How is my domain name being hijacked?

Discussion in 'HTML' started by Rob, Jan 20, 2007.

  1. Rob

    Rob Guest

    I hope this question is appropriate to alt.html

    I brought up my primitive website last week, and ever since, I've
    been deluged w. email messages from email servers telling me that
    A.) I sent an email to somebody at the domain served by that email
    program that has been rejected
    B.) because either addressee unknown, or the email contained a
    virus, etc., etc.

    Is this a consequence of webbots that troll for new websites and
    flood the universe w. emails that show me as the sender?

    Is there anything I can do to stop it?

    Many thanks,
    Rob
    Rob, Jan 20, 2007
    #1
    1. Advertising

  2. Rob

    J.O. Aho Guest

    Rob wrote:
    > I hope this question is appropriate to alt.html
    >
    > I brought up my primitive website last week, and ever since, I've
    > been deluged w. email messages from email servers telling me that
    > A.) I sent an email to somebody at the domain served by that email
    > program that has been rejected
    > B.) because either addressee unknown, or the email contained a
    > virus, etc., etc.
    >
    > Is this a consequence of webbots that troll for new websites and
    > flood the universe w. emails that show me as the sender?
    >
    > Is there anything I can do to stop it?


    Your feedback/"tell a friend" script is allowing people to inject
    mail-headers, which makes it possible for spammer to use it to send spam to
    people. It don't take them long time to find these forms and when someone has
    found it, it's soon known by hordes of spammers.

    Spammers uses others e-mail addresses or fake ones, as they don't want to get
    the mail bounced back at them and there are those spammers who delivery send
    spam to a none working e-mail address, so that your ISPs spam-filter won't
    filter it away, you get the mail and will open it to see what mail did fail to
    be sent and the spammer hope you will read the whole mail and then hand over
    your money to them.


    --

    //Aho
    J.O. Aho, Jan 20, 2007
    #2
    1. Advertising

  3. Rob

    Tina Peters Guest

    "J.O. Aho" <> wrote in message
    news:...
    > Rob wrote:
    >> I hope this question is appropriate to alt.html
    >>
    >> I brought up my primitive website last week, and ever since, I've
    >> been deluged w. email messages from email servers telling me that
    >> A.) I sent an email to somebody at the domain served by that email
    >> program that has been rejected
    >> B.) because either addressee unknown, or the email contained a
    >> virus, etc., etc.
    >>
    >> Is this a consequence of webbots that troll for new websites and
    >> flood the universe w. emails that show me as the sender?
    >>
    >> Is there anything I can do to stop it?

    >
    > Your feedback/"tell a friend" script is allowing people to inject
    > mail-headers, which makes it possible for spammer to use it to send spam
    > to people. It don't take them long time to find these forms and when
    > someone has found it, it's soon known by hordes of spammers.
    >
    > Spammers uses others e-mail addresses or fake ones, as they don't want to
    > get the mail bounced back at them and there are those spammers who
    > delivery send spam to a none working e-mail address, so that your ISPs
    > spam-filter won't filter it away, you get the mail and will open it to see
    > what mail did fail to be sent and the spammer hope you will read the whole
    > mail and then hand over your money to them.


    I didn't see where he said he had a form on his site. My guess would be its
    a Joe Job attack, where some spammer used the OPs email address as the
    "reply to" address, so he's getting all of the undeliverables. We see it
    happen all the time. A good rule of thumb to avoid this type of attack is
    to not have a "catchall" email account setup, since a lot of the bounces
    will end up there.

    PS: Regarding the form mail type of attack you mention, we have on that
    seems to work pretty good. So far, the spamming robots have ignored it:
    http://www.formmailscript.com

    --Tina
    Tina Peters, Jan 20, 2007
    #3
  4. Per Tina Peters:
    > A good rule of thumb to avoid this type of attack is
    >to not have a "catchall" email account setup, since a lot of the bounces
    >will end up there.


    I can support that from experience.

    Before I caught on, my domain was getting 7,500-8,000 spams per day - most
    dictionary attacks.
    --
    PeteCresswell
    (PeteCresswell), Jan 20, 2007
    #4
  5. Rob

    Tina Peters Guest

    "(PeteCresswell)" <> wrote in message
    news:...
    > Per Tina Peters:
    >> A good rule of thumb to avoid this type of attack is
    >>to not have a "catchall" email account setup, since a lot of the bounces
    >>will end up there.

    >
    > I can support that from experience.
    >
    > Before I caught on, my domain was getting 7,500-8,000 spams per day - most
    > dictionary attacks.


    Yeah, we now set up all hosting accounts with the catch all account set to
    :blackhole: - it doens't thwart Joe Job attacks entirely, but it does
    help.

    --Tina
    Tina Peters, Jan 20, 2007
    #5
  6. Rob

    J.O. Aho Guest

    Tina Peters wrote:

    > I didn't see where he said he had a form on his site.


    No he didn't, it was an assumption from my side, as he said he had setup a
    primitive site, and at the same time provide other possibilities too.


    > My guess would be its
    > a Joe Job attack, where some spammer used the OPs email address as the
    > "reply to" address, so he's getting all of the undeliverables. We see it
    > happen all the time.


    With help of mimedefang you can filter away false "bounces" and bouncing it
    back to the sending server and let it take care of the mess it has made.


    --

    //Aho
    J.O. Aho, Jan 20, 2007
    #6
  7. Rob

    Rob Guest

    Tina is correct, I have no form, just <a "mailto: ...">Contact</a>

    It bugs me that the Internet allows anyone to form an email and
    provide <anything>@<mydomain> as the return address.

    It looks like I need to make my email program funnel the email
    bounces because I cannot eliminate them.

    Thank you for all the help/advice. This is a good group.

    Rob


    Rob wrote:
    > I hope this question is appropriate to alt.html
    >
    > I brought up my primitive website last week, and ever since, I've
    > been deluged w. email messages from email servers telling me that
    > A.) I sent an email to somebody at the domain served by that email
    > program that has been rejected
    > B.) because either addressee unknown, or the email contained a
    > virus, etc., etc.
    >
    > Is this a consequence of webbots that troll for new websites and
    > flood the universe w. emails that show me as the sender?
    >
    > Is there anything I can do to stop it?
    >
    > Many thanks,
    > Rob
    Rob, Jan 21, 2007
    #7
  8. Rob

    David Segall Guest

    "Rob" <> wrote:

    >Tina is correct, I have no form, just <a "mailto: ...">Contact</a>

    You might like to use <http://www.addressmunger.com/> to encode your
    email address. It seems to help.
    David Segall, Jan 21, 2007
    #8
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Mike
    Replies:
    4
    Views:
    372
    Andrew Davidson
    Nov 15, 2003
  2. The Bicycling Guitarist

    is my contact email being hijacked?

    The Bicycling Guitarist, Jul 18, 2007, in forum: HTML
    Replies:
    8
    Views:
    675
    Bergamot
    Jul 20, 2007
  3. Pete Elmore

    'gets' has been hijacked

    Pete Elmore, Jun 6, 2005, in forum: Ruby
    Replies:
    3
    Views:
    110
    Pete Elmore
    Jun 6, 2005
  4. Chem Leakhina
    Replies:
    2
    Views:
    122
    Robert Klemme
    Jun 23, 2009
  5. Eriq

    View-Source hijacked?! (0/1)

    Eriq, Sep 28, 2004, in forum: Javascript
    Replies:
    2
    Views:
    60
    Michael Winter
    Sep 28, 2004
Loading...

Share This Page