Attempted Ube Attack!

RE: IP 66.90.149.174 abuse@grandecom.com
RE: IP 24.153.195.195 abuse@rr.com
RE: DOMAIN easy-rx.biz emailabuse@godaddy.com

Your services and IP's have been used to attempt to send out over 15, 000 spam emails, in an Unsolicited Bulk Email (UBE) attack.

Jesse Harrison signed up for a hosting account with us,

On 2004-06-13 at 18:29:42,

The following information was submitted:
From Host: 24.153.195.195
-----------------------------------------------------------------
Domain_Name_Type = Transfer
Domain_Name = peoplemeds.us

Company_Name =
Contact_Name = Jesse Harrison
email = jessharr@adexec.com
State = CO
Country = US
------------------------------------------------------------------

This information submitted matched that of his credit card used for his
hosting payment.
----------------------------------------------
AVS Code: YY Code Explanation
CVV Code: Matched Bank Records
----------------------------------------------

On June 14th 2004 01:24:10:
IP 66.90.149.174 uploaded /hh3.php which is an email blaster script that was
uploaded to one of our servers, along with two "sets" of email addresses.

Our logs also confirm this ip was used to upload the file hh3.php.

Next our logs show ip 66.90.149.174 executing the hh3.php script
----------------------------------------------------------------------
66.90.149.174 - - [14/Jun/2004:01:35:56 -0400] "GET /hh3.php HTTP/1.1" 200
41 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR
1.1.4322)"
-----------------------------------------------------------------------

As A result of this intended UBE attack, User peoplemeds.us tried to send
four sets of emails:

message number 2500,
message number 2500,
message number 5000,
message number 5000,
-----------------------
Total SPAM 15,000

Path Info: Path(/home/httpd/vhosts/peoplemeds.us/httpdocs) File()
Cmd(/usr/sbin/sendmail)


The contents of the message user peoplemeds.us tried to send follows:
----------------------------------------------------------------------------
BEGIN UBE MESSAGE
----------------------------------------------------------------------------
## To: xxxxxxxxxx@yahoo.com
## Subject: Reorder Medications Notice Free Shipping
## Return-Path: LindsayCarter@easyrxnow.com
## From: Lindsay Carter<LindsayCarter@easyrxnow.com>
## Content-Type: text/plain;charset=iso-8859-1;\n
##
## Medication reorder notification . Everything is so cheap, we have more medications to choose from and a new customer service provides a faster and a better service only here in

http://www.easy-rx.biz
----------------------------------------------------------------------------
END UBE MESSAGE
----------------------------------------------------------------------------

Luckily our internal UBE monitor picked it up and sent all his intended spam into a "junk" MySQL database for the records.

We have terminated this account. However, we have retained all files in their last known state from his account with us, as a record of this incident and proof of it's perpetrators.

This was a direct violation of our Terms Of Service Agreement.
http://www.xtreme-host.com/tos.htm
Sections 3.4.2, 9.0 and 9.1.

Which he agreed to just a day earlier when he signed up for his hosting account.

The attempted UBC attack is violation of all responsible businesses acceptable usage policy's.

This person clearly has no respect for an agreement or contract, therefore I urge you to take action now against this abuser before he breaks your AUP's & TOS's and costs you and your company valuable resources, time and money!


Best Regards,

Dan Hancock
http://www.xtreme-host.com
admin@xtreme-host.com
1+ 877 277 5557
1+ 416 461 2160

 

 

 

 

Top