Quote:
|
Originally Posted by theSpear
If you dont vote and you can. Shut the **** up.
|
No, I think that YOU can shut the **** up you piece of garbage, SPEAR!!!
eyelfixit
Senior Member
Join Date: 10-13-03
Posts: 425
Exclamation A wannabe hacker in our midst!
Hey guy's I know it's been a really long time that I haven't been around but I figured I definatly should warn you about a member here whom has been trying to constantly attack me in several different ways. Here is proof of his last attemtp to attack me and here is how I back traced him. Johnscott, this member also hosts 2 domains on your server which the attacks originated from.
Attack description:
Kyle Masters A.K.A. "Thespear" has sent me an infected, spoofed email. here are the header details:
X-Apparently-To: eyelfixit @ yahoo.ca via 216.136.226.198; Mon, 13 Sep 2004 17:04:43 -0700
X-YahooFilteredBulk: 209.78.94.122
X-Originating-IP: [209.78.94.122]
Return-Path: <spear@thespear.net>
Received: from 209.78.94.122 (HELO NORMA-Q3YJN8ULN.com) (209.78.94.122) by mta112.mail.re2.yahoo.com with SMTP; Mon, 13 Sep 2004 17:04:43 -0700
Date: Mon, 13 Sep 2004 17:03:46 -0800
To: eyelfixit @ yahoo.ca
Subject: Hey!
From: christina @ yahoo.ca Add to Address BookAdd to Address Book
Message-ID: <cindkglpdbykdawbnkh@yahoo.ca>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="--------ociezhepgnczxzvdwkje"
Content-Length: 44652
Hey Eyelfixit,
I Like You!
Further details are in attach.
Sincerely, Christina
Attachment
myphoto7.jpeg
.jpeg file, 144x120, 4k
Attachment scanning provided by:
Scan and Download Attachment
Scan and Save to my Yahoo! Photos
Attachment
Scan MoreInfo.scr for Viruses
MoreInfo.scr
.scr file
Attachment scanning provided by:
Scan and Download Attachment
Scan and Save to my Yahoo! Briefcase
The HTML graphics in this message have been blocked. [Show HTML Graphics - Edit Preferences]
>>>>>
Virus Details:
File name: MoreInfo.scr
File size: 38kb
File type: application/octet-stream
Scan result: Virus "W32.Beagle.W@mm" found.
The file attached to this message was infected with a virus that we were unable to clean. You can not download this attachment.
>>>>>
Check out the return path, I ran a whois through internic which gave me these results:
Domain Name: THESPEAR.NET
Registrar: TUCOWS INC.
Whois Server: whois.opensrs.net
Referral URL:
http://domainhelp.tucows.com
Name Server: NS1.V7N.COM
Name Server: NS2.V7N.COM
Name Server: NS3.V7N.COM
Name Server: NS4.V7N.COM
Status: ACTIVE
Updated Date: 09-may-2004
Creation Date: 16-jul-2003
Expiration Date: 16-jul-2005
>>> Last update of whois database: Tue, 14 Sep 2004 06:46:26 EDT <<<
Which led me back to this forum. I then checked out the usernam: thespear
View Profile: theSpear
theSpear
Senior Member
Kyle Masters
PHP Programming
Home Page:
http://www.theSpear.net
http://www.phprograms.com/
http://www.ODDBALLIN.COM
Location:
Atlanta, GA
Interests:
Graphic Design
Occupation:
Student
AIM: sp3ar123
MSN:
spear@thespear.net
Yahoo: spearman123
Other evidence of attacks:
http://www.sitelibrary.net/community/viewnews/201
This user is also a member of these forum/sites:
www.graphics-central.com/forums
www.phpbb.com
www.webmasters-market.com
www.ozzu.com
www.v7n.com/forums
www.automotiveforums.com/vbulletin
www.sitepoint.com
forums.webdeveloper.com
www.webmaster-talk.com
forums.hotscripts.com
www.photoshopcontest.com
www.phpbuilder.com
www.dailylinx.com
forum.ebaumsworld.com
cariad.co.za
www.webhostingtalk.com
www.namepros.com
www.sitepoint.com/forums/
www.letsplayclan.com/
www.camperswelcome.org
www.automotiveforums.com
www.tech-forums.net
www.hotscripts.com
>>> ALL of these sites have been notified of this users activities and if attacked furthermore, I will post similar posts in all those forums and more Kyle. SO STOP IT! You've been made ya lil wannabe.
Your not to clever for a sixten year old boy whom likes half life to much are ya there Kyle?
Oh and by the way .... you got a major FTP hole in your template which you used to build your site there master php programmer, lol ....
http://www.thespear.net/templates/visualpixel/images/
Disclaimer: This is not an accusation, as proved above this is a real attack attempt. The only reason why I am displaying this is to inform everyone on this lil fella who for about 2 years with his lil lame buddy's (Jas, Mike) have been trying to get me. Awwwwwwwwwww, sorry you had to get busted! NOT.
Eyelfixit
__________________
Simply glad to be back!
Last edited by eyelfixit : Today at 05:14 PM.
eyelfixit
Senior Member
Join Date: 10-13-03
Posts: 435
Default
The .zip files may arrive as part of an email message with a spoofed From address. This address may sometimes be created using the local domain, giving the appearance that it was sent from someone at the same ISP or company as the recipient. For example, if your email address is
user@ispname.com, then the spoofed From address may be something like
support@ispname.com.
email was sent from yahoo addy to yahoo addy ... THE ORIGINAL SENDER IS SPEAR <return path>
__________________
Simply glad to be back!
