I have my own domain and setup an 'alias' email address anytime I sign up for a new site. My email address here for example is firstname.lastname@example.org. Evidently the email address list has been leaked as I have been receiving spam from various sources sent to my GORC address. Just advising the site admins here to take action to mitigate any further leak.
Email addresses leaked?
Posted 01 August 2017 - 02:10 PM
When did this first occur? I will contact our backend admin to see if there's anything going on. Do you have any other details I can pass on to them?
GORC Board Member
Posted 01 August 2017 - 02:20 PM
Thankfully I have only received two, but hopefully they can get in front of it. Here are the full details of both I have received (minus my full email address of course):
FIRST EMAIL - 7/31/2017
Received: from [188.8.131.52] ([184.108.40.206]) by mx.perfora.net (mxeueus003
[220.127.116.11]) with ESMTP (Nemesis) id 0Lbaxx-1dziy03XDP-00lGBE for
<email@example.com>; Mon, 31 Jul 2017 20:55:08 +0200
Received: from bzq-198-168-31-128.red.bezeqint.net ([18.104.22.168]) by
mx.perfora.net (mxeueus003 [22.214.171.124]) with ESMTP (Nemesis) id
0MXXrk-1d5gVh3T0Q-00WRzh for < firstname.lastname@example.org >; Mon, 31 Jul 2017 20:55:07
Received: from smtpd (localhost.localdomain [127.0.0.1]) by bezeqint.net
(Postfix) with ESMTP id 72442C7D4CB5
for < email@example.com >; Mon, 31 Jul 2017 21:55:05 +0300
Date: Mon, 31 Jul 2017 21:55:05 +0300
From: "Sharron Cole" <Colegqomz@bezeqint.net>
To: < firstname.lastname@example.org >
Subject: This stock is gonna go up 4 fold before the end of the week.
Envelope-To: < email@example.com >
Content-Type: text/plain; charset="utf-8"
I won't waste your time with nonsense. I'll get right to it...
One of my best friends who happens to be employed at the largest firm in =
new york told me that I should really consider buying a specific stock =
Without going into specifics he told me that it's going to at least =
quadruple in price this week.
It's a small company that's basically trading at rock bottom prices, and =
after digging a bit more into it I think that they are about to make a =
really massive announcement any day now.
If you can get in at between 7 and 10 cents in the next few minutes I =
really recommend you jump on it quickly. It's trading under the symbol =
q,s,m,g (just the letters without the commas). Type this in your account =
to buy it.
Don't waste any more time because before the day is over I think it will =
be much, much higher so now is your chance.
Posted 18 August 2017 - 06:55 AM
Here is what the host admins provided:
"I see no evidence that there was a recent leak. I reviewed server and account access logs, and see no successful connection attempts from unknown IP addresses. The server doesn't log every database connection, but the ability to connect to the database server is not easily available outside of connecting to the server hosting the databases first.
I also checked the dev server, and do not see evidence that there was a recent leak.
On both servers, I have run our malware scanner specifically on ALL gorc files (the scan runs nightly, but focuses on newly modified files), and the scans both came back clean.
In addition, I've changed database __________ on both servers, just as a precaution.
Based on the forum post, it does sound like a legitimate complaint. Based on Drupal security and permission settings, I don't see an opening for it to happen in Drupal or Civi interface.
GORC will be upgrading the forum once a new php version is installed that is also compatible with our current drupal site config.
GORC Board Member
Posted 18 August 2017 - 08:09 AM
Thank you for the reply. The good news is that to this day I still have only received the two emails above. Like I said, I only use the firstname.lastname@example.org email address for this site, but it looks like you've gone above and beyond to go through everything. Thanks again for fielding my inquiry.
Posted 22 November 2017 - 04:01 PM
I have gotten an email like this too.
It was from email@example.com
Hello Mr. CBB,
I'll get right to the point.
We know you love bikes.
We know you love bananas.
We know you love coffee.
You are under arrest for loving these things too much.
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users