FRIHOST FORUMS SEARCH FAQ TOS BLOGS COMPETITIONS
You are invited to Log in or Register a free Frihost Account!


VIRUS!





Simulator
I don't know what the hell is going on, but I just got a virus from an email address @simandsim.com!

Can anyone explain?
Animal
People sometimes fake an email "from" address in order to try to get the recepient to think the mail is genuine. Don't worry about it! If the address it came from is non-existant, then the headers have been faked. If it's an address that's in use then you could check it out, but it's highly unlikely the address has been hacked.

Treat this stuff like spam... because it is!
Simulator
Animal wrote:
People sometimes fake an email "from" address in order to try to get the recepient to think the mail is genuine. Don't worry about it! If the address it came from is non-existant, then the headers have been faked. If it's an address that's in use then you could check it out, but it's highly unlikely the address has been hacked.

Treat this stuff like spam... because it is!


Now why didn't I think of that... Thanks
Bondings
I got tons of those emails a while ago. For some reason it seemed to have stopped.

You should normally be able to look at the 'complete' email or 'source' or however your mail program calls it. In there, the real ip where it's coming from should be mentioned.
n0obie4life
And if you want to be really mean, you can contact their ISP (I do that sometimes Wink).

A traceroute should tell you what their ISP is.

It doesn't matter if it's being used as a "drone" or a "slave" (i.e. the owner doesn't know his computer is being used).
engeland
n0obie4life wrote:
And if you want to be really mean, you can contact their ISP (I do that sometimes Wink).

A traceroute should tell you what their ISP is.

It doesn't matter if it's being used as a "drone" or a "slave" (i.e. the owner doesn't know his computer is being used).


what's an ISP. so what if you trace their isp's?
n0obie4life
ISP - Internet Service Provider.

The company that provides them their internet.

Once you report to them, they have their own ways of dealing with them Smile.
Daniel15
Yeah, look at the headers of the email. I recently got an email to my Yahoo spam account that looked like it came from eBay, when it really didn't (a phishing attempt, basically). The 'From' address was service@eBay.com, however, looking at the headers, we discover more:
Quote:

X-Apparently-To: dansoftaus[-at-]yahoo.com.au via 206.190.48.214; Tue, 28 Mar 2006 22:08:33 -0800
X-YahooFilteredBulk: 212.53.64.25
X-Originating-IP: [212.53.64.25]
Return-Path: <web17853@websrv.netbenefit.com>
Authentication-Results: mta193.mail.scd.yahoo.com from=eBay.com; domainkeys=neutral (no sig)
Received: from 212.53.64.25 (EHLO websrv5.netbenefit.co.uk) (212.53.64.25) by mta193.mail.scd.yahoo.com with SMTP; Tue, 28 Mar 2006 22:08:32 -0800
Received: from web17853 by websrv5.netbenefit.co.uk with local (NetBenefit 2.0) id 1FOTr2-0004v1-SE for dansoftaus@yahoo.com.au; Wed, 29 Mar 2006 07:08:28 +0100
To: dansoftaus[-at-]yahoo.com.au
Subject: Your eBay account.
From: "eBay" <service@eBay.com>
Reply-to: billing@eBayDepartment.com
MIME-Version: 1.0
Content-Type: text/html
Content-Transfer-Encoding: 8bit
Message-Id: <E1FOTr2-0004v1-SE@websrv5.netbenefit.co.uk>
Sender: <web17853@websrv.netbenefit.com>
Date: Wed, 29 Mar 2006 07:08:28 +0100
Content-Length: 1970


The 'Return-Path' is where the email actually came from, in this case web17853@websrv.netbenefit.com

Also, look at the 'Received' headers:
Code:

Received:   from 212.53.64.25 (EHLO websrv5.netbenefit.co.uk) (212.53.64.25) by mta193.mail.scd.yahoo.com with SMTP; Tue, 28 Mar 2006 22:08:32 -0800   
Received:   from web17853 by websrv5.netbenefit.co.uk with local (NetBenefit 2.0) id 1FOTr2-0004v1-SE for dansoftaus@yahoo.com.au; Wed, 29 Mar 2006 07:08:28 +0100   

This means that the email took the path web17853 --> websrv5.netbenefit.co.uk (212.53.64.25) --> mta193.mail.scd.yahoo.com. (You read these headers from bottom to top).
ryanh2006
Woah Daniel thanks for the great tutorial! So that's how I should read a header, and all that time I used to hide them because it looked like a load of mumbo jumbo! Thanks Smile
Stealth
Yes there are many ways of faking email addresses. That one which you said is only one. I have heard one which is just used for pranking but it could be used to do bad things. I know of this prank site which is at www.monkeydoo.com. People can sign up there and use it to scare people by pranking them. I also heard of www.sharpmail.co.uk which is used to send anonymous email. There are even web sites which are used to send fake text messages!
n0obie4life
Simulator, I doubt you need this topic anymore.

If you still need it, PM me/any other staff member and we'll reopen it.

this is to prevent spam like the post above mine Rolling Eyes.

-close-
Related topics
This topic is locked: you cannot edit posts or make replies.    Frihost Forum Index -> Support and Web Hosting -> Web Hosting Support

FRIHOST HOME | FAQ | TOS | ABOUT US | CONTACT US | SITE MAP
© 2005-2011 Frihost, forums powered by phpBB.