1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

DP Servers compromised?

Discussion in 'Security' started by SERPalert, Nov 23, 2006.

  1. #1
    As discussed in a previous thread many people got the emails titled "A proposal to join co-op ad tyle network with lots of benefits. I'm worried.

    Firstly I'm worried because they have been sent FROM the dp servers, see below.

    Secondly I'm worried because they have been sent to specific email address' that I only use for digitalpoint. I have received two separate emails to separate email address' that I only use for dp :/

    Is the server compromised, is digitalpoint selling email data? Any thoughts?

    I have masked some personal things out with XXXX.
     
    SERPalert, Nov 23, 2006 IP
  2. T0PS3O

    T0PS3O Feel Good PLC

    Messages:
    13,219
    Likes Received:
    777
    Best Answers:
    0
    Trophy Points:
    0
    #2
    All the FROM stuff in the headers can be spoofed AFAIK. The unique email address would be the scary part of this.
     
    T0PS3O, Nov 24, 2006 IP
  3. SERPalert

    SERPalert Guest

    Messages:
    1,003
    Likes Received:
    66
    Best Answers:
    0
    Trophy Points:
    0
    #3
    Sure I can send emails from but the headers cannot have ip addresses that ping to microsoft servers?! This has come from a dp server (blink).

    I'm by no means an expert, but it doesn't look spoofed to me...
     
    SERPalert, Nov 25, 2006 IP
  4. AgileHosting

    AgileHosting Peon

    Messages:
    22
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #4
    Doesn't look spoofed to me either.

    What concerns me is this:

    That IP is definitely a Digital Point IP:

    I would contact DP immediately and forward the e-mail w/ full headers to them. Looks like they may well have a Big Problem.

    :D Bailey
     
    AgileHosting, Nov 25, 2006 IP
  5. SERPalert

    SERPalert Guest

    Messages:
    1,003
    Likes Received:
    66
    Best Answers:
    0
    Trophy Points:
    0
    #5
    I have sent a pm to "digitalpoint" with a link to this thread...
     
    SERPalert, Nov 29, 2006 IP
  6. SERPalert

    SERPalert Guest

    Messages:
    1,003
    Likes Received:
    66
    Best Answers:
    0
    Trophy Points:
    0
    #6
    Shame, I don't think he reads his pms, from his blog he doesn't read email. And this post is buried in the forums after a mod read it :(
     
    SERPalert, Dec 5, 2006 IP
  7. dilute

    dilute Peon

    Messages:
    232
    Likes Received:
    10
    Best Answers:
    0
    Trophy Points:
    0
    #7
    Wow this is interesting. Next thing to consider is was it sent with DP's consent?
     
    dilute, Dec 5, 2006 IP
  8. SERPalert

    SERPalert Guest

    Messages:
    1,003
    Likes Received:
    66
    Best Answers:
    0
    Trophy Points:
    0
    #8
    I'd doubt that, they are (arguably) advertising a competing service.
     
    SERPalert, Dec 5, 2006 IP
  9. T0PS3O

    T0PS3O Feel Good PLC

    Messages:
    13,219
    Likes Received:
    777
    Best Answers:
    0
    Trophy Points:
    0
    #9
    I'm no expert either but do think everything in the headers can be spoofed. Even the IP. So if they look up DP's IPs, put that in the header, you check header and ping IP and see it's DP isn't proof beyond doubt.

    Would be interesting to see what the Shawnster has to say about this though. It just seems a bit of a silly thing to do really, hack into DP just to send all Co-op users an email. Also, once they hacked into the server, that doesn't mean they have MySQL access to fetch the email address from the DB too. And the 'server' is actuall 'a bunch of servers' so it all seems pretty damn hard to do.

    Anyway, what do I know...
     
    T0PS3O, Dec 5, 2006 IP
  10. SERPalert

    SERPalert Guest

    Messages:
    1,003
    Likes Received:
    66
    Best Answers:
    0
    Trophy Points:
    0
    #10
    Hey I'm only putting 2+2 together...

    But I'm a paranoid guy. I use unique email addresses for everything i sign up to.

    This guy emailed two unique addresses that i use for dp, trust me I use it for NOTHING else. (Only the co-op, not the forums, the keyword tracker - nothing).

    So either Shawn has sold the addresses, which I don't beleive (but anything is possible) or something untoward is going on.

    That coupled with the header info (which, afaik cannot be spoofed).....He's either been compromised or something else is far from right.
     
    SERPalert, Dec 5, 2006 IP
    T0PS3O likes this.
  11. gigapromoters

    gigapromoters Peon

    Messages:
    309
    Likes Received:
    3
    Best Answers:
    0
    Trophy Points:
    0
    #11
    Can you tell me what was in the mail ?
     
    gigapromoters, Dec 6, 2006 IP
  12. mad4

    mad4 Peon

    Messages:
    6,986
    Likes Received:
    493
    Best Answers:
    0
    Trophy Points:
    0
    #12
    I think we need some comment from Shawn on this........
     
    mad4, Dec 6, 2006 IP
  13. SERPalert

    SERPalert Guest

    Messages:
    1,003
    Likes Received:
    66
    Best Answers:
    0
    Trophy Points:
    0
    #13
    Sure, here it is.

     
    SERPalert, Dec 6, 2006 IP
  14. dilute

    dilute Peon

    Messages:
    232
    Likes Received:
    10
    Best Answers:
    0
    Trophy Points:
    0
    #14
    dilute, Dec 6, 2006 IP
  15. fisher42uk

    fisher42uk Peon

    Messages:
    180
    Likes Received:
    7
    Best Answers:
    0
    Trophy Points:
    0
    #15
    From what I remember in a previous thread to hack the DP server you literally need to cut off shawn's hand as the access is authorised by his fingerprint,
     
    fisher42uk, Dec 6, 2006 IP
  16. melol2

    melol2 Active Member

    Messages:
    511
    Likes Received:
    3
    Best Answers:
    0
    Trophy Points:
    80
    #16
    Im sorry but how exactly do you think he would fingerprint authorize login on the internet?... If its possible that wouldnt be very secure at all...
     
    melol2, Dec 6, 2006 IP
  17. gigapromoters

    gigapromoters Peon

    Messages:
    309
    Likes Received:
    3
    Best Answers:
    0
    Trophy Points:
    0
    #17
    Its not possible right now to know how they got your email, but they are spamming and that we know for sure... DP should complaint to their host..

     
    gigapromoters, Dec 6, 2006 IP
  18. Scolls

    Scolls Guest

    Messages:
    70
    Likes Received:
    6
    Best Answers:
    0
    Trophy Points:
    0
    #18
    Open relay perhaps?
     
    Scolls, Dec 6, 2006 IP
  19. SERPalert

    SERPalert Guest

    Messages:
    1,003
    Likes Received:
    66
    Best Answers:
    0
    Trophy Points:
    0
    #19
    Is Shawn back from SES yet?
     
    SERPalert, Dec 18, 2006 IP
  20. krakjoe

    krakjoe Well-Known Member

    Messages:
    1,795
    Likes Received:
    141
    Best Answers:
    0
    Trophy Points:
    135
    #20
    v strange, all headers can be spoofed, but gettin unique email addresses cannot ( obviously ) so something is certainly going on......

    Edit : post 333 ...
     
    krakjoe, Dec 18, 2006 IP