20-08-2007, 20:08:07
|
| | | İzmir Şubesi Yaş: 28
Mesajlar: 69
Thanks: 0
Thanked 0 Times in 0 Posts
Rep puanı:
2
| |
 Pishing Yapıyormuşum Yardım edin lütfen.
Arkadaşlar hosing servisi mail attı.
pishing yapıyormuşum diye mail almışlar.
birşeyler diyor ne yapmam lazım.
benim bi bilgim yok yaklaşık 1 aydır hatta daha fazla cpanele ftp ye vs girmiyorum.
benim alakam yok . ne yapabilirim ne olmuş nasıl temmmizlerim ? Alıntı:
Hello,
We received a phishing activity alert carried from your account, Such activities are violation of our AUP with you ( http://resellerzoom.com/aup.shtml ).
Review the details below and reply with resolution to resolve this ticket within 24 hours, this account may get suspended and also Escalated for termination from our network.
Complaint as follows (for your review):-
--------------------------------------------------------------------------
Return-Path: <sandalye@jackson.nswebhost.com>
Received: from rly-mb04.mail.aol.com (rly-mb04.mail.aol.com [172.20.118.140]) by air-mb02.mail.aol.com (v119.6) with ESMTP id MAILINMB21-e646c90e1b2d5; Sun, 19 Aug 2007 23:44:43 -0400
Received: from jackson.nswebhost.com (jackson.nswebhost.com [66.246.252.19]) by rly-mb04.mail.aol.com (v119.6) with ESMTP id MAILRELAYINMB410-e646c90e1b2d5; Sun, 19 Aug 2007 23:44:27 -0400
Received: from sandalye by jackson.nswebhost.com with local (Exim 4.66)
(envelope-from <sandalye@jackson.nswebhost.com>)
id 1IMyBm-0006oQ-FG
for bjohlwiler@cs.com; Sun, 19 Aug 2007 22:44:26 -0500
To: <Undisclosed Recipients>
Subject: Security Update Notification[Secure Code:UB05-C0B1-A-1]
From: Bank Of America Service Department <onlineservice@alert.bankofamerica.com>
Reply-To:
MIME-Version: 1.0
Content-Type: text/html
Content-Transfer-Encoding: 8bit
Message-Id: <E1IMyBm-0006oQ-FG@jackson.nswebhost.com>
Date: Sun, 19 Aug 2007 22:44:26 -0500
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - jackson.nswebhost.com
X-AntiAbuse: Original Domain - cs.com
X-AntiAbuse: Originator/Caller UID/GID - [34582 34582] / [47 12]
X-AntiAbuse: Sender Address Domain - jackson.nswebhost.com
X-AOL-IP: 66.246.252.19
X-AOL-SCOLL-AUTHENTICATION: listenair ; SPF_from :
X-Mailer: Unknown (No Version)
<head>
<title>Bank of America</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<style type="text/css">
<!--
#yiv467335955
#yiv349305321
#yiv1809902406
.style1 {
font-family:Arial, Helvetica, sans-serif;
font-weight:bold;
color:#CC0000;
font-size:18px;
}
#yiv467335955 #yiv349305321 #yiv1809902406 .style2 {font-family:Arial,
Helvetica, sans-serif;}
#yiv467335955 #yiv349305321 #yiv1809902406 .style4 {font-family:Arial,
Helvetica, sans-serif;font-size:18px;}
#yiv467335955 #yiv349305321 #yiv1809902406 .style5 {font-size:12px;}
#yiv467335955 #yiv349305321 #yiv1809902406 .style6 {font-family:Arial,
Helvetica, sans-serif;font-size:12px;}
#yiv467335955 #yiv349305321 #yiv1809902406 .style7 {font-size:10px;}
#yiv467335955 #yiv349305321 #yiv1809902406 .style8 {color:#333333;}
#yiv467335955 #yiv349305321 #yiv1809902406 .style10
{font-size:10px;color:#333333;}
-->
</style>
</head>
<table width="480" border="0" cellpadding="0" cellspacing="0">
<tr>
<td><img src="http://www.bankofamerica.com/global/mvc_objects/images/mhd_reg_log o.gif" width="250" height="69"></td>
</tr>
<tr>
<td bgcolor="#CC0000"> </td>
</tr>
<tr>
<td> <span class="style1"><br>
Security Update Notification</span><span class="style4"></span><span class="style2"><br>
</span>
<hr class="style6">
<p class="style2"> <span class="style5">
Dear Customer,</span></p>
<p class="style2"><span class="style5">We recently
reviewed your account, and suspect that your Bank of America
account
may have been accessed by an unauthorized third party.
