SPAM from BOINC
Message boards :
Questions and problems :
SPAM from BOINC
Message board moderation
| Author | Message |
|---|---|
|
Send message Joined: 3 Jul 08 Posts: 1 
|
Hi folks, I do not belong to this project even though I found it quite interesting. The thing is that for the past 2 days I have been receiving e-mails from the domain boinc.dk and I would like to know if you guess who could be doing this and especially how to stop it (a mail is sent around every 2 secons!!) My mail server is going to die over the weekend or summer holidays at this rate. So I am sure you will understand that the matter is really urgent. As an example please find hereafter one of the mails I have received: De: phevxflh@lwnlinub.com Enviado: jueves, 03 de julio de 2008 1:58 Para: comercial@promoright.com Asunto: [Norton AntiSpam] Gorras.info: Solicitud de información general Empresa: cNaRTfYVBNVvYIi Nombre: xXHvoTyaTz Apellidos: vtYmvQZFytM Telefono: EHKBzmKdfDxPPv Direccion: <a href= http://boinc.gorlaeus.net/view_profile.php?userid=15749 >ambien </a> ambien <a href= http://boinc.gorlaeus.net/view_profile.php?userid=15750 >hydrocodone </a> hydrocodone <a href= http://boinc.gorlaeus.net/view_profile.php?userid=15751 >amitriptyline </a> amitriptyline <a href= http://boinc.gorlaeus.net/view_profile.php?userid=15752 >coumadin </a> coumadin <a href= http://boinc.gorlaeus.net/view_profile.php?userid=15753 >fioricet </a> fioricet <a href= http://boinc.gorlaeus.net/view_profile.php?userid=15754 >zocor </a> zocor <a href= http://boinc.gorlaeus.net/view_profile.php?userid=15755 >amoxicillin </a> amoxicillin <a href= http://boinc.gorlaeus.net/view_profile.php?userid=15756 >nicotine </a> nicotine <a href= http://boinc.gorlaeus.net/view_profile.php?userid=15757 >adderall </a> adderall <a href= http://boinc.gorlaeus.net/view_profile.php?userid=15759 >acyclovir </a> acyclovir <a href= http://boinc.gorlaeus.net/view_profile.php?userid=15760 >morphine </a> morphine <a href= http://boinc.gorlaeus.net/view_profile.php?userid=15761 >suboxone </a> suboxone <a href= http://boinc.gorlaeus.net/view_profile.php?userid=15762 >toprol </a> toprol <a href= http://boinc.gorlaeus.net/view_profile.php?userid=15763 >xanax </a> xanax <a href= http://boinc.gorlaeus.net/view_profile.php?userid=15764 >oxycodone </a> oxycodone <a href= http://boinc.gorlaeus.net/view_profile.php?userid=15765 >zoloft </a> zoloft <a href= http://boinc.gorlaeus.net/view_profile.php?userid=15766 >prevacid </a> prevacid <a href= http://boinc.gorlaeus.net/view_profile.php?userid=15767 >arimidex </a> arimidex <a href= http://boinc.gorlaeus.net/view_profile.php?userid=15768 >metronidazole </a> metronidazole <a href= http://boinc.gorlaeus.net/view_profile.php?userid=15769 >plavix </a> plavix Código Postal: Zbfiu Población: MXeepVpD Provincia: Álava Mensaje: <a href= http://boinc.gorlaeus.net/view_profile.php?userid=15749 >ambien </a> ambien <a href= http://boinc.gorlaeus.net/view_profile.php?userid=15750 >hydrocodone </a> hydrocodone <a href= http://boinc.gorlaeus.net/view_profile.php?userid=15751 >amitriptyline </a> amitriptyline <a href= http://boinc.gorlaeus.net/view_profile.php?userid=15752 >coumadin </a> coumadin <a href= http://boinc.gorlaeus.net/view_profile.php?userid=15753 >fioricet </a> fioricet <a href= http://boinc.gorlaeus.net/view_profile.php?userid=15754 >zocor </a> zocor <a href= http://boinc.gorlaeus.net/view_profile.php?userid=15755 >amoxicillin </a> amoxicillin <a href= http://boinc.gorlaeus.net/view_profile.php?userid=15756 >nicotine </a> nicotine <a href= http://boinc.gorlaeus.net/view_profile.php?userid=15757 >adderall </a> adderall <a href= http://boinc.gorlaeus.net/view_profile.php?userid=15759 >acyclovir </a> acyclovir <a href= http://boinc.gorlaeus.net/view_profile.php?userid=15760 >morphine </a> morphine <a