Announcement

Collapse
No announcement yet.

Questionable file found in forum root.

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • [Forum] Questionable file found in forum root.

    Hello everyone,

    I've been receiving emails from the admin email system (I'm the admin) recently which I didn't send from people I don't know and as such the "red flags" have gone up in that someone has been sending email pretending to have come from my forum.

    The email is as follows;

    "This message was created automatically by mail delivery software.

    A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed:

    [email protected]
    SMTP error from remote mail server after end of data:
    host mx2.sbcglobal.am0.yahoodns.net [98.138.206.39]:
    554 delivery error: dd Sorry your message to
    [email protected] cannot be delivered. This account has been disabled or discontinued [#102]. - mta1046.sbc.mail.ne1.yahoo.com

    ------ This is a copy of the message, including all the headers. ------

    Return-path: <
    ****@md-cpanel01.websiteactive.com>
    Received: from **** by md-cpanel01.websiteactive.com with local (Exim 4.77)
    (envelope-from <
    ****@md-cpanel01.websiteactive.com>)
    id 1SvWP8-001CnI-Vi
    for
    [email protected]; Mon, 30 Jul 2012 02:31:42 +1000
    To:
    [email protected]
    Subject: QbKrzZBbHTjRhlDPbu
    X-PHP-Script:
    www.jamesdoylephoto.com/Forum/blog.php for 94.23.1.28
    From: "Queensland Nature Photographers" <
    [email protected]>
    Auto-Submitted: auto-generated
    Precedence: bulk
    Message-ID: <
    [email protected]>
    MIME-Version: 1.0
    Content-Type: text/plain; charset="ISO-8859-1"
    Content-Transfer-Encoding: 8bit
    X-Priority: 3
    X-Mailer: vBulletin Mail via PHP
    Date: Mon, 30 Jul 2012 02:31:42 +1000

    Himanshu,

    This is a message from Himanshu ( mailto: ) from the Queensland Nature Photographers (
    http://www.jamesdoylephoto.com/Forum/ ).

    The message is as follows:

    The workshops are not iclnuded in the membership fee's pricing and we don't have pricing details on those yet. Whatever they are they will be worth it though! We've got some amazing photographers handling them!We really don't have different pricing levels of membership fee's. They are just different durations and they are cheaper the longer term you sign up for. Basicly there is normal memberships for photographers and vendor memberships for vendors. Those are the only two. Other sites offer a pro' membership area for $100-$200 a year and requires and application approval etc. We don't do that. We call that membership a mentor' membership and it's not available to purchase. We upgrade you to that for free if you qualify. Details are on the sign up form where you can opt in if you like : )

    Queensland Nature Photographers takes no responsibility for messages sent through its system."



    I have looked at the details of the emails and can't find any reference to them in the forum files but I did find a file I haven't seen before, can someone tell me if this is a vBulletin file or should I delete it. Please see attached file

    Any suggestions or assistance would be appreciated.

    Thanks

    James
    Attached Files
    Last edited by Jamesdoylephoto; Sun 29 Jul '12, 3:29pm.

  • #2
    James,

    The zdberr is nothing more than a file generated when a database error is encountered and let's say it could not send a email to you regarding it, therefor it generates a file instead.

    Now as for this issue can you please clarify? This email is being sent from your admincp however not by you OR it's failing to send when sent by you?


    Former vBulletin Support Staff
    Hacked recently? See my blog post "Recovering a Hacked vBulletin Site".
    Thinking outside the box? Need modification support? Visit www.vBulletin.org and have at it!

    Comment


    • #3
      It looks to me like that user (Himanshu) sent an email to himself and the email address is disabled.

      Comment


      • #4
        Originally posted by TheLastSuperman View Post
        James,

        The zdberr is nothing more than a file generated when a database error is encountered and let's say it could not send a email to you regarding it, therefor it generates a file instead.

        Now as for this issue can you please clarify? This email is being sent from your admincp however not by you OR it's failing to send when sent by you?
        Thanks for that information The last superman; No I didn't send it and we don't have any members named Himanshu.

        Since I posted this I have also had a comment posted on one of my blogs which was very strange because it was about the same things as in the email, about workshops.

        We have only stated getting these strange "posts and emails" the last couple of days and don't know who is sending them or posting as they aren't members of our forum.

        Comment


        • #5
          Well in that case if these blog entries are being made without your knowledge and more importantly permission it sounds as if you have been hacked... I can't think of any other way someone would be able to simply make new Blogs unless you have a fault in your permissions and how they have been setup...

          I would use this guide and double-check your site just to be safe - https://www.vbulletin.com/forum/cont...vBulletin-Site


          Former vBulletin Support Staff
          Hacked recently? See my blog post "Recovering a Hacked vBulletin Site".
          Thinking outside the box? Need modification support? Visit www.vBulletin.org and have at it!

          Comment

          widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
          Working...
          X