0vercat

Lost all the emails in my Inbox

11 posts in this topic

OK this is a little involved, and Im all things new - newbie - noob -

My brother hosts a site / domain and has let me have an email for some time now.

We recently had a falling out and I immediatly started looking to establish a new email account or two, and utilized the forums here to get that done.

Got two, and am very grateful for the assistance.

I went to check my email (the one my brother hosts) low and behold my entire inbox had been deleted, and so had the trash.

I asked him if he did it. He claims not to have.

The thought occured to me that since Im new and Im honestly trying to learn all that I can here; that I may have been messed with as a result of posts here and or in irc. I have no problem with that, or suffice it to say that I expect that has to happen at some point - its the dues - thats how you learn or certainly part of the process.

I really would like to find out though if my brother did that - for peace of minds sake. And perhaps as a result learn how to look for "footprints" (excuse the term please if thats not the right one) in my machine to see who did what when.

Im going to post a seperate topic for general security so I can start to get a clue.

Thanks as always for this environment.

Overcat

0

Share this post


Link to post
Share on other sites

If your brother hosts the mail, short of rooting his account, you won't get any information about your mail. He probably deleted it just as well. If he runs the mailserver through a company (say he's got web hosting somewhere and gave you an account), you could try social engineering your way into his account through their Tech Support.

0

Share this post


Link to post
Share on other sites
If your brother hosts the mail, short of rooting his account, you won't get any information about your mail.  He probably deleted it just as well.  If he runs the mailserver through a company (say he's got web hosting somewhere and gave you an account), you could try social engineering your way into his account through their Tech Support.

Thanks tehbizz

To get a grasp though... could this have occured as a result of my ignorance about security "through my machine" or is it isolated logically to have occured only through access to the root of the email hosted site?

Hope that made sense.

0

Share this post


Link to post
Share on other sites

If you're asking if someone on these forums deleted your mail, I'd say that "no" is a very safe bet. I don't know your brother, but the most logical conclusion that I can come to is that he deleted your mail.

Are you using an email client like MS Outlook or Mozilla Thunderbird? You might have deleted something you shouldn't have and lost your local copies of the mail. If you can, try accessing your inbox through a web-based client like CPanel, or whatever. Sometimes, messages will be stored on the server after they are downloaded, and they might still be available.

0

Share this post


Link to post
Share on other sites

Its gone. Live with it.

OK this is a little involved, and Im all things new - newbie - noob -

My brother hosts a site / domain and has let me have an email for some time now.

We recently had a falling out and I immediatly started looking to establish a new email account or two, and utilized the forums here to get that done.

Got two, and am very grateful for the assistance.

I went to check my email (the one my brother hosts) low and behold my entire inbox had been deleted, and so had the trash.

I asked him if he did it. He claims not to have.

The thought occured to me that since Im new and Im honestly trying to learn all that I can here; that I may have been messed with as a result of posts here and or in irc. I have no problem with that, or suffice it to say that I expect that has to happen at some point - its the dues - thats how you learn or certainly part of the process.

I really would like to find out though if my brother did that - for peace of minds sake. And perhaps as a result learn how to look for "footprints" (excuse the term please if thats not the right one) in my machine to see who did what when.

Im going to post a seperate topic for general security so I can start to get a clue.

Thanks as always for this environment.

Overcat

0

Share this post


Link to post
Share on other sites

Overcat, security on your local machine had nothing to do with the emails on the remote server. I would say your instincts (or gut feelings, whichever you prefer) are right. It was probably your brother, as some sort of "revenge" for whatever falling out you describe. While it's possible an intruder deleted the emails, I would say it's less than a one in hundred thousand chance, as a guess.

A. I don't see anyone doing it first of all.

B. It's pointless to delete emails from an acct, even if you were accessing it illegally.

C. The timing of this reeks of the disagreement you describe causing your brother to do it.

Hope he made a backup, feels bad eventually, and gives em to you. :(

0

Share this post


Link to post
Share on other sites

Hmmm.. No one mentioned this yet so I figured I'd bring it up...

Could you let us know how it is you check your mail? If you use something like fetchmail, then it's entirely possible that in checking your pop3 mail, you recieved them all, and they were simply flushed (deleted) from the pop3 server.

Just something to consider :)

-Dr^ZigMan

0

Share this post


Link to post
Share on other sites
Hmmm.. No one mentioned this yet so I figured I'd bring it up...

Could you let us know how it is you check your mail?  If you use something like fetchmail, then it's entirely possible that in checking your pop3 mail, you recieved them all, and they were simply flushed (deleted) from the pop3 server.

Just something to consider :)

-Dr^ZigMan

I check my mail through Internet Explorer. But I'd never had a problem even after reloading Windows on my laptop my Inbox was still Intact.

I took tehbizz's advice and managed to get copies of the log files and I did it 100% honestly. (that's just for me)

I made a time line and found that if I had the logs of a 24 hour period it might show me at least if the deletions or downloadings to Outlook or Eudora from a 3rd party PC were sparatic.