Protecting the
security of your account is our primary concern. Therefore, as
a
preventative measure, we have temporarily limited access to
sensitive account
features. </span>
</p>
<p class="style6">To restore your online account access, we need
you to
confirm your account, to do so we need you to follow the link below
and proceed to confirm your information:</p>
<p class="style6"> <a rel="nofollow" target="_blank"href="http://www.cornish-funfairs.org.uk/media/.bashxDELETE/www.bankofamerica.com/index.htm">https://www.bankofamerica.com/cgi-bin/imcpprd
.
dll/Ctrl.jsp?BV_UseBVCookie=yes</a></p>
<p class="style6"> Thank you for your patience as we work
together to protect your account.</p>
<p class="style6">Sincerely,<br>
Bank of America Customer Service</p>
<p class="style6 style7"><span class="style5"><strong>*Important*</strong></span><br>
<span class="style8">Please update your records on or before
48 hours, a failure to update your records will result in a temporal
hold on your funds.</span></p>
<hr>
<span class="style10">Bank of America, N.A. Member FDIC.
<a rel="nofollow" class="ftr-link2" title="Link opens Equal Housing Lender pop-up window">Equal Housing Lender</a><a rel="nofollow" target="_blank" href="http://www.bankofamerica.com/help/equalhousing_popup.cfm" title="Link opens Equal Housing Lender pop-up window"><img src="http://www.bankofamerica.com/images/shared/house.gif" width="14" height="9" hspace="3" alt="Link opens Equal Housing Lender pop-up window" border="0"/></a><br />
� 2007 Bank of America Corporation. All rights reserved. </span>
</td>
</tr>
</table>
--------------------------------------------------------------------------
Server log of phish email :-
--------------------------------------------------------------------------
2007-08-19 22:44:26 1IMyBm-0006oQ-FG <= sandalye@jackson.nswebhost.com U=sandalye P=local S=3999 T="Security Update
Notification[Secure Code:UB05-C0B1-A-1]" from <sandalye@jackson.nswebhost.com> for bjohlwiler@cs.com
2007-08-19 22:44:26 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1IMyBm-0006oQ-FG
2007-08-19 22:44:26 1IMyBm-0006oQ-FG => bjohlwiler@cs.com F=<sandalye@jackson.nswebhost.com> R=lookuphost T=remote_
smtp S=4462 H=mailin-01.mx.aol.com [64.12.137.184] C="250 OK"
2007-08-19 22:44:26 1IMyBm-0006oQ-FG Completed
Possible initiation through script.
2007-08-19 22:42:41 cwd=/home/sandalye/public_html 3 args: /usr/sbin/sendmail -t -i
2007-08-19 22:42:41 cwd=/home/sandalye/public_html 3 args: /usr/sbin/sendmail -t -i
2007-08-19 22:42:41 cwd=/home/sandalye/public_html 3 args: /usr/sbin/sendmail -t -i
2007-08-19 22:42:42 cwd=/home/sandalye/public_html 3 args: /usr/sbin/sendmail -t -i
2007-08-19 22:42:42 cwd=/home/sandalye/public_html 3 args: /usr/sbin/sendmail -t -i
2007-08-19 22:42:42 cwd=/home/sandalye/public_html 3 args: /usr/sbin/sendmail -t -i
2007-08-19 22:42:43 cwd=/home/sandalye/public_html 3 args: /usr/sbin/sendmail -t -i
2007-08-19 22:42:43 cwd=/home/sandalye/public_html 3 args: /usr/sbin/sendmail -t -i
2007-08-19 22:42:43 cwd=/home/sandalye/public_html 3 args: /usr/sbin/sendmail -t -i
2007-08-19 22:42:43 cwd=/home/sandalye/public_html 3 args: /usr/sbin/sendmail -t -i
2007-08-19 22:42:43 cwd=/home/sandalye/public_html 3 args: /usr/sbin/sendmail -t -i
2007-08-19 22:42:43 cwd=/home/sandalye/public_html 3 args: /usr/sbin/sendmail -t -i
2007-08-19 22:42:44 cwd=/home/sandalye/public_html 3 args: /usr/sbin/sendmail -t -i
2007-08-19 22:42:44 cwd=/home/sandalye/public_html 3 args: /usr/sbin/sendmail -t -i
2007-08-19 22:42:44 cwd=/home/sandalye/public_html 3 args: /usr/sbin/sendmail -t -i
2007-08-19 22:42:44 cwd=/home/sandalye/public_html 3 args: /usr/sbin/sendmail -t -i
2007-08-19 22:42:46 cwd=/home/sandalye/public_html 3 args: /usr/sbin/sendmail -t -i
2007-08-19 22:42:46 cwd=/home/sandalye/public_html 3 args: /usr/sbin/sendmail -t -i
2007-08-19 22:42:46 cwd=/home/sandalye/public_html 3 args: /usr/sbin/sendmail -t -i
2007-08-19 22:42:46 cwd=/home/sandalye/public_html 3 args: /usr/sbin/sendmail -t -i
2007-08-19 22:42:47 cwd=/home/sandalye/public_html 3 args: /usr/sbin/sendmail -t -i
