Sandbox

Posted: **Mon Jan 28, 2008 10:13 pm**

Hello
I just got a fraud email (pretending to be from bank) coming from your IP, this is the email header:

Return-Path: <[email protected]>
Received: from xxx.com.au ([xxx.xxx.xxx.xxx] verified)
  by xxx.com.au (CommuniGate Pro SMTP 5.2c4)
  with ESMTPS id 3225994 for [email protected]; Tue, 29 Jan 2008 08:54:17 +1100
Received-SPF: none (xxx.com.au: 69.72.133.226 is neither permitted nor denied by domain of localhost.joomlanet.com) client-ip=69.72.133.226; [email protected]; helo=localhost.joomlanet.com;
Received: from joomlanet.com ([69.72.133.226] helo=localhost.joomlanet.com)
   by fish.ish.com.au with esmtps (TLSv1:AES256-SHA:256)
   (Exim 4.43)
   id 1JJbxh-0003cw-Ep
   for [email protected]; Tue, 29 Jan 2008 08:56:26 +1100
Received: from nobody by localhost.joomlanet.com with local (Exim 4.63)
   (envelope-from <[email protected]>)
   id 1JJbuy-0006fc-Be
   for [email protected]; Mon, 28 Jan 2008 16:53:28 -0500
To: [email protected]
Subject: account suspension
From: St. George Bank <[email protected]>
Reply-To: [email protected]
MIME-Version: 1.0
Content-Type: text/html
Content-Transfer-Encoding: 8bit
Message-Id: <[email protected]>
Date: Mon, 28 Jan 2008 16:53:28 -0500
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - localhost.joomlanet.com
X-AntiAbuse: Original Domain - xxx.com.au
X-AntiAbuse: Originator/Caller UID/GID - [99 500] / [47 12]
X-AntiAbuse: Sender Address Domain - localhost.joomlanet.com
X-Source: 
X-Source-Args: /usr/local/apache/bin/httpd -DSSL 
X-Source-Dir: joomlahacks.com:/public_html/chat
X-Spam-Score: 1.8 (+)
X-Spam-Report:    0.8 HTML_IMAGE_ONLY_32     BODY: HTML: images with 2800-3200 bytes of words
    0.0 MIME_HTML_ONLY         BODY: Message only has text/html MIME parts
    1.0 HTML_MIME_NO_HTML_TAG  HTML-only message, but there is no HTML tag

Please ensure security of your server.

Cheers
Marcin

Posted: **Mon Jan 28, 2008 10:21 pm**

Thanks for dropping in to report this.. however, none of this originates from any of our servers. That is not our IP address either. You may wish to contact the IP owner/operator.

Posted: **Mon Jan 28, 2008 10:25 pm**

Host command points the dns to your place :

Code: Select all

$ host 69.72.133.226
226.133.72.69.in-addr.arpa domain name pointer joomlanet.com.
$

Marcin

Posted: **Mon Jan 28, 2008 11:00 pm**

That is not us.

See: http://whois.domaintools.com/joomlanet.com

Posted: **Wed Jan 30, 2008 12:51 pm**

Damn i hate this spam... will it ever stop ?

Posted: **Wed Jan 30, 2008 8:03 pm**

easywebhost wrote:Damn i hate this spam... will it ever stop ?

When the host in question takes actions and cleans up the account, yes. Sadly, even if I wanted to, in this case there is nothing we can do, as we have no association with this domain name/user.

Posted: **Thu Jan 31, 2008 11:27 am**

yes you are totally correct. I can see your point.

Posted: **Fri Feb 01, 2008 5:09 pm**

http://ws.arin.net/whois/?queryinput=69.72.133.226

The organization you need to contact is FortressITX. Simply forward the message with the full message headers to: [email protected]

- Chris

Sandbox

fraud emails coming from joomla

fraud emails coming from joomla

Re: fraud emails coming from joomla

Re: fraud emails coming from joomla

Re: fraud emails coming from joomla

Re: fraud emails coming from joomla

Re: fraud emails coming from joomla

Re: fraud emails coming from joomla

Re: fraud emails coming from joomla