Getting Scam from WP

what i get in my inbox, mods should pay attention to this.

[quote=", post:, topic:"]
ali55 from A Pakistani Tech forum has sent you a message. You can reply to ali55 by replying to this e-mail.

The message reads as follows:

-----------------------------------------------------------------------

Dearest One,

With warm heart, I offer my friendship, and greetings. However, strange or

surprising this contact might seem to you, as we have not met personally or had

any dealings in the past. I humbly ask that you take due consideration of its

importance and immense benefit.

My name is Ali Rashid, from Ghana. I have a reasonable amount of money

inherited from my late father which I would like to invest in your country

with a very and honest person and again, in a very profitable venture. And for

you being in a business line and for your country being so peaceful I think

you are in a good position to assist me.

Time is not on my side, I will appreciate if you can reply me immediately you

receive this letter so that I can give you more information about my proposal.

Please reply me on this email address ( alirashid002@gala.net ).

I’m looking forward to hear from you.

Warmest regards,

Ali Rashid.

-----------------------------------------------------------------------

--

A Pakistani Tech forum Mailer

[/quote]

Anyone else received this msg?

not yet

i didn't receive any either, this is a carbon copy of NIGERIAN SCAM, anyway i am still having hard time believing that someone would waste time from this forum to do stupid thing like this.

but if your above post is truth, then please include the e-mail header proving that you really received from WP and Admin team should check the header against the forum log, otherwise i think you are CRYING WOLF.

check his profile, http://www.wiredpakistan.com/forums/profile.php?id=1810

@ kudos, i m not a weeping baby, i just informed mods.

from ali55

to xxxxxx@gmail.com

date Thu, Aug 7, 2008 at 9:30 PM

subject Salaam Alaikum,

mailed-by stacia.site5.com

is this sent by ali55 or some virus sent scam. This can be answered by ali55. if ali55 not post reply than he must be scam sender and should be band.

^ send the above info and also include IPs to Admin team and let them check out, they'll let us if we should be careful from ali55 dude.

@mods,

this mail sent to my another ID (which is banned).

and i think you can check this 101% chances that forums mailer LOGS all activity.

complete headers

[quote=", post:, topic:"]
Delivered-To: xxxx@gmail.com

Received: by 10.210.80.20 with SMTP id d20cs58110ebb;

Thu, 7 Aug 2008 09:30:12 -0700 (PDT)

Received: by 10.214.59.8 with SMTP id h8mr2644602qaa.90.1218126611059;

Thu, 07 Aug 2008 09:30:11 -0700 (PDT)

Return-Path:

Received: from stacia.site5.com (stacia.site5.com [216.118.97.173])

by mx.google.com with ESMTP id 6si5035429ywi.1.2008.08.07.09.30.10;

Thu, 07 Aug 2008 09:30:11 -0700 (PDT)

Received-SPF: pass (google.com: best guess record for domain of wiredpak@stacia.site5.com designates 216.118.97.173 as permitted sender) client-ip=216.118.97.173;

Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of wiredpak@stacia.site5.com designates 216.118.97.173 as permitted sender) smtp.mail=wiredpak@stacia.site5.com

Received: from wiredpak by stacia.site5.com with local (Exim 4.69)

(envelope-from )

id 1KR8NL-0000Ts-PU

for xxxx@gmail.com; Thu, 07 Aug 2008 12:30:07 -0400

To: xxxx@gmail.com

Subject: Salaam Alaikum,

From: "ali55"

Date: Thu, 07 Aug 2008 16:30:07 +0000

MIME-Version: 1.0

Content-transfer-encoding: 8bit

Content-type: text/plain; charset=utf-8

X-Mailer: PunBB Mailer

Message-Id:

X-AntiAbuse: This header was added to track abuse, please include it with any abuse report

X-AntiAbuse: Primary Hostname - stacia.site5.com

X-AntiAbuse: Original Domain - gmail.com

X-AntiAbuse: Originator/Caller UID/GID - [32329 500] / [47 12]

X-AntiAbuse: Sender Address Domain - stacia.site5.com

X-Source: /usr/bin/php

X-Source-Args: /usr/bin/php misc.php

X-Source-Dir: wiredpakistan.com:/public_html/forums

[/quote]

kudos take your words back. i showed.

i have taken my words back, i'll refund your money which you paid for my words, 4 rupees and 35 paisas do you want cheque or cash. lol

@kudos

Can you give 35 pisa? You got some old coins of lesser than 50 paisas?

@ kudos :D

do u want argument ? come to IRC channel, i have best reply.

[quote=", post:, topic:"]

@ kudos :D

do u want argument ? come to IRC channel, i have best reply.

[/quote]

we talked on irc chat we are friends now

yes we are.

i just wanted to inform mods abt this scam thing. i done my job.

@TA

@kudos

How about 35 paisas? lolzzzzz

Just wanted to add that I got this mail too. Message was the same as TA's.

[quote=", post:, topic:"]

… and for your country being so peaceful…
[/quote]

:lol:

its a "form mailer ".. what is interested in is the "misc.php" file seen in the headers above... smtp relay wasnt used for it..

X-Mailer: PunBB Mailer

X-Source: /usr/bin/php

X-Source-Args: /usr/bin/php misc.php

X-Source-Dir: wiredpakistan.com:/public_html/forums

and here is the HACK>> http://www.symantec.com/avcenter/attack_sigs/s21228.html

PunBB is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the misc.php script. A remote attacker could exploit ......

Source: http://xforce.iss.net/xforce/xfdb/26245

not uncommon..

Updated the forum software, the above issues should be fixed now.

^thanks alot KO

though the formating is a little off