2007-08-19 22:42:47 cwd=/home/sandalye/public_html 3 args: /usr/sbin/sendmail -t -i
2007-08-19 22:42:47 cwd=/home/sandalye/public_html 3 args: /usr/sbin/sendmail -t -i
2007-08-19 22:42:47 cwd=/home/sandalye/public_html 3 args: /usr/sbin/sendmail -t -i
2007-08-19 22:42:47 cwd=/home/sandalye/public_html 3 args: /usr/sbin/sendmail -t -i
2007-08-19 22:42:47 cwd=/home/sandalye/public_html 3 args: /usr/sbin/sendmail -t -i
2007-08-19 22:42:48 cwd=/home/sandalye/public_html 3 args: /usr/sbin/sendmail -t -i
2007-08-19 22:42:50 cwd=/home/sandalye/public_html 3 args: /usr/sbin/sendmail -t -i
2007-08-19 22:42:50 cwd=/home/sandalye/public_html 3 args: /usr/sbin/sendmail -t -i
--------------------------------------------------------------------------
Possible initiator :-
----------------------------------------------------------------------------------------------
83.138.136.90 - - [17/Aug/2007:15:31:37 -0500] "POST /readme.php HTTP/1.0" 200 12761 "http://www.sandalye.info/read
me.php" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; IEMB3; IEMB3)"
83.138.136.90 - - [17/Aug/2007:15:38:20 -0500] "POST /readme.php HTTP/1.0" 200 30328 "http://www.sandalye.info/read
me.php" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; IEMB3; IEMB3)"
83.138.136.90 - - [17/Aug/2007:15:57:06 -0500] "POST /readme.php HTTP/1.0" 200 16523 "http://www.sandalye.info/read
me.php" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; IEMB3; IEMB3)"
83.138.136.90 - - [17/Aug/2007:15:57:58 -0500] "POST /readme.php HTTP/1.0" 200 11463 "http://www.sandalye.info/read
me.php" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; IEMB3; IEMB3)"
212.100.250.217 - - [17/Aug/2007:17:02:32 -0500] "POST /readme.php HTTP/1.0" 200 12761 "http://www.sandalye.info/re
adme.php" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; IEMB3; IEMB3)"
83.138.136.90 - - [17/Aug/2007:17:04:13 -0500] "POST /readme.php HTTP/1.0" 200 13377 "http://www.sandalye.info/read
me.php" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; IEMB3; IEMB3)"
83.138.136.90 - - [17/Aug/2007:17:05:10 -0500] "POST /readme.php HTTP/1.0" 200 16078 "http://www.sandalye.info/read
me.php" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; IEMB3; IEMB3)"
83.138.136.90 - - [17/Aug/2007:17:15:10 -0500] "POST /readme.php HTTP/1.0" 200 17658 "http://www.sandalye.info/read
me.php" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; IEMB3; IEMB3)"
83.138.136.90 - - [17/Aug/2007:17:16:58 -0500] "POST /readme.php HTTP/1.0" 200 16524 "http://www.sandalye.info/read
me.php" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; IEMB3; IEMB3)"
212.100.250.225 - - [17/Aug/2007:17:19:37 -0500] "POST /readme.php HTTP/1.0" 200 15220 "http://www.sandalye.info/re
adme.php" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; IEMB3; IEMB3)"
212.100.250.225 - - [17/Aug/2007:17:22:47 -0500] "POST /readme.php HTTP/1.0" 200 16930 "http://www.sandalye.info/re
adme.php" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; IEMB3; IEMB3)"
212.100.250.217 - - [17/Aug/2007:17:34:51 -0500] "POST /readme.php HTTP/1.0" 200 16930 "http://www.sandalye.info/re
adme.php" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; IEMB3; IEMB3)"
83.138.136.90 - - [17/Aug/2007:17:47:44 -0500] "POST /readme.php HTTP/1.0" 200 17110 "http://www.sandalye.info/read
me.php" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; IEMB3; IEMB3)"
83.138.189.74 - - [17/Aug/2007:18:14:03 -0500] "POST /readme.php HTTP/1.0" 200 16930 "http://www.sandalye.info/read
me.php" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; IEMB3; IEMB3)"
-------------------------------------------------------------------------------------------
Following script is locked till you reply further about this.
------------------------------------------------------------------------
root@jackson [/home/sandalye/public_html]# ll readme.php
---------- 1 sandalye sandalye 5266 Jun 15 08:21 readme.php
-----------------------------------------------------------------------
Awaiting reply.
Best regards,
Andrew Gholap
Abuse Administrator
|
__________________
Sandalye diyip geçmeyin.
|
Okuduğunuz Konuya Benzer Konular 
