Spam email from a Linode to my email account... wtf?
Delivered-To: <snip>
Received: by 10.220.73.196 with SMTP id r4cs470363vcj;
Tue, 22 Dec 2009 14:31:56 -0800 (PST)
Received: by 10.142.250.21 with SMTP id x21mr6174126wfh.169.1261521115738;
Tue, 22 Dec 2009 14:31:55 -0800 (PST)
Return-Path: <zoko99@li44-214.members.linode.com>
Received: from li44-214.members.linode.com (li44-214.members.linode.com [72.14.181.214])
by mx.google.com with SMTP id 19si9547315pxi.32.2009.12.22.14.31.50;
Tue, 22 Dec 2009 14:31:55 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of zoko99@li44-214.members.linode.com designates 72.14.181.214 as permitted sender) client-ip=72.14.181.214;
Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of zoko99@li44-214.members.linode.com designates 72.14.181.214 as permitted sender) smtp.mail=zoko99@li44-214.members.linode.com
Message-ID: <01CA8356.532158ED@li44-214.members.linode.com>
X-Priority: 3 (Normal)
Subject: ***Best price***
From: <zoko99@li44-214.members.linode.com>
Date: Tue, 22 Dec 2009 22:30:22 +0500
To: <snip>
Reply-To: <zoko99@li44-214.members.linode.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 7bit
All congratulations.
grussschinner-eck.de/wtfywn.html?</zoko99@li44-214.members.linode.com></snip></zoko99@li44-214.members.linode.com></zoko99@li44-214.members.linode.com></snip>
3 Replies
whois
On a similar and not totally irrelevant note, I use unique email addresses (aliases for my main account) for each service I register online and those I always designate as private, ie. not published, especially on forums.
Recently I received single spam message for my address that I used only, and only to register on Netbeans forums.
That can mean only one thing: insider trading. Or an SQL injection that revealed entire userbase, complete with email addresses, to some script kiddie.
Come to think of it, they use(d) same phpbb version as Linode, unless I'm totally wrong (and I probably am, I don't like or use phpbb), judging from the copyright notice (© 2001, 2005). I think that's phpBB 2.x
@Azathoth:
That can mean only one thing: insider trading. Or an SQL injection that revealed entire userbase, complete with email addresses, to some script kiddie.
I tend to use unique email addresses as well, and saw a similar thing happen to me in February. I got simultaneous spam to two accounts that I had set up for two specific online retailers. My guess is that they had the same hosting provider, and the provider was compromised.