Wed, Dec 25, 2:08 PM CST

Renderosity Forums / Community Center



Welcome to the Community Center Forum

Forum Moderators: wheatpenny Forum Coordinators: Anim8dtoon

Community Center F.A.Q (Last Updated: 2024 Dec 24 5:51 am)

Forum news, updates, events, etc. Please sitemail any notices or questions for the staff to the Forum Moderators.



Subject: Unfortunate news.


EricofSD ( ) posted Sun, 16 November 2003 at 12:25 AM · edited Wed, 25 December 2024 at 2:06 PM

My site, www.annsartgallery.com has been used now by a spammer who is sending out mass mailings of porn, viagra, stock tips, debt relief and you name it from rotating names @annsartgallery.com.

I have contacted the host and was sent to a few sites that are obviously difficult to understand (cert.org, etc) and clearly can do nothing more than waste my time.

Since my sister and I are good upstanding people in the community and do not want our site associated with such filth, we have asked the host, www.addr.com, to investigate. The host has responded very well over the weekend but the bottom line is there is probably nothing they can do.

I've used this nic online since 1992. Annsartgallery has been up since 1999 and I'm working on a revamp for an upcoming debut in the local community. I have my first book cover about to be published and the drafts are back and forth from the site on a private url.

This is a total disappointment and I've contacted congress, senate, doj and fbi about how to find the criminal individual. I suspect the spammers will hide behind technology and I will be just another statistic.

We simply will not have our names associated with porn and misleading or false advertising. We will not have our names associated with spam complaints from folks who are recipients of the emails. We will not have our names associated with in any way at all with bandwidth bandits who received the emails and chose to retaliate on our site. It is defamation of character and illegal in most countries.

I am posting this here because yesterday I received an odd IM from someone who just joined the same day. ... [Instant Message from MsStress42: I was very impressed by your progress. I always knew I'd see your work on this website eventually! Congratulations, you have truly come a long ways, you are no longer afraid of your success!] This person commented on one of my fractal images and I sent back asking who she was. No reply as of yet, but in all fairness, its too soon to say there is a problem. I don't know if it is coincidence, if an old friend joined, or if someone just decided to take issue with me.

As you know, I was outspoken in the OT thread on many issues. But too, I have to say, I joined a few yahoo news groups in the last few months. Since I joined the last group (a Terragen group) I've been receiving spam email from names at yahoo and yahoo says the emails did not originate from them, they were spoofed. Now my site is spoofed as of a few days ago.

So I do NOT think that it is an 'Osity member who has targeted me. It could easily be a web crawler program that picked up on my web site or a yahoo group.

However, the hard core reality is that I cannot fork out the bucks to fix this (and Yahoo with their bucks cannot fix it either). The best way is to change my nick (which I have had since 1992), open a new domain with a new host, and start over on a new project. If I do so, I will not go through the time and hassle to rebuild anything at all. No links. No connection to the old nic, profile, or anything else. I simply will not chance that this is a crawler verses a person who has targeted me.

If anyone has any ideas, I'm open. I've heard that changing the host might fix this because it will change the internic IP address and thereby stop the spammer until his crawler locates the site again. I've also heard that changing the host will not fix it because annsartgallery.com will be associated with the new IP (as is to be expected if anyone is to access the site). So any ideas as to how to fix this and I'm willing to put in "some" time to follow up. Any techie types that have a tip or two will be greatly appreciated.

Thank you. I'm sorry this is happening. I have changed the index page of www.annsartgallery.com to notice folks who might visit the site. So far, there has been no local (real life) community reaction to this and I'll hang in here as long as that remains true.


Zhann ( ) posted Sun, 16 November 2003 at 12:52 AM

How did you find out your site was being used?

Bryce Forum Coordinator....

Vision is the Art of seeing things invisible...


agiel ( ) posted Sun, 16 November 2003 at 2:00 AM

Sorry to hear that. This is a real nightmare that can happen to anyone with a website unfortunately. If my memory serves me right, there was an article in Slashdot a few weeks ago about someone in that same situation who apparantly managed to trace back the spam to the source and got the sender shut down. Maybe that article and related comments have some pointers about what to do.... it is late right now (3 am for me) but I will try to find that article tomorrow if you are interested...


