There doesn't appear to be SPAM or Abuse board so I figured this would be the next best place for it...

On the 7th February (3 days ago) at 11:15am, then again at 11:16am, I received an e-mail (2 in total) from "webmaster@uuuq.com". The first one didn't have a subject but the second ones subject was:

F*ck (without the *)

They both contained the following body...

(again, without the *)

Did anyone else get these??

It could be a spammer, which leaves the question... Why were there no security measures to prevent someone registering with the name "webmaster"?? Could I sign up with "admin" and ask people for their login details (I wouldn't do that, btw )???

http://www.zymic.com/forum/index.php?showtopic=16050&hl=

Using a simple php script to send emails you can 'act' like if you were bill@microsoft.com... you can be whom ever you want to be. It does not mean the webmaster of uuuq.com sent you an email.

Yes it is VERY easy to forge a email header...

Example... FOR EDUCATIONAL PURPOSES ONLY


That would send the mail as billgates@microsoft.com even if the script is hosted on a non-microsoft server. One of the problems with how the emails work...
This could also be used by phishing sites. Personally, I think emails should be recreated in how they work.


Trippin7464 - This is not something we need on the forums. Please don't post stuff like this, even if it is for "educational purposes only".

Interesting script ^^

And that's a good idea, why don't you gather a few coders, and create a secure e-mail client wich doesn't recognize those things and stuff? If that is possible ofc Would be very popular I think

One reason is because that is somewhat illegal (mail bombing) and you will most likely get sued by the company whom you are trying to imitate.

To the main topic, as you may have noticed, Zymic was hacked. Jack has sent out messages apologizing to this. The same person who hacked Zymic also hacked HipHopClique (which is strange) but it just proves that these 13 year old, no-life losers, are going around and doing this to multiple sites. Most possible method they used was brute forcing. I just hope the hackers did not put scripts that attempts to hack bank servers. I found couple on mine. The security team of the bank contacted me directly within an hour. It sucked soo much. Spent an entire day cleaning up all files.

fuck that pisses me off...... i hate getting those... especially when there sent by myself apparently...