My gut does say my brother did it, but I feel like this joke I just heard:

"A woman is like a Cop, she can have all the evidence in the world but still wants the confession"

So I got the log files - and Im not trying to beat a dead horse now so much as take a stupid unfortunate situation by the hilt and learn something cool from it!

Is there a way I can post them here so that I don't devulge any info that might harm me or my brothers emails etc? For example if I altered the email names to protect the parties - will the numbers be too revealing even then security wise?

There are only maybe 10 lines of code/log files - which is making me think that my brother did'nt forward all of them to me.

I had to have them sent to his email and then asked him to forward them to me; which he did.

I requested a 24 hur period from 330pm 9/21/05 to 330pm 9/22/05

But theres 10 lines and 150 emails were eaten.

May I post them for a learning experience? Safely if possible -

thanks alot for the guidence either way

Overcat

0

Share this post


Link to post
Share on other sites

Well, I can tell you offhand that any log someone else has seen can be comprimised. What you would have needed was access to the machine, and looked for things like when the file was last altered etc...

Him sending you a few lines of log may be in goodwill, and the log may be unaltered and intact. It may not be though. Not trying to stir the pot man, but you really can't know for hundred percent sure.

0

Share this post


Link to post
Share on other sites
Well, I can tell you offhand that any log someone else has seen can be comprimised. What you would have needed was access to the machine, and looked for things like when the file was last altered etc...

Him sending you a few lines of log may be in goodwill, and the log may be unaltered and intact. It may not be though. Not trying to stir the pot man, but you really can't know for hundred percent sure.

Actually that was my thought exactly. I think that if someone looked at it who knew what they were reading would be able to determine if he just filtered what he wanted, cutting off a piece thinking I don't have access to a small army of people "without" headwounds LOL (that also have expertise)

I'm mostly just curious at this point. Burningly so really. I don't even care that he'd do it because as crappy as family gets I can always pick a better one next time 'round ;) lol

It's just for knowing and for a bit of knowledge I did'nt have before something broke.

When I can I'll edit it to remove personal info and post it in here; I'll check here before I post too in case soemone knows that I should'nt include X or Y for some reason.

Thanks again :)

0

Share this post


Link to post
Share on other sites

Below Im posting the logfiles I requested from the Hosting Service, which were 1st passed to my brother, then to myself.

The items I altered ahould be obvious - like for my brothers email I put MY@BROTHER.COM etc.

Im just looking to see, from the point of view of someone who knows how to read these, If I in any way received what I requested, which was:

-- A log of my accounts activity for the 24 hour period starting at 3:30pm 9/21 through 3:30pm 9/22

I understand that I may never know 100% what happened and have gotten new email accounts so as to avoid at least "this" problem in the future.

Also I did not know that with a POP server I should not leave the emails on the hosters site, which I had been doing. But Im new and am learning - whats odd to me about that is had I done that I'd have lost all my emails when I recently lost my laptop to a power spike - not having any backup files (which I'm also working on)

Thanks for the input on this - always a learning experience.

Overcat

........................................

From: support@HOSTER-hosting.net

To: MY@BROTHER.com

Sent: 23 Sep 2005 12:49:03

Hello ,

Here are the log files you requested:

Sep 22 10:13:52 mmm1104 sendmail[77281]: j8MEDq1P077281: Authentication-Warning: mmm1104.HOSTER-web.com: webapps set sender to OVER@CAT.com using -f

Sep 22 10:13:52 mmm1104 sendmail[77281]: j8MEDq1P077281: from=OVER@CAT.com, size=361, class=0, nrcpts=1, msgid=<200509221413.j8MEDq1P077281@mmm1104.HOSTER-web.com>, relay=webapps@localhost

Sep 22 10:13:52 mmm1104 sendmail[77281]: j8MEDq1P077281: to=MY@BROTHER.com, ctladdr=OVER@CAT.com (149/149), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30361, relay=mail-fwd.HOSTER-web.com. [161.58.16.34], dsn=2.0.0, stat=Sent (2-0681788432 Message accepted for delivery)

Sep 22 10:47:26 mmm1104 sendmail[88113]: j8MElQS9088113: Authentication-Warning: mmm1104.HOSTER-web.com: webapps set sender to MY@SISTERINLAW.com using -f

Sep 22 10:47:26 mmm1104 sendmail[88113]: j8MElQS9088113: from=MY@SISTERINLAW.com, size=1391, class=0, nrcpts=1, msgid=<200509221447.j8MElQS9088113@mmm1104.HOSTER-web.com>, relay=webapps@localhost

Sep 22 10:47:27 mmm1104 sendmail[88113]: j8MElQS9088113: to=MY@BROTHER.com, ctladdr=MY@SISTERINLAW.com (149/149), delay=00:00:01, xdelay=00:00:01, mailer=relay, pri=31391, relay=mail-fwd.HOSTER-web.com. [161.58.16.34], dsn=2.0.0, stat=Sent (1-091321446 Message accepted for delivery)

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now