EricofSD ( ) posted Sun, 16 November 2003 at 2:11 AM

zhann, I get about 50 emails a day from mailer daemons saying my email could not be delivered. The info shows that the email went out from a made up name at annsartgallery.com to a recipient that was no longer receiving email. To get that many means thousands are going through. My inbox is clogged now with returns. agiel, I'll go check that out. Of course, if its possible to track the guy and shut him down, I'll be glad to do that. If you do find the URL I would be very appreciative. Thanks.


mike3d ( ) posted Sun, 16 November 2003 at 2:41 AM

Attached Link: http://www.mgfm.net/bryce4you/index.html

Yeah, awful... I know the problem since I submitted my site to some ffa and search engine programs. I got 10.000 of that shit mails every week and was not able any more to sort out that few e-mails which were serious. The consequence was that I put the mailaccount on a separated server which I had to empty twice a week without looking at one mail anymore. I do not even know how many serious mails I have lost until I sent new mails to every relation. However, here are two tipps: 1) block any e-mail adress in your mailalias or ask your ISP to block (empty)@yourdomain.com. This prevents however getting mails to someone@yourdomain... 2)Install an antispam and/or personal firewall program, my best experience was with McAfee, however later I experienced some problems with running under windows xp. I have published some info and screenshots especially about spamming and how to prevent it on my site at www.netmarketeer.info Good luck! Michael


ladynimue ( ) posted Sun, 16 November 2003 at 4:50 AM

Oh Eric, I am very sadden along with you about this situation. I too understand what you are going through. As I run a computer graphic's business [which also includes creating web site], I was also hit by a spider, who took it upon itself to send me all sorts of nasty emails via two of the accounts I run. One account was for hunting dogs and I was getting hit with over 50 porn site emails a day. I wanted to write back - The dogs are fixed and have no need for viagra, do not care if woman are nude nor easy, and sure to not need a cyber date :( . I have shut down the email from three of the sites, and applied the following tip from another: As to posting your internet address - Actually type the whole address out rather then put it into an html code. Those who really wish to contact you will be willing to cut and paste rather then click on the email address and have an email window pop up. After closing down one ISP and opening my site with another AND using the new method for posting my email address, I have been virtually spam free. Also, you might want to contact Renderosity, or bondware. I know that they both host web pages, and they have an outstanding anti-spam program! Send Tim an IM with a link to this thread, he does an amazing job of keeping the spammers at bay on Renderosity. Plus you may still be able to use your same name. Sigh, I know how frustrating this can be, and if there is anything I can do to help you please let me know. Sincerely, ladynimue


RHaseltine ( ) posted Sun, 16 November 2003 at 6:52 AM

All they need to do is type their made-up address @ your domain name into the sent by/reply to fields of their mailer and most email applications will treat that as the originating address. This is actually useful - it lets me "send" from my two dialup accounts via my wires-only broadband account - but it leaves the door wide open for non-entities like this. If it's just bad luck that they picked you then changing domains will fix it, but if it was done with malicious intent then setting up your new domain as the source will take just seconds.


CyberStretch ( ) posted Sun, 16 November 2003 at 7:40 AM

Have the mail admin check to ensure that Relaying messages has been shut off; this is the most common form of "e-mail hijacking" that gets done on the net. Another source of possible information would be the server logs. This is, of course, if they are using your mail server and not a spoofed one somewhere else. The e-mail headers can tell you some information, but anything plain text can be spoofed/forged and that makes tracking a little more difficult. As previously mentioned, make sure your mail admin sets the generic alias of *@annsartgallery.com to a mailbox other than your primary one. This way, anything that is sent to an invalid account will go there and responses from those e-mails will too. This will decrease the amount of backlash you get in your primary account. You may also want to setup an auto-responder for webmaster@ and postmaster@annsartgallery.com stating that you are currently trying to rid yourself of the spoofing attempts and invite people to send copies of the e-amils to a specific inbox for further investigation. As RH stated above, giving up your identity is a crap shoot if the cause is not found out. You could end up doing this hundreds of times if you do not find out how they are spoofing your domain name. If it was me, I would keep things the way they are and pursue trying to investigate as best you can. One thing that works to your benefit is that spam is so widespread that it gets deleted without much notice anymore. There are some people who still attempt to stop the spamming, but who is going to remember 100% of the domains they get spam from?


CyberStretch ( ) posted Sun, 16 November 2003 at 7:41 AM

e-amils/e-mails*


elizabyte ( ) posted Sun, 16 November 2003 at 9:33 AM

This happens to people all the time, unfortunately. Spammers are unscrupulous bastards, and they don't care at all who they hurt, piss off, or otherwise trouble. In other words, you may be overreacting somewhat, since this is a well-known spammer tactic, and it's usually a one-time thing (at least, I've never known anyone have it happen to them more than once). Spammers pick an email address or domain from their spam list and put that in the "return" field, simple as that. bonni (spam hater for many years)

"When a man gives his opinion, he's a man. When a woman gives her opinion, she's a bitch." - Bette Davis


agiel ( ) posted Sun, 16 November 2003 at 9:53 AM

Attached Link: http://yro.slashdot.org/article.pl?sid=03/10/01/0120242&mode=thread&tid=111&tid=126&tid=95

Here is the story in Slashdot I was talking about.... a lot of work, but it can be done :)


TerraDreamer ( ) posted Sun, 16 November 2003 at 12:53 PM

Get rid of SMTP and this BS will halt. Fortunately, MS is now beginning to considering this. ISP's have been screaming for change for years.


EricofSD ( ) posted Sun, 16 November 2003 at 1:03 PM

agiel, thank you so much for that link. The artist had his business phone number on his contact page so I dialed it and left a message. There is a very similar pattern between his unfortunate incident and mine. Graphic artist, header spoof, website beginning high on the alphabet list, etc, etc, so I think that was a good lead on at least getting educated and understanding this. Hopefully he can help me analyze the information to track down the spammer. Mike3d, I have mcaffee spamkiller, its doing its job. I realize the host can block the return emails that are not addressed to the main email addy (ie, block the returns off the rotating names), but for now I probably ought to save them for analysis. cyberstretch, the host has confirmed that the emails are not originating through their server, so there is nothing they can do. They do want me to report the spam to mail-abuse.org, however, when I go to that site, it requires that I analyze the information to determine how to report it. I don't know how to do that. The instructions do not make sense as to what I am seeing in the headers. terradreamer, I think that's the answer, but the technology isn't out yet.


dialyn ( ) posted Sun, 16 November 2003 at 1:14 PM

Attached Link: http://www.spamcop.net/

If this makes you feel any better (and it won't), Spam Cop has had the same thing happen to them....how ironic is that? BTW, their site has some information on it about dealing with spam, but I think everyone here covered it pretty well. Sorry this happened to you. It creates a mess for you and the low lifes who did this get to go off giggling at how clever they are. It just doesn't seem fair.


EricofSD ( ) posted Sun, 16 November 2003 at 1:39 PM

LadyN, I went through my site and took out the automated email code and just left the addy typed in. So it cannot be harvested with a bot now. Thanks, great idea there.


Cascade ( ) posted Sun, 16 November 2003 at 7:58 PM

Attached Link: http://www.cdt.org/speech/spam/030319spamreport.shtml

The link is to a report on Spam and the ways e-mail addresses are obtained by spammers. Their conclusion says that the most common way spammers get addresses is with address-harvesting programs which pick up any address shown on a website, and the best way to avoid them is to enter your address in a different format. e.g. "your.name at domain dot com" instead of "your.name@domain.com" This wouldn't stop someone who's aiming for your address, but it cuts down on random attacks.


EricofSD ( ) posted Sun, 16 November 2003 at 8:46 PM

Thanks. I did change the links on my site, but that's not the problem. Its not the spam that I am receiving, its the spam that someone is sending out using my domain name. Such will be harder to track.


TrekkieGrrrl ( ) posted Mon, 17 November 2003 at 6:40 AM

Could it be a virus? When the SWAM worm (or whatever it was called) was at it's peak, I recieved 3-400 e-mails a day(!) Many of them apparently as returned mail, originating from one (later 2) or my mailaccounts. Well I was 100% sure I didn't have that virus, so someone must have spoofed my sending adress in those virus e-mails. It could be something similar happening here. I just let it die out. I hoped that people would eventually clean their computers for Virus. I alerted the people in my own adress book and asked them to look for virus. Now it's down to about 5 a week. I can live with that, especially since I got MailWasher Pro. GREAT program and relatively un-expensive (30$ as far as I remember) It doesn't STOP the virus/spoof/spam from arriving in your inbox, but at least you won't have to SEE it again LOL (and I think, depending on server that it CAN be stopped from even reaching your inbox too)

FREEBIES! | My Gallery | My Store | My FB | Tumblr |
You just can't put the words "Poserites" and "happy" in the same sentence - didn't you know that? LaurieA
  Using Poser since 2002. Currently at Version 11.1 - Win 10.



