I was quite shocked to discover that within 24 hours of making a private e-mail box address at my own tightly secure ISP server I received this e-mail:

SACHSELOTTO COMPANY congratulation!!! you have won one million euro.contact your claims agent for processing of your funds.

in my new private box. There is no way that my own ISP would make my personal e-mail addresses available to any search engine e-bots, and indeed that has never happened in the years I have had my service.  This leaves me thinking that somehow the e-bots have found a way to scoop up the addresses of members here at Renderosity although again I don't understand how that could happen either.

Of course I can and I will go and immediately change my own special new e-mail for this site, and see if I can put a stop to this.  The whole point of getting out of Yahoo was to get away from this garbage and establish a very private secure e-mail address for my most favorite web site forum/store on the net!

Does anyone have any reactions suggestions or ideas about this?  I do not get any spam at any of my other private ISP addresses, of which I have just made up several to take the place of all the yahoos I had as well as having many boxes via my own .com for years.

Please understand this is in no way a criticism of renderosity but a search to find out why this may happen.

Thank you for any help or insight.

Could this occurance have anything to do with selecting "text only" for my e mail notices prefrences? My web mail for this site will only handle text only, not html... SO anohter question is:
If I select html, would a "favorite artist" notice e mail just not work or would I have some sort of "if you can't see this, click here"?  I wish I could have html notices as that way I can SEE the newsletter and coupon e mails....I am just in a quandry as what to do. I guess I can only create a new e mail address...change it here and TRY the html version...I can always change that prefrence back.

Gosh.... having spam CHASE ME in a way that normally it can't get to me is ....well... weird!

This subject was discussed several weeks back (thread title was something like ' Renderosity hacked??? '  

Several members all wtih dedicated rendo emails suddenly started getting spam - I was one.  In around 3 years I never got one single spam message to my rendo email then suddenly it started.

I even deleted that one and created a new and started getting the same to that.

The admins were adamant that email addresses were safe and 'no staff member would ever sell them' despite many protests, and eventually the line was 'it's not us' and the thread was locked.

Related to this thread as well:

http://www.renderosity.com/mod/forumpro/showthread.php?thread_id=2691125

This is very odd. I was being deluged with these scam emails mentioned in another place in this forum on my old email, this is a fairly recent occurence for that old email too. This is rather frustrating for me so I just disconnected that email from my Outlook and created a brand new one on my domain. This one has never, ever been used online till this week. Here. At Renderosity. And now, BAM!, I am once again being deluged by scam-mail from everywhere. On a brand new email address that has never, ever been on the web before. Coincidence? I'm thinking not. Maybe this should be looked into. There is clearly a vulnerability somewhere in this php scripting for the galleries.

either their servers are insecure, there is a rogue member with server access, or these dedicated e-mails are being harvested via the spam algorithm that generates addresses for domain names using a dictionary or other process, based on the tendency of users to choose machine-predictable usernames. my assumption would be the latter.

I doubt seriously it is any of these issues. I've never had a private email jumped on by spammers within less than 12 hours of creation. Never. Consider this is the only place this new address of mine is being used. I do not have a justmel@renderosity email address. Never have had one. No need. I've had my own domain for 6 years. PHP scripting is known for vulnerability issues that can be exploited by hackers and hacker programs, unfortunate but true. Based on how the spam mail is timed (namely after I have posted something in the galleries) it acts much more like a PHP vulnerability. It could even by an exploitation made via or with an RSS feed.

*"...tightly secure ISP server"

I have yet to encounter a "tightly secure" ISP mail server.

Or do you mean domain host?

I have unlimited e-mail accounts through my domain host and can configure each box to accept e-mail from those I specify; everything else is flat out rejected and sent back as user unknown.  Most decent domain hosts offer this type of configuration.  An ISP, forget it.  Verizon is my ISP and I believe I'm allowed up to five e-mail accounts.  I can set one up and within a week I'll get spam.  Because of this, I've abandoned any thought of using my ISP's (Verizon) mail server.  The only thing I use Verizon's mail servers for is sending e-mail through my domain host, not to receive.

For Renderosity, I use a Yahoo account which I don't care about.  I never use it at all.  As a matter of fact, I can't even remember the password for it.

If I were you (if you're not already), I'd try a domain host.  Buy yourself a domain; domain hosting is dirt cheap these days.  Just make certain the web interface is decent and the e-mail configuration is of high-quality with decent features.  And go with a well-known host.

Regards.

Quote - I doubt seriously it is any of these issues. I've never had a private email jumped on by spammers within less than 12 hours of creation. Never. Consider this is the only place this new address of mine is being used. I do not have a justmel@renderosity email address. Never have had one. No need. I've had my own domain for 6 years. PHP scripting is known for vulnerability issues that can be exploited by hackers and hacker programs, unfortunate but true. Based on how the spam mail is timed (namely after I have posted something in the galleries) it acts much more like a PHP vulnerability. It could even by an exploitation made via or with an RSS feed.

I've had dedicated addresses for DAZ and Poser Pros for a very long time - I created all 3 onthe same day - neither of those has ever had spam.

