Possible forum security issue/data breach - FMVperformance.com : The site for all your Ford Mazda and Volvo needs
Reply
 
LinkBack Thread Tools
post #1 of 11 (permalink) Old 12-18-2012, 10:05 AM Thread Starter
Moped Rider
 
Join Date: Aug 2011
Location: Greenbrier, AR
Posts: 16
Possible forum security issue/data breach

I received a message to the email address I use EXCLUSIVELY for this forum.
It's not the sort of address spammers should stumble upon.

I've included the headers below for reference. The headers below can be trusted once the message hit webfaction.com - which, although the specific address has been deleted, is what tells me the envelope recipient tied to this forum - the two most likely scenarios are that my host had a breach, or this forum had a breach.

The IP talking to webfaction was 199.21.112.69 - this looks to be a colo/vps facility and I've filed a complaint with their abuse department as well.

Code:
Delivered-To: <<DELETED>>
Received: by 10.49.25.225 with SMTP id f1csp121750qeg;
        Mon, 17 Dec 2012 18:17:30 -0800 (PST)
X-Received: by 10.49.127.238 with SMTP id nj14mr217080qeb.9.1355797050132;
        Mon, 17 Dec 2012 18:17:30 -0800 (PST)
Return-Path: <[email protected]>
Received: from mx8.webfaction.com (mail8.webfaction.com. [75.126.24.68])
        by mx.google.com with ESMTP id gj3si420069qab.72.2012.12.17.18.17.29;
        Mon, 17 Dec 2012 18:17:30 -0800 (PST)
Received-SPF: neutral (google.com: 75.126.24.68 is neither permitted nor denied by best guess record for domain of [email protected]) client-ip=75.126.24.68;
Authentication-Results: mx.google.com; spf=neutral (google.com: 75.126.24.68 is neither permitted nor denied by best guess record for domain of [email protected]) [email protected]
Received: from localhost (localhost.localdomain [127.0.0.1])
    by mx8.webfaction.com (Postfix) with ESMTP id 660696F1960
    for <<DELETED>>; Mon, 17 Dec 2012 20:17:29 -0600 (CST)
X-Spam-Flag: NO
X-Spam-Score: -1.107
X-Spam-Level: 
X-Spam-Status: No, score=-1.107 tagged_above=-999 required=3
    tests=[BAYES_00=-1.9, RDNS_NONE=0.793]
Received: from mx8.webfaction.com ([127.0.0.1])
    by localhost (mail8.webfaction.com [127.0.0.1]) (amavisd-new, port 10024)
    with ESMTP id M11d8XwppqmA for <<DELETED>>;
    Mon, 17 Dec 2012 20:17:16 -0600 (CST)
Received: from server.allpinoystuff.com (unknown [199.21.112.69])
    by mx8.webfaction.com (Postfix) with ESMTP id 26F6C6F1973
    for <<DELETED>>; Mon, 17 Dec 2012 20:17:15 -0600 (CST)
Received: from server.allpinoystuff.com (localhost.localdomain [127.0.0.1])
    by server.allpinoystuff.com (8.14.4/8.14.4/Debian-2ubuntu2) with ESMTP id qBI2HEHH017942
    for <<DELETED>>; Tue, 18 Dec 2012 10:17:14 +0800
Received: (from [email protected])
    by server.allpinoystuff.com (8.14.4/8.14.4/Submit) id qBI2HErw017941;
    Tue, 18 Dec 2012 10:17:14 +0800
Date: Tue, 18 Dec 2012 10:17:14 +0800
Message-Id: <[email protected]>
To: <DELETED>
From: [email protected]
Subject: Newtown, Connecticut is the second Dunblane Primary-School Massacre.
stradenko is offline  
Sponsored Links
Advertisement
 
post #2 of 11 (permalink) Old 12-18-2012, 12:50 PM
Moderator
 
Cab0oze's Avatar
 
Join Date: Jul 2008
Location: Montreal, QC
Posts: 6,351
Garage
Not the first one to notice this either...

Ref.
http://www.mazda3forums.com/showthread.php?t=399905


To view links or images in signatures your post count must be 0 or greater. You currently have 0 posts.
Cab0oze is offline  
post #3 of 11 (permalink) Old 12-18-2012, 01:11 PM Thread Starter
Moped Rider
 
Join Date: Aug 2011
Location: Greenbrier, AR
Posts: 16
Well, I'm glad the admins did the right thing and researched it, corrected the issue and notified everyone.

/sarcasm

Admins, if you want more information, tell me.
stradenko is offline  
Sponsored Links
Advertisement
 
post #4 of 11 (permalink) Old 01-16-2013, 01:52 PM
Moped Rider
 
Join Date: Oct 2012
Location: Middlesex County MA
Posts: 23
I've been spammed as well.