EricofSD ( ) posted Tue, 18 November 2003 at 12:09 AM

Ernyoka, the emails are NOT being sent out from my site so no, it is not a virus. A spammer has changed his header to give my site a reply addy. He is using MS exchange. I have the exact version number now. The emails are NOT originating from my site or my computer. I am only getting the mailer daemons because the recipients reply to the sender (which is an altered header to make it look like my site). Someone elsewhere is doing this. The owner of art101 has responded to my IM and although he is on a deadline, he said he would call and sent some helpful info. AOL has now blacklisted me. Several smaller ISP's have too. I cannot fork out the bucks or time to fix this. Annsartgallery will close soon. I will leave it open for a short while to try and track this person. However, I do need to spend my weekends renewing several aviation certificates that are hard to come by and I do have a day job. I'm sorry, but I do not have the money or knowledge to be able to analyze the headers of the emails to track the culprit. If someone here wants to analyze this, I'll be glad to zip all the mailer returns and send them.


EricofSD ( ) posted Tue, 18 November 2003 at 12:25 AM

Earthlink and mindspring have just banned my site and my email addy.


TrekkieGrrrl ( ) posted Tue, 18 November 2003 at 1:16 AM

Oh I know the e-mails aren't being sent by you, or from your site. I am not sending all those mails that end up as "returned mail" in my inbox either. But the HEADER in those mails leads the various mailer daemons (never quite known what those are) to BELIEVE they come from me, therefore sending the reply back to my account. And that account was even one that did NOT have a *@... But I DID use that adress on Usenet. So I have a pretty good idea of where those bots harvest their crop. I'm sorry to hear of your problems. Unfortunately I don't know enough about it either, so I can't offer you any help, just my sympathy. But with a little luck, you can reopen the domain in a month or so when the tide has calmed.

FREEBIES! | My Gallery | My Store | My FB | Tumblr |
You just can't put the words "Poserites" and "happy" in the same sentence - didn't you know that? LaurieA
  Using Poser since 2002. Currently at Version 11.1 - Win 10.



EricofSD ( ) posted Tue, 18 November 2003 at 1:20 AM

Not going to reopen. We do art, not time wasting junk. I changed the warning at www.annsartgallery.com to ask for help.


mike3d ( ) posted Tue, 18 November 2003 at 3:28 AM

I'll host you for free (without chance of beeing banned:)if you want and try to find out what's on and how to help you. while we (www.mgfm.net) are not an open isp to anyone, we run our own hosting services and servers. send me a mail to info@mgfm.net, greetings, Michael


TerraDreamer ( ) posted Tue, 18 November 2003 at 1:51 PM

Attached Link: Broadband Reports

Join the above web site, it's free. Visit the forums that deal with spamming. The web site is crawling with tech junkies who do nothing but live this crap. They may be able to help. Most are extremely competent and may be able to either help in identifying the spammer, or offer a viable solution.


LeRoy50 ( ) posted Tue, 18 November 2003 at 4:56 PM

I thought I was alone! I don't visit porn sites,or ask for drugs sold cheap!Yet every day I get Offers that offend me! I HATE these people!!! Stay out of my life!!!Human leech's is the only description I can label them as. I'll probably be targeted for more crap. I guess i'll have to change my E-Mail address to end this.Thanks for letting me vent!


EricofSD ( ) posted Tue, 18 November 2003 at 10:39 PM

I just had a long phone conversation with Andy Markly, at the suggestion of agiel above. He was kind enough to analyze one of the returns and thinks it may be the same group, Eddy Marin. We are working on it. I probably have enough data gathered now but definitely want more. Mike3d, thanks. I'll keep your offer in mind. Glad to pay for the hosting if it comes to the need to change. My sister has a contract for her art on bus benches and was about to release annsartgallery.com as the contact (and I'm in the process of revamping the site). We decided to kill the deal to protect our reputation. Our names mean more to us than sales. So we will open a new site and look to a new future somewhere in time. The new site will be fine art only, no CG. There is power in numbers and as long as the victims are banding together I'll work on nailing the jerk with them. Keep us in prayer. What happens may effect everyone because this guy is HUGE with the spamming thing.


Kendra ( ) posted Tue, 18 November 2003 at 10:48 PM

Oh, good luck. I've been having mail returned that I haven't sent out either but since it's all from AOL addresses someone suggested the virus idea. I'm hoping that's all it is but your thread got my heart going since I have a domain in the "A's" too. Please keep us informed as to what happens. I'm bookmarking all the links people are posting.

...... Kendra


EricofSD ( ) posted Tue, 18 November 2003 at 11:22 PM

Kendra, make a sub folder on your email program and drop all the returns in them. I would be interested in taking a look at the ones that have the full email attachment with them. Not all returns have the full header info. I'm still learning a lot, but very interested in your situation. Contact your host to make sure it is not an open relay thing with them. IM me if you like or email me at eric@annsartgallery.com if you like.


