PDA

View Full Version : GEH Email list hacked



CurtTampa
12-10-2007, 01:17 AM
I setup a special email address for every place I need to sign up at. My email address for Google Earth Hacks forum is receiving 2-3 paypal phishing emails every day now. That email address has and was used ONLY HERE. Be Warned.

Mickey
12-10-2007, 02:06 AM
I've got the hosting company looking into the security of the server right now. I'm not aware of anything happening, but they'll find out for sure.

esemwy
12-10-2007, 02:54 PM
I used a disposable address to sign up some time ago. Within the last week I've started receiving spam to that address.

Mickey
12-10-2007, 04:57 PM
It seems it was a vulnerability in the version of ImpEx that we had installed a while back. It was used to convert the original message board over to vBulletin. The software has been removed (we no longer need it) and therefore the vulnerability is now eliminated.

It appears that only some of the addresses got out, but I'm still looking into it. I have a couple of accounts on here for testing purposes (using unique e-mail addresses) and neither of them have seen anything.

SpiderX22
12-10-2007, 07:50 PM
I only have 1 email account so I would never have caught this..plus I have spam filters.

One quick question though..

"paypal phishing emails"

Do they automatically look through your stuff or do you have to click the email for it to start "phishing"?

Mickey
12-10-2007, 07:54 PM
One quick question though..

"paypal phishing emails"

Do they automatically look through your stuff or do you have to click the email for it to start "phishing"?
Phishing works by sending you to a fake site (in this case, Paypal) and asking you to log-in. It'll say something like "There was a charge of $57 to your Paypal account. <i>Click here</i> to log-in and verify the transaction." If you try to log-in to the site (the URL will be something like www.somerandomsite.com/whatever/www.paypal.com/login), the information that you enter (name & password) is sent to them. They then proceed to the real Paypal site, enter the username and password that you just gave them and then do evil things.

Phishing e-mails work a very small percent of the time -- most spam filters block them, and most people are wise enough not to fall for it. Still, it's not a good thing to have happen.

Poomuckl
12-10-2007, 09:51 PM
I only have 1 email account so I would never have caught this..plus I have spam filters.

One quick question though..
"paypal phishing emails"
What made you come up with paypal now?

I'm asking because last week I got my first two spam mails to my present account and guess what: It was paypal phishing. I ought to reactivate my not existing account.
And currently eBay wants me to find perfect presents. Never got mail from them up to know and I've no account.

Maybe it's the same stuff you got.

Gandolf
12-12-2007, 02:21 AM
I am still getting them. I keep reporting them "Uncle Billy Gates" we will see what happens. I don't use paypal, so it was easy to figure this one out.

Appletom
12-12-2007, 04:37 AM
I also have a unique email address used for GEH (and all forums) and I've received no spam or phishing emails to my GEH @ Appletom . com address.

CurtTampa
02-17-2008, 08:28 PM
I am receiving 'Your paypal account has been locked' phishing emails to an email address used ONLY in this forum.

Mickey
02-18-2008, 02:47 AM
I am receiving 'Your paypal account has been locked' phishing emails to an email address used ONLY in this forum.
We already know and the problem has been dealt with. Why are you posting this again?