Could we get a definitive word from site admins about what happened?

If we cannot be guaranteed that our email addresses won't be sold or given away or left open to the world, then that's a big problem.
bicker is offline  
post #5 of 11 (permalink) Old 01-16-2013, 02:24 PM
Senior Member
 
okellyr's Avatar
 
Join Date: Oct 2008
Location: New Jersey
Posts: 5,028
Send a message via MSN to okellyr
I had a quick rummage and could not find the confidentiality statement... Does any one know where it is?


Sent from my iPhone using AutoGuide.com Free App

Boosted baby....

BOOSTED


To view links or images in signatures your post count must be 0 or greater. You currently have 0 posts.
okellyr is offline  
post #6 of 11 (permalink) Old 01-16-2013, 05:53 PM
Grand Am Series
 
Join Date: May 2012
Location: East GA
Posts: 321
This is why I made a bullshit e-mail that only gets used for this forum. I too am getting spam.

Don't expect an answer. And it looks like the other thread cab0oze linked to has been deleted... Interesting.

2006 Mazda3 hatchback -
To view links or images in signatures your post count must be 0 or greater. You currently have 0 posts.


Powertrain: AEM CAI, Vibrant header, CP-E RMM, AWR PMM, SU trans mount,
To view links or images in signatures your post count must be 0 or greater. You currently have 0 posts.
, Exedy flywheel & clutch, MS short shifter
Handling: Racing Beat springs & swaybars, MS3 rear endlinks, Koni Street (Orange) shocks/struts, Hankook Ventus V12 tires, MS3 brakes, SS brake lines
Other: 4300k Morimoto HID kit, MS3 seats, Speedhut gauges, Hypertech tune
swampbread is offline  
post #7 of 11 (permalink) Old 01-16-2013, 06:01 PM
F1 Driver
 
XCNuse's Avatar
 
Join Date: Jun 2009
Location: Atlanta, GA
Posts: 14,003
It's there, I locked it due to a conflict between two hard heads.

Administration has declared they have not given out any information.

That said, there are several hundred (more like about 1,000) visitors to this page at any given time, and I can guarantee a few hundred of those are spambots and other sniffers and whatnot going through the web.

That said, no one is giving anything out, but something is clearly finding it.

'06 Whitewater Pearl build |
To view links or images in signatures your post count must be 0 or greater. You currently have 0 posts.


To view links or images in signatures your post count must be 0 or greater. You currently have 0 posts.
XCNuse is offline  
post #8 of 11 (permalink) Old 01-16-2013, 06:11 PM
F1 Driver
 
fatabbot's Avatar
 
Join Date: Dec 2062
Location: Suburbia, Texas
Posts: 17,662
Quote:
Originally Posted by bicker View Post

Could we get a definitive word from site admins about what happened?
The AutoGuide admins implemented new layers of security to get into the admin/mod control panel right after this first came to light. I assume its because of this, so at some point I think a bot or something got access to profile info.

So, don't expect any definitive answers, but assume that spambots have your email (but not forum password). One of the other mods can chime in if they have more info as I couldn't find any.
fatabbot is offline  
post #9 of 11 (permalink) Old 01-16-2013, 06:46 PM
Moped Rider
 
Join Date: Oct 2012
Location: Middlesex County MA
Posts: 23
Is it fixed? In other words, if I change my email now, can I expect that that email won't be spammed?
bicker is offline  
post #10 of 11 (permalink) Old 01-16-2013, 07:40 PM
F1 Driver
 
fatabbot's Avatar
 
Join Date: Dec 2062
Location: Suburbia, Texas
Posts: 17,662
fatabbot is offline  
Sponsored Links
Advertisement
 
Reply

  FMVperformance.com : The site for all your Ford Mazda and Volvo needs > Misc > Site Suggestions / Problems

Quick Reply
Message:
Options

Register Now



In order to be able to post messages on the FMVperformance.com : The site for all your Ford Mazda and Volvo needs forums, you must first register.
Please enter your desired user name, your email address and other required details in the form below.

User Name:
Password
Please enter a password for your user account. Note that passwords are case-sensitive.

Password:


Confirm Password:
Email Address
Please enter a valid email address for yourself.

Email Address:
OR

Log-in










Thread Tools
Show Printable Version Show Printable Version
Email this Page Email this Page



Similar Threads
Thread Thread Starter Forum Replies Last Post
Fake Admin email or legit breach? leofaye Site Suggestions / Problems 6 09-14-2007 05:03 PM

Posting Rules  
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On

 
For the best viewing experience please update your browser to Google Chrome