To our Valued Clients;

We are advising you today of a possible virus/phishing scam mailer being identified as "Important Information Regarding your CirtexHosting Account" and with a ReadMe.zip file attached. DO NOT open this e-mail or it's attachment. The e-mail is coming from a server not under our control, but it is being spoofed as coming from admin@cirtexhosting.com. As it is not actually coming from our server, there is not much we can do to stop this.

We are investigating, and hope to be able to stop the offending person(s).

We appreciate your patience and cooperation!

Hiya,

"Important Notification" from webmaster@cirtexhosting.com is also coming as a different e-mail. Basically, any e-mail coming from a cirtexhosting.com account with an attachment can be considered un-safe.

Okay, then, what do we know what to trust? Anything without and attachment? How is this even possible to do?

I'm scared . . .

Hi,

Just remember we don't send emails out with attachments, nor do we send out emails from our admin@ or webmaster@ address ;)

Cheers

I am also getting this problem with spoofing of my domain. I'd strangle the person if i knew who they were ;)

The IP is sometimes in the headers, if it's a consistent IP, you can block.

The IP is sometimes in the headers, if it's a consistent IP, you can block.


Perhaps people that are getting "hit" could post the headers so the rest of us could use our own discretion and block the IP's and domains.

Heck someone may even recognize the source.


Myself, I ban entire subsets, even countries if t gets to bad.

deny from 210.
deny from 58.
deny from 124.
deny from 202.181.
deny from 195.242.
deny from 72.51.
deny from 218.194.37.
deny from 90.

Crying IGNORANT shame baning domains isn't allowed in cpanel. They automatically resolve to IP only.

All domains are required atleast 2 IP's but can have mutltiples.
Plus sites do change hosting IP's pretty often
If the bans could be applied to the domains AS WELL AS IP, then wouldn't matter what IP they use.

IGNORANT - Thanks for describing CPanel in one word :D

miscbyproduct,

I am the same way, I use lots of blacklists. Especially on unmanaged servers.

The way to kill the domain, perhaps in your situation is to manually edit your .htaccess, and do some redirection for that domain. ;o)

A little example...

<Files 403.shtml>
order allow,deny
allow from all
</Files>

deny from 84.52.64.
deny from 59.106.23.
deny from 193.47.80.
deny from 65.54.188.
deny from 195.225.177.
deny from 216.55.154.166
deny from 72.232.27.182
deny from 87.14.128.144


RedirectMatch permanent ^/parishiltonrecord.com$ http://parishiltonrecord.com

As you can see I have a few enemies out there too... ;o)

btw- The paris hilton thing is just clean up my error logs....

How funny it will be to see the abusive domain log back to anywhere you choose. Although, I would probably send them to a 404 page(whatever that is for you, even if it wastes bandwidth) because that way your not sending the problem to another unsuspecting victim. Sort of like the munging faq.

But then I can also see having some fun initially.... especially if you know the abuser... ;o)

~phil

another tool is the bogon list
http://www.completewhois.com/bogons/

I ran that on an unmanaged server for awhile with quite excellent results.

For email there are country lists out there, where you can block entire countries. Some I used were Argentina, China (Yeah I recognize your 210!!), Korea, Hong Kong, Taiwan, Japan, Thailand, Malaysia, Singapore, Brazil, Nigeria, Russia, Turkey

There are traplists also. Not sure what kind of server you got, shared or unmanaged.

apf and bfd are helpful tools on an unmanaged box.

But then again so are custom IPTABLES.

Also, I wrote some tools to cull through the logs and ban cidr's from a crontab. Since every server is different, you probably have to tune your server to your needs.

Another tool to find the /8 /16 /24 etc I used in some of MY scripts was "cidr" you can search that since I don't know your platform, and you probably wanna compile the binary yourself.

be sure to WHITELIST your ip!!!

~phil

Banlists are pretty much a fool's errand.

What about noreply@cirtex.com? never opened it, just left it for the moment.

Banlists are pretty much a fool's errand.

Hi admin.. Always take care mwaahhh