href= http://boinc.gorlaeus.net/view_profile.php?userid=15761 >suboxone </a> suboxone <a href= http://boinc.gorlaeus.net/view_profile.php?userid=15762 >toprol </a> toprol <a href= http://boinc.gorlaeus.net/view_profile.php?userid=15763 >xanax </a> xanax <a href= http://boinc.gorlaeus.net/view_profile.php?userid=15764 >oxycodone </a> oxycodone <a href= http://boinc.gorlaeus.net/view_profile.php?userid=15765 >zoloft </a> zoloft <a href= http://boinc.gorlaeus.net/view_profile.php?userid=15766 >prevacid </a> prevacid <a href= http://boinc.gorlaeus.net/view_profile.php?userid=15767 >arimidex </a> arimidex <a href= http://boinc.gorlaeus.net/view_profile.php?userid=15768 >metronidazole </a> metronidazole <a href= http://boinc.gorlaeus.net/view_profile.php?userid=15769 > I look forward to hearing from you in order to stop this happening. Many thanks. ID: 18185 ·  |
 Jord Send message Joined: 29 Aug 05 Posts: 15480 
|
I'll see if I can contact Janus who owns BOINC.dk and see what he has to say about it. How do you know it's boinc.dk sending it? I see it comprises user profiles of Leiden Classical, so I'll contact Mark as well. ID: 18187 · |
|
Jord Send message Joined: 29 Aug 05 Posts: 15480
|
OK, I got an email back from Mark Sommers at Leiden Classical. Please take a look at this thread on his forums, to see what he has put in that it won't happen again. The problem is though, he cannot stop the spamming server. You will have to come up with something yourself. I still doubt it's coming from the boinc.dk domain, more so that it's being used as a spoof. ID: 18200 · |
|
Send message Joined: 28 Aug 05 Posts: 10 |
I have been receiving e-mails from the domain boinc.dk I highly doubt that. It is more likely to be a forged email attempting to appear to be sent from our mailserver. Please send the entire email (including message headers) to the contact email found on burp.boinc.dk or post the headers here. (Typically you can access the headers by accessing the message source - view->Message Source in Thunderbird). Also please note that the boinc.dk domain has a SPF DNS entry allowing any anti-spam firewall to do a crude check of the validity of any email appearing to be sent from that domain. -- Anyways, thank you for your report (both here and the one you sent to my email) about abuse of our user profile service. The infringing profiles have been removed from our website and appropriate action taken in order to make a similar event less likely in the future. The issue is, however, not entirely on our end and the removal of the profiles will not necessarily stop the SPAM that you receive. In order to avoid these issues in the future we suggest that you or your provider protect your webforms with a Captcha so that bots cannot automatically fill out the forms with SPAM. If you received the SPAM as an email appearing to originate from our servers (addresses ending with the domain boinc.dk) we suggest that you install an SPF-aware anti-spam firewall. The boinc.dk domain and many other domains on the web have an SPF DNS entry which allows any such firewall to automatically detect and reject attempts to create fake emails appearing to originate from these domains. For more information about the issue and what we have done about it have a look here: http://burp.boinc.dk/forum_thread.php?id=1166&nowrap=true#8509 I'm terribly sorry about the grief that this has caused both you and us. Spam is a terrible waste of time and resources - I wish there was more we could do to fight the source of it. Once again, thanks for your report. Best regards Janus Kristensen BURP administrator ID: 18252 · |
Copyright © 2024 University of California.
Permission is granted to copy, distribute and/or modify this document
under the terms of the GNU Free Documentation License,
Version 1.2 or any later version published by the Free Software Foundation.