO is not sending you spam.

You are getting spam that is pretending to come from MWO.

Like the op said, the email does not pretend to come from mwo. In my case it pretended to come from son@liberty.net.
You should start with reading the posts before posting your completly off topic smtp stuff.

[Felicitatem Parco]

Moving to Website and Forum Support

[Mercules]

pseudocoder, on 20 February 2013 - 01:41 PM, said:

Just a note, that amounts to a client-side vulnerability. PGI's website was malicious at that point but you also have a responsibility to protect your computer from compromised websites. A decent virus scanner will pick up the malicious script as soon as you load the page and BEFORE you enter your credentials.

Yep! But it is a way for them to have gotten his super secret E-mail address without PGI selling them.

[Id]

pseudocoder, on 20 February 2013 - 01:37 PM, said:

You may understand how SMTP works, but you obviously don't understand how running an SMTP server works. Get a spam and phishing filter installed, and subscribe to a blacklist. You can't secure your mailbox or filter unwanted mail by obscuring your email address(es).

Clearly, you are more pseudo than coder. You can even see the spam filter in the header. I use a couple of RBLs, but I don't like to rely heavily on them, they are prone to false positives. If you know anything about spam filtering, you should be able to easily tell which filter I'm using based on the headers I left in the e-mail I pasted.

The main point of the obscure e-mail addresses is tracking, not anti-spam. A couple decades ago, I started the practice of doing that as an easy way to filter mailing lists into nice organized folders. (sometimes I still miss procmail) Now I have much more sophisticated ways of filtering into folders, but I kept the one email address per site registration practice just because. (and also it lets me just delete it rather than trusting to an unsubscribe)

[Inertiaman]

pseudocoder, on 20 February 2013 - 01:37 PM, said:

You don't understand how injection attacks work. They take advantage of the ability to post malicious content to target a web server's clients, not the server itself. Therefore it is very unlikely that the attackers ever had access to a back-end server that would contain anyone's e-mail address.

I understand that roboform wouldn't allow me to enter credentials or log on during the event itself because the url didn't match the passcard yet I get the mail. There's also several peeps in my clan who don't touch the forum/site who continue to receive the mails. There was a redirect to a site serving the blackhole, but it was achieved by exploiting this site.

It's really not a big deal in and of itself, anyone running a browser old enough to be vulnerable needs to click ok more. The insulting refusal to properly deal with the issue was v poor though.

[pseudocoder]

Id, on 20 February 2013 - 02:15 PM, said:

Clearly, you are more pseudo than coder.

The main point of the obscure e-mail addresses is tracking, not anti-spam.

OK I guess I deserve that in return. I did not look at the header you posted.

Either way, coming on this forum and accusing PGI of selling e-mail addresses, or being unaware of compromised DB servers with only circumstantial evidence to support your claim is sort of bad form, don't you agree?

I don't know, I guess given the current state of SMTP and spam, I find it ridiculous that anyone could think to avoid spam completely by obscuring their address(es). Just delete it, tune your filter, and move on.

Edited by pseudocoder, 22 February 2013 - 01:08 PM.

[pseudocoder]

Inertiaman, on 20 February 2013 - 03:27 PM, said:

The insulting refusal to properly deal with the issue was v poor though.

Can you clarify what would be involved in properly dealing with the issue? I believe what they did do was fix the website and make an official announcement about what happened with the attack. Do you believe the announcement was incomplete? Should they have done something else?