Mine aren't XXX@renderosity.com emails - they are using my own domain name.

This subject was discussed several weeks back (thread title was something like ' Renderosity hacked???

Yes, by me. And I was torn to pieces by people who don't even took the time to understand what  the problem was...

Thanks people for chiming in so I don't look like the only one...

Just for the record, I changed 3 times my Renderosity mail address (Those are Renderosity-specific mail adresses on my own domain & servers), and each time it got the same type of spam (scams). I kept those scam mails for forensics.
The other mail addresses of the same domain never recieved any similar scam mail (regular spam gets eliminated on the server, nobody ever sees it - that's why I see scams, scams aren't caught by spam filters).

This means that "something" not only had access to (some/all) peoples' mail addresses, but that it continued doing so for almost a month, since new, freshly created addresses got spammed a short time after being put into service. Cool.
If Renderosity did not sell their client's addresses (which I don't think, there is usually a limit on how stupid you can be), it can only mean some fairly important computer at Renderosity/Bondware has/had a spyware running, which is even worse.

I could have helped (since it's my job), but , oh well, Renderosity got the defenders it deserves.

Just to add: I never posted anything to the galleries here, so it's not the galleries.
All I use is the shop (extensively), and the forums (rarely).

Well I should have been more clear.. it is my own DOMAIN HOST... and it is interesting that ONLY my new address for HERE only... with my lynescreations.com e mail WITH TEXT ONLY checked got the lottery scam e mail. I immeadiatly changed my e mail address (easy to do on my own domain host) and ALSO went back to html e mail notices... they DO work even on my domain's web mail - the links are there and clickable...(have not gotten a newsletter yet)....

BUT... the spam stopped! That is why I asked if it had something to do with checking off "text only" for e mail notices from here... it has been 3 days with the new e mail and so far, so good. I will watch it and see... at least I CAN change my address "at will" to keep spam down.

I do find it interesting that NONE of my other web sites with my new domain e mail boxes have gotten spam at all- all were created on the same day...the ONLY difference was that I asked for "text only" here to start with.... so thought to see if the "powers that be" could check that aspect. (I know nothing about programming.)

Lyne

That is why I asked if it had something to do with checking off "text only" for e mail notices from here...

No, because I always used "text only", and did get the scams nevertheless.

It seems that the problem, whatever it has been, has been fixed, since last week's mail address didn't (yet) get any scam mail. So I'd say you just happened to change it at the right moment.

I may well change mine again then - the one I created a few weeks ago has been swamped this week :cursing:

Nope - it's not finished.
Just got the first scam on the account I mentioned in my last post...  :-/

Question 1

Do you receive E-Bots and/or Newsletters From Renderosity?

Question 2

Do you receive E-Bots and/or Newsletters From Renderosity?

Question 3

Do you receive E-Bots and/or Newsletters From Renderosity?

If you answered YES to any of the above questions...You are subject to get Spam.

Tom

Do I get newsletters from DAZ?  

Do I get newsletters and ebots from Poser Pros?

The answer to both the above is yes.....but I don't get any spam on those 2 email accounts......

Hmmmmmmmmmmmmmmmmm. 

He's probably the one who's selling the adresses, that's why he's spamming with nonsense all threads talking about that... :-D

Quote - This one has never, ever been used online till this week. Here. At Renderosity. And now, BAM!, I am once again being deluged by scam-mail from everywhere. On a brand new email address that has never, ever been on the web before. Coincidence? I'm thinking not. Maybe this should be looked into. There is clearly a vulnerability somewhere in this php scripting for the galleries.

Hmmm, that probably explains the Pepsi Cola scam spam that I received the other day at an email that i've never ever had spam sent to before.

Given this is an ART site and evidently a dozen pages of several people trying to explain this before with not one bit of comprehension from those insisting on conspiracy...I thought maybe a picture might better illustrate what "Could" be happening

Lets say our member with a dedicated E-mail address for DAZ, and One for Renderosity,...Lives in New York. (We'll call him Fredrick Allen rty)

When Fredrick Gets an E-Bot from DAZ...it follows the RED path of routing points until it gets to Fredrick...It's a fine ride...safe, secure, and has a nice view along the way, and encounters no BAD Guys.

However...When Fredrick gets an E-Bot from Mean old Renderosity...it takes the GREEN path, and although a scenic path, it encounters BAD Guys along the path at routing points that DAZ never takes.

So..ya see?

Just because Fredrick has a dedicated E-mail address for DAZ...one for Rosity..and one for whothefuckcares.com,... the paths that the E-bots take to get to Fredrick, are taking different routing points.

It is at one of the points along the path that Rosity's servers take that the E-mails could be being harvested.

Naturally...this is a simplified version of how it works...actually...there could be hundreds of routing points along the path in which the E-Mail addresses could be harvested.  In fact...just because DAZ is based in Utah..and Rosity is based in Tennessee....doesn't mean that is where their servers live.

For example...I live in North Carolina...My Hosting company is based in Michigan...But my site lives on a server in Florida.

Get the picture now?