Kendra ( ) posted Tue, 18 November 2003 at 11:44 PM

Sure, I'll forward you the one I recently got. They've become more sparse, not like your problem but they still worried me.

...... Kendra


Ciorstaidh ( ) posted Wed, 19 November 2003 at 7:42 PM

Eric, this will not help with your old site, but may be of help with the new one. You or someone stated something about spiders(robots). When I took HTML course a year ago, we were taught about META tags. Now, if you use meta keywords then it won't help. But, if like me, I would rather lose a few viewers than have the problems, when designing your new site add in the meta tag for the robots. You could also put contact info on a different page than front page which is what I do.

Examples:

[Meta name="robots" content="none"]
(This tells the spider not to index any of your files, this is the one that I use most often)

[Meta name="robots" content="noindex"]
(This tells the spider not to index the PAGE, but it will follow links on that page, unless you tell it not to specifically, which leads to the next meta tag)

[Meta name="robots" content="nofollow"]
(Instructs the spider not to follow any links on that page)

To use, change the [] to <>.

As I said, will not help current situation, but it may help in the future.

Ciorstaidh


elizabyte ( ) posted Wed, 19 November 2003 at 9:47 PM

You can also (and probably should) use a robots.txt file to manage the way robots use your site. http://alicorna.com/resources/Miscellaneous_Resources_Robots_and_Spiders.html bonni

"When a man gives his opinion, he's a man. When a woman gives her opinion, she's a bitch." - Bette Davis


judith ( ) posted Thu, 20 November 2003 at 12:45 AM

My word! I just did a Google search on Eddy Marin, what a scumbag! I'm very sorry this happened to you.

What we do in life, echoes in eternity.

E-mail | Renderosity Homepage | Renderosity Store | RDNA Store


EricofSD ( ) posted Thu, 20 November 2003 at 8:55 PM

Judity, all I need is to find the right code in the headers to track it. This really looks like his work, but I don't have anyone dead to sights yet. Recently my host cut off the returns in a stupid bandaid effort to combat spam, they have seriously limited my data gathering ability. I just wish SOMEONE at my host would read my messages, listen to my calls and THINK about what I'm saying and what they are doing. Running a spam filter so that I don't "see" the problem is just ludicrous when I clearly told them I want to nail the guy.


zai ( ) posted Tue, 25 November 2003 at 3:26 AM

Hi Eric... A thought for the new site...since I do sites as a living etc...have you checked to see if one of your forms has been hijacked? I would think the admins who looked into it should have looked, but usually they just don't care. ::lives with geek programmer as a hubby...so I live and breathe this stuff:: We had a problem with that a while ago since a few of our older sites were using formmail.cgi for quotes, etc. We changed over to a secure php replacement which has solved the problem. Also, you might think about making people contact you via form only until you give out the addy to them, which can be protected just like the above...i.e. they click on contact and then are taken to a form to fill in to send the mail in the browser instead of typing in a mail addy or cutting and pasting. That would keep the addy off the page completely and it won't be available even in source code since its sort of encrypted in the php code that runs the form. Problem is with this stuff is that although it might be a bot..I'm sure y ou know it can just as easily be gathered from any other source....random messages from your domain name could well be that your base addy got picked up from a webring...linkfarm...someone else's computer via a virus...or even harvested from a somewhere like a domain registrar itself. One last thing I would suggest it using a separate email on your contact forms for your domain registration...something not connected to your business..a yahoo account...earthlink account..etc. I am guilty of NOT doing this...but I SHOULD! :) If I had the time invested in this that you have I would wait it out and give notice to your visitors...and I wouldn't toss my meta's either...how else are you going to get anywhere in some search engines? Give it time to die out and don't shoot yourself in the foot too quickly and let some script kiddy take away what you've worked hard for. If you want to send a few mails my way and let the "uber geek" have a look you're welcome to do so...he might even take a peek under the hood of the server if you want him to... all the best.. zai..ps..thanks again for all the help with the contest entry...I know I was a pain!

Rendo Store | Freebies | RDNA Store


Privacy Notice

This site uses cookies to deliver the best experience. Our own cookies make user accounts and other features possible. Third-party cookies are used to display relevant ads and to analyze how Renderosity is used. By using our site, you acknowledge that you have read and understood our Terms of Service, including our Cookie Policy and our Privacy Policy.