WowInterface.com email database has been compromised
Apologies for posting this on a forum - I couldn't find any other way of contacting the people who run wowinterface.
I've just received a fairly standard phishing email, with one notable point - it was sent to an email address that I have only ever used with WoWInterface. This suggests to me that somehow, spammers have gained access to the wowinterface email database. Please would you investigate? Email below, with some info anonymised. Note that it was sent as base64-encoded text, which means I can't easily paste the source in here - instead you get what gmail renders, plus the headers. ----- Code:
Delivered-To: [email protected] |
Our database is not accessible from a public ip. Its only on a vlan that our httpd servers can access. Looking at the logs I do not see anything that would suggest a compromise to our data.
Checking some other error logs and will let you know if I find anything. |
Quote:
Thanks for checking, anyway. If you would like the actual (encoded) text of the email with the actual email address, I'll be happy to send it on by email - but not on a forum. |
Sure, please send it to [email protected]
Do you use a shared host? It's possible one of their clients was able to get a list of email addresses on the server. Any large queries I'm emailed about. However I'm still sifting threw the logs. |
For future reference (for both you and any others reading this), since Dolby forgot to mention it, there is a link in the footer of the site, on the bottom-right, which says "Contact WoWInterface". :)
|
Quote:
Quote:
I'm no expert, so it's entirely possible that something else is up - but I thought I'd alert you to the possiblity. Sorry if it's a wild goose chase :-) |
Is it possible that email was public before you turned off displaying it in your public profile for wowinterface ?
|
Quote:
|
By "shared host", I think Dolby meant cloud hosting, or rather, running multiple people off the same server. Typically, if you get cheap hosting and don't much care about anything server-side, then that's what you're on. However, since you're using GMail for your email service, Google is remotely handling the email, not your server, so your server wouldn't have that data (except potentially the ones you registered the domain and/or hosting with, and maybe one or two default ones).
|
Quote:
Also keep in mind, they don't have to "find" your email address somewhere to send it to you. They have automated scripts that randomly put letters and numbers together to make email addresses and send them out. For example. A few months ago I created a new email address. Not yet sure what I wanted to do with it yet, so I just haven't done anything with it yet. I have never registered it with anyone for anything.... and my spam box was flooded with in a week. LOL Crazy. But that is a big coincidence w/ your email. |
Quote:
|
I created a gmail account for my dad some time ago. He almost never uses it, and even if he does it's only for mailing with some friends/colleges.
So the mail was never public. And the name is fairly long and not generic, so it's not likely to "guess"... Still, from day 1 i think, the mail is full of spam, and I mean really full (at least 10 spam/day, gets even to 100/day... In short: a gmail account can get spam w/o ever being public... |
Quote:
|
Quote:
|
So...
I'd like to report that I have the same thing happening with me. I have an email address that's unique to wowinterface... my email system routes anything in the name of myaddress-anyrandomtext directly to me, and I tag my sites that way... so my address here is [email protected]in A week(ish) ago I got a phishing mail asking for WoW information. I run my own mail server, nobody shares it but the people that live with me (who don't have administrator access), this email address has never been posted, used to send mail, or otherwise exposed to the real world, other than being used as the account email for wowinterface. One roommate (who doesn't use the per-site unique addresses) got the same thing to the email address they have registered with wowinterface (though they use it on several sites, so that's not authoritative proof). I seriously doubt that someone just randomly thought to append -wowinterface to an otherwise working address to get through to me. I think the likelyhood of doing it twice with two different people's addresses is pretty damned unlikely. And my roommate never had an attempt at using a -wowinterface form of their address, just their normal address, so somehow the pharmer knew who was using tagged addresses and who wasn't? Seems incredibly unlikely. Unless my email address is public. I just looked through all of the account options I could find, though, and couldn't find anything about making one's email address visible (or not). So, I tend to agree, something might be going on here. And no, unless you use a common name as an email address (e.g. "john@wherever"), a private domain can't get spam if the email address is never used anywhere. Especially not something like mine, where the -wowinterface (or whatever) part doesn't even exist. -j |
I would like to report a similar email that I just received a few minutes ago.
As with a few people above, I know that this was sent directly to the email address I used ONLY for Wowinterface (because I use a unique email for each website...). This is a bit too coincidental to assume it's by chance. Judging by how log checks showed no success, perhaps there is an exploit used to query the MySQL database (I'm assuming MySQL, for the sake of simplicity) of Wowinterface for a user's email address. Perhaps it's worthwhile to review the PHP code to see if such a leak exists? Quote:
Quote:
|
The log's are scanned for injection attacks and any malformed url's are listed nightly in my logwatch. I of course mysql_real_escape_string() everything that is remotely entered.
Also nafe you do not have a "@nafe.com" email address in our database. Since you are long time members its possible when we were compromised a few years ago (we posted news about it when it happened) that they got away with some email addresses. That was on our old server and I do not have the logs for that. |
"Me too" post...
I'll chime in and mention I just got the same phishing email to my wowinterface.com@<mydomain>.net which, like the OP, I setup for use only with this site. I'm not sure if I was a member during the "old server" compromise mentioned above but it would be worth comparing my registered date to that to see if that holds water. The content of the two spam mails I got is identical to the above. The header info is slightly different as you might expect from forged senders/relays.
|
I use my e-mail address everywhere and for many years, never received a single spam message similar to those explained by above users. I'll let know if that changes.
|
I've not received such mail (just to - you know break cycles).
Has anyone at any point considered spam sent at random? I worked for an ISP and now for an anti-viruscompany and I also have my own hosting, which includes mail, you wouldn't believe the amount of spam we get (we actually almost disable our spamfilters so clients can get through with ludicrous mails). For those with own mailservers/hosting : do you have a catch-all address? Any mail sent to a non-existing addresses will then be sent to the main account. Since the spam is directed at wow-account farming, they just try random stuff with names of well known wow-oriented sites. |
All times are GMT -6. The time now is 01:40 AM. |
vBulletin © 2024, Jelsoft Enterprises Ltd
© 2004 - 2022 MMOUI