Cemptiom

Members
  • Content count

    42
  • Joined

  • Last visited

Community Reputation

0 Neutral

About Cemptiom

  • Rank
    DDP Fan club member

Profile Information

  • Gender
    Male
  • Location
    US

Contact Methods

  • Website URL
    http://
  • ICQ
    0
  1. I'm an aspiring network admin at a small ISP. We manage about 60 highrise buildings. Each building has anywhere from 1 to 60 24 port switches, or some DSLAMs, or some coax gateways, with p2p radios on the roof, with a main router at a central building. I recently got an email from a guy working for SiteTruth that explains that there's phishing emails coming from a phony email address, but that the IP associated with the domain of the emails is one of ours. He goes on to say that a traceroute to the IP bounces around a bunch of our IPs before hitting the trace IP. I did the same traceroute and saw the same route he included in the email. So the route hits on about 60 of our IPs before hitting the target IP. We use dhcp for clients on our entire network and none of these IPs in the trace are associated with our equipment as all our equipment have excluded static IPs. So I'm wondering how I can cripple this phishing scam/botnet? with minimal effort. I have access to all our equipment. I could find the MAC of the offending IP on the router and track it down to a particular port on a switch in a building and shut off that port, but if the client has no idea he's part of a botnet and has no idea this is occuring than I'll have to re-enable the port as they are paying customers. Interestingly enough I've just performed the same tracert as I did a few days ago when I got the email and now there's only about 20 hops on our IPs before the target of the trace is hit. I'm guessing this is just due to us using dhcp. Any more info on exactly what's happening and how to deal with it would be much appreciated. I don't understand why there's so many hops between dynamic IPs on our network during a simple tracert, does that confirm a botnet?
  2. Learn to use photoshop? Or find a photoshop request subreddit if you're too lazy to do it yourself. There's tons of people that just photoshop crap all day for other people for free, I'm just not one of them.
  3. Now THAT is a good plan, thanks a bunch! Great ideas! We've only got about 20 people in our company so I'll suggest forwarding emails to gmail accounts. If management doesn't care to do so maybe I can at least forward my own emails. Going up by tier with a threat of blacklisting is genius though! *borat voice* Very nice high five!
  4. That's a good idea will do. If only we had a helpful apache engineer on these forums lol. This place seems kind of dead btw compared to a few years ago, what happened?
  5. It broke with the newer verion of IP.Board. We looked at fixing it or making a custom theme, but IP.Board doesn't make that easy for you! I'd contact the server admin and see if you get a response. It may be a compromised box. If not, is it possible to blacklist the IP block you've identified on your mail server? aw bummer that theme was cool. Yeah I was thinking about the blacklisting option, just wanted to see if there was something else I can do before having to do that. By server admin you mean whoever comes up on a whois search? I don't see a contact on the apache test pages.
  6. What happened to the cool black theme? I can't find a setting for it anywhere! Anyway I'm getting a bunch of spam from some illegitimate botnet or apache server because the domains are always super random and 'unsubscribing' seems to do absolutely nothing. I've started forwarding the emails to the FBI's spam detective services(I'm sure they'll get right on it). Anyway it seems that multiple people in the office are suffering from these pesky random 'enlarge your whatever' emails. So the email domain is always a random collection of letters such as unre.eu, unma.eu, aird.eu, galg.eu, etc An nslookup of these domains shows that many of them are in the same subnet, all residing in 191.101.45.x, another one is 181.214.55.x At any rate when I visit any of these IPs they lead to a CentOS Apache server test page. A tracert shows me that these domains are hosted by hostsailor.com, but where can I go from here? It'd be nice to gain root access to the apache server and see exactly how legit this all is(doesn't seem like it is at all). So correct me if I'm wrong but seems as though someone setup an apache server under a host that allows multiple IPs. Then this server is spamming the crap out of people. Blocking the sender in outlook does nothing since the server will generate a new source domain and use a new IP, and already has your email. So since the host is legitimate can I just bring this to their attention? Or is this completely allowed according to them? Is there anything I can do to mitigate the barrage of emails?
  7. my friends having problems with his mac, i think its a mac os x. i hate macs and know nothing about them so i thought i would ask, is there anyway to bypass the login in the beginning, i think he meant the one when you turn it on and it asks you for a pass to one of the accounts. thx
  8. thanks working now, i redownloaded and defragmented.yay
  9. I gotta say this is the worse one i've seen.. https://smhspogb.pvusd.k12.az.us
  10. oh yeah i forgot to include that when it does download and i try to open the installer an error message pops up called "Windows Installer" and says: This installation package could not be opened. Verify that the package exists and that you can access it, or contact the application vendor to verify that this is a valid Windows Installer package. i reinstalled and same thing. firewall is off. bad download?
  11. hey i recently reformatted and when i tried downloading the latest version of java runtime environmet which is version 1.5.0 from the url http://www.java.com/en/download/windows_xpi.jsp i get an error message when trying to open it after downloading it,the title is [JavaScript Application] and the content says: '" The installation of package http://java.sun.com/update/1.5.0/jre-1_5_0...indows-i586.xpi failed with -260 " and sometimes i get this message titled error: " Firefox could not download the file at http://java.sun.com/update/1.5.0/jre-1_5_0...indows-i586.xpi because: Signing could not be verified " I was just wondering if anyone else has gotten this crap.....and whats wrong?
  12. dont satellites orbit earth at several thousand miles per hour? i understand that sometimes its possible the satellite is moving at the same rate the earth is spinning, but live feeds seem improbable, and there is no maintenance on satellites, once their sent up they have to work for as long as they can, i donno it just seems like something that sometimes revolves around earth in a matter of minutes would have a hard time taking care of live feeds.... but i got to thinking about google earth, and they should do the same thing with other planets when they know enough about them and do the same, so you could look at mars or the moon like google earth looks at earth. the next version will be Google Mars!
  13. is there any setting like that for aim? and i believe the proper term is wurd. :voteyes: (hehe)
  14. well whenever i tried charging it like chaostic said it would just make a weird buzzing noise like it didn't like it, and i have no idea which polarity is which on this thing. they both look exactly the same!! i even tried hooking it up to 120vac and it still made the buzzing noise... but then again i don't remember if i tried it on the opposite way. but thanks d0p3d4n i'll try that. but if i cant charge it with a battery how is that different?
  15. yeah thats what we would do in my computer classes all the time(i had it last year), we have webSENSE at my school but if you search by google and get the exact url sometimes it wouldn't block it. and since all the compters were hooked together by lan we played stuff like http://www.soldat.pl/main.php the great part is everyone found out they could download stuff in a "Shared" folder on the network drive so we had good stuff like emulators and close to the end of the year i brought in my version of Unreal Tournament and i think its still there lol. We had logins to gain access to the drive but anyone could access the "Shared" folder. and i dont know about you guys but my school also uses a program call "Deep Freeze" which is a program that resets everything when the computer is restarted. if your school does this too when on the computer press and hold ctrl+shft+alt+f6 then release and a little window should pop up that says deepfreeze and asks for a password, heh thats the tricky part....if you get the password wrong 4 times the window closes :cuss: :pissed: P>S> hey i just noticed my library teacher looks kinda like :teeth: