Getting Scam from WP


#1

what i get in my inbox, mods should pay attention to this.

[quote=", post:, topic:"]
ali55 from A Pakistani Tech forum has sent you a message. You can reply to ali55 by replying to this e-mail.

The message reads as follows:

-----------------------------------------------------------------------

Dearest One,

With warm heart, I offer my friendship, and greetings. However, strange or

surprising this contact might seem to you, as we have not met personally or had

any dealings in the past. I humbly ask that you take due consideration of its

importance and immense benefit.

My name is Ali Rashid, from Ghana. I have a reasonable amount of money

inherited from my late father which I would like to invest in your country

with a very and honest person and again, in a very profitable venture. And for

you being in a business line and for your country being so peaceful I think

you are in a good position to assist me.

Time is not on my side, I will appreciate if you can reply me immediately you

receive this letter so that I can give you more information about my proposal.

Please reply me on this email address ( alirashid002@gala.net ).

I’m looking forward to hear from you.

Warmest regards,

Ali Rashid.

-----------------------------------------------------------------------

--

A Pakistani Tech forum Mailer

[/quote]

#2

Anyone else received this msg?


#3

not yet


#4

i didn't receive any either, this is a carbon copy of NIGERIAN SCAM, anyway i am still having hard time believing that someone would waste time from this forum to do stupid thing like this.

but if your above post is truth, then please include the e-mail header proving that you really received from WP and Admin team should check the header against the forum log, otherwise i think you are CRYING WOLF.


#5

check his profile, http://www.wiredpakistan.com/forums/profile.php?id=1810

@ kudos, i m not a weeping baby, i just informed mods.

from ali55

to xxxxxx@gmail.com

date Thu, Aug 7, 2008 at 9:30 PM

subject Salaam Alaikum,

mailed-by stacia.site5.com


#6

is this sent by ali55 or some virus sent scam. This can be answered by ali55. if ali55 not post reply than he must be scam sender and should be band.


#7

^ send the above info and also include IPs to Admin team and let them check out, they'll let us if we should be careful from ali55 dude.


#8

@mods,

this mail sent to my another ID (which is banned).

and i think you can check this 101% chances that forums mailer LOGS all activity.


#9

complete headers

[quote=", post:, topic:"]
Delivered-To: xxxx@gmail.com

Received: by 10.210.80.20 with SMTP id d20cs58110ebb;

Thu, 7 Aug 2008 09:30:12 -0700 (PDT)

Received: by 10.214.59.8 with SMTP id h8mr2644602qaa.90.1218126611059;

Thu, 07 Aug 2008 09:30:11 -0700 (PDT)

Return-Path:

Received: from stacia.site5.com (stacia.site5.com [216.118.97.173])

by mx.google.com with ESMTP id 6si5035429ywi.1.2008.08.07.09.30.10;

Thu, 07 Aug 2008 09:30:11 -0700 (PDT)

Received-SPF: pass (google.com: best guess record for domain of wiredpak@stacia.site5.com designates 216.118.97.173 as permitted sender) client-ip=216.118.97.173;

Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of wiredpak@stacia.site5.com designates 216.118.97.173 as permitted sender) smtp.mail=wiredpak@stacia.site5.com

Received: from wiredpak by stacia.site5.com with local (Exim 4.69)

(envelope-from )

id 1KR8NL-0000Ts-PU

for xxxx@gmail.com; Thu, 07 Aug 2008 12:30:07 -0400

To: xxxx@gmail.com

Subject: Salaam Alaikum,

From: "ali55"

Date: Thu, 07 Aug 2008 16:30:07 +0000

MIME-Version: 1.0

Content-transfer-encoding: 8bit

Content-type: text/plain; charset=utf-8

X-Mailer: PunBB Mailer

Message-Id:

X-AntiAbuse: This header was added to track abuse, please include it with any abuse report

X-AntiAbuse: Primary Hostname - stacia.site5.com

X-AntiAbuse: Original Domain - gmail.com

X-AntiAbuse: Originator/Caller UID/GID - [32329 500] / [47 12]

X-AntiAbuse: Sender Address Domain - stacia.site5.com

X-Source: /usr/bin/php

X-Source-Args: /usr/bin/php misc.php

X-Source-Dir: wiredpakistan.com:/public_html/forums

[/quote]

kudos take your words back. i showed.


#10

i have taken my words back, i'll refund your money which you paid for my words, 4 rupees and 35 paisas do you want cheque or cash. lol


#11

@kudos

Can you give 35 pisa? You got some old coins of lesser than 50 paisas?


#12

@ kudos :D

do u want argument ? come to IRC channel, i have best reply.


#13

[quote=", post:, topic:"]

@ kudos :D

do u want argument ? come to IRC channel, i have best reply.

[/quote]

we talked on irc chat we are friends now


#14

yes we are.

i just wanted to inform mods abt this scam thing. i done my job.


#15

@TA

@kudos

How about 35 paisas? lolzzzzz


#16

Just wanted to add that I got this mail too. Message was the same as TA's.


#17

[quote=", post:, topic:"]

… and for your country being so peaceful…
[/quote]

:lol:


#18

its a "form mailer ".. what is interested in is the "misc.php" file seen in the headers above... smtp relay wasnt used for it..

X-Mailer: PunBB Mailer

X-Source: /usr/bin/php

X-Source-Args: /usr/bin/php misc.php

X-Source-Dir: wiredpakistan.com:/public_html/forums

and here is the HACK>> http://www.symantec.com/avcenter/attack_sigs/s21228.html

PunBB is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the misc.php script. A remote attacker could exploit ......

Source: http://xforce.iss.net/xforce/xfdb/26245

not uncommon..


#19

Updated the forum software, the above issues should be fixed now.


#20

^thanks alot KO

though the formating is a little off