Tom

(Hey look...there is a routing point in North Carolina...I'll betcha Hawkfyr is the one behind this)

or maybe it's routed thru virginia where "no such agency" is harvesting it. those guys are always up to some kind of shenanigans. keyword: echelon.

Did "No Such Agency" move to VA?

I used to live just a couple of miles from "Them" when I lived in Laurel Md.

They were located on the now closed "Fort Meade" Army base.

Are you sure you are not thinking of the "Central Idiots Agency"? I know they are located in VA?

Either way..."I Declare Shenanigans" on all of-em....lol

Tom

'ere's one for ya Tom.

as this week is the first time i've ever gotten any spam, and i've had about 20 this week now, favourite has to be my good ol' Nigerian friend from way back when, wanting to give us some thousands of pounds but he can't remember my name address, sex (we never had any i swear) bank details and such! (can't think why he can't remember my bank details,as that is normally one of the first things i share with my good buddies, e.g.. name, fav colour,bank details)

so i wondered this...why can i only wiggle one of my little toes?

then i wondered this.. is there a chance that a particular member that had replied to a thread that i was part of, could be the root of this. I don't know the techy words for it but say I was in a thread and Acadia was in a thread and then this one member replied (don't know who BTW) then the next day Acadia and I both get a pepsi-cola scam-spam, spam-scam,whatever!!

so i guess i'm asking if this could happen because of a single members input, and then the subsiquent e-bot that follows, and also when we log in here are we physically writing stuff here (or wherever Rendo's server is) all of us together, or are we actually writing from our individual IP's or E-mail addresses until we hit "submit" (don't know where that last bit came from, but it sounded clever so i included it)

anyway not sure if i've successfully managed to ask a question with that babble, but maybe it makes some sense.

last question ...if it turns out to be one single members fault for this "shenanigans", and if he weighs more than a duck, may we burn him.

as part of my Colombo-type investigation into this, i have dirty ol' raincoat on and a saggy dog under my arm now, I am going to (if i remember to) turn off my e-bot notification each time i post to see if that makes any difference, but i had already opened a couple of these spam-scam thingys so i remember someone saying something about "bouncing" maybe means that 'cause i opened it someone somewhere knows that my E-mail is a live one (active) so it might not make any difference, must remember to not open these E-mails (sorry note to self there!)

so this roving reporter will report back any findings,from this investigation, first i'm gonna have to interigate my Daz newsletter though to see what he knows to make this fair.

(it's hard to type with a dog under one arm ya know)

B**@GGER !!! i forgot to uncheck the notification thing!!

this investigation has started off well!!

right this time then, you're all in safe hands now.

don't know if this is significant or not, but i seem to be getting a new spam when i get a notification of being favourited, not sure i can turn that e-bot off though! don't remember seeing that option anywhere, it also occured to me that if i keep getting favourited over the week i will get a "you made the charts" e-bot (party-popper moment), which i also don't think i can do anything about.

so already this investigation is riddled with complications,one being the carrying of this dog around all day, my arm hurts.

geez, tom - they moved to maryland? I reckon I'll hafta e-mail the Information Awareness Office, that they might update their files.

ok!! so i've been silent for a couple of days now ( to not get any e-bots) but apparently i'm still winning the lottery every day!! no ebots but still spam-scam-thank-you-maam! so i don't think it is e-bot related.

so crime solved sort of!! it isn't e-bot's fault, in my opinion,so i'm putting this dog down!

(and you can lower your eyebrows a bit 'cause i just meant i'm putting the dog down on the ground! not that i'm having the dog put down!!...sheesh, i'm not that strict ya know!)

Well dang it I want to win the lottery too!...its just not fair I tell ya :bored:

IMVHO it's a matter of spammers already sending mass emails to every likely username in a given domain, even if that username isn't currently in use. they may get the list of likely usernames from software and online dictionaries, by a devious and cunning process. then when some unlucky user activates one of the names on the spammers' lists in what the user intended to be a "dedicated email address", the spam that was already being sent to that username starts to appear immediately.

i was talking to my mother about it the other day (she's been on computers for years) and she was saying that she gets tons of spam, but usually none of it is actually adressed to her, but instead similar names, so it looks like a multitude of name options are sent from wherever and if your e-mail address is similar or the nearest thing to it you will get that email spam.

i'm guessing that the selling of email addresses isn't against the law in any country (i don't know BTW), so was wondering if there is any reason why, any or all of our individual ISPs, couldn't, shouldn't, or wouldn't, be able to sell all the email addresses that they provide for to someone.

just a hyperthetical question by the way,ALLEGEDLY!!.........etc.,etc

Hahahaha. This is funny. I'm now getting the first spam I've seen in over 5 years! Suddenly everyone in the world is telling me I've won money, my private parts need to be made bigger, and so many more want to be my best friend. There's something to this thing here in this thread. Off to go deleat another 1050 spams now g-by.... prances away with a sludge hammer

mylemonblue
Location: 127.0.0.1 :P

 vikinglady I think your the first one to notice it. Hehehe. :thumbupboth:  :biggrin: