Jump to content
Sign in to follow this  
bjameson@onetel.net.uk

Hacker activity via SpamCop

Recommended Posts

I'll go with that proper address as being admin at spamcop.net, but your situation needs to be explained a bit more ... and also pass on enough data so that Don (usually) can figure out who you are and the account in question (also noting that you haven't specified as to just what type of account you're talking about) Not sure just where the PIN number comes into play at all from what you said.

Edited by Wazoo

Share this post


Link to post
Share on other sites

Thanks for your reply. Should I post my ID and password here to give you more data? Sorry, bit of a novice. Am using Parter's computer on the same ISP to post this reply because every time I try to use IE6 on my PC, the firewall - ZoneLabs's latest - asks for permission to send my PIN. I can send the WhoIs report if required.

Share this post


Link to post
Share on other sites

oh geeze no .. this is a public forum ... you need to kick the note to admin [at] spamcop.net ... I'm just a user myself, trying to help out.

But I'm still not sure what the PIN number is that you're talking about, and not sure at all why you've mentioned a WHOIS .... I've got Zonealarm running on a couple of computers here, but I can;t think of any PIN number question coming up .. it's normally the question on allowing an application to access the net ...

Are you perhaps talking about an authorization code for your spamcop account? (not that this would clear up my ignorance of your Zonealarm /PIN number thing) ... just trying to get a handle on exactly what's happening there.

Share this post


Link to post
Share on other sites

Thanks Wazoo. I have posted my PIN to Zonelabs myVAULT [iDLock]. This prevents anyone sending my bank PIN from this machine without entering a password. The last four times I've tried to confirm a report of SPAMs that SpamCop has accepted, ZoneAlarm has asked me to confirm that I want it to send the PIN, even though I have not typed it in. "WhoIS" identifies the source of attempted intrusions it has blocked. It is "re-directed" from what appears to be one of SpamCop's IP addresses. After clearing the IE cache, I can use IE without ZoneAlarm asking me to confirm that my system should send the PIN, but only until I access SpamCop again. I now have four unconfirmed reports. SpamCop allows me to log on, but as soon as I attempt to confirm a report, it rejects me when I prevent ZoneAlarm sending the PIN. This suggests a hacker is using SpamCop to get back at me. I've had an e-mail from a Spammer telling me, "it's time [my e-mail account name] stopped this" in the Subject heading. In other words, a Spammer knows I reported him and has sent this "warning" to my e-mail address directly. The spam goes to a "ghost" list, bish[at]onetel.net.uk. I'll try e-mailing admin[at]spamcop.net.

Share this post


Link to post
Share on other sites

OK, I'm off to find out about the myVAULT thing ... new one on me, though I'm guessing that this isn't part of the "free" package ....????

I've no idea why there'd be a call for the PIN number to a SpamCop link .. unless there's some confusion about an authorization code that it thinks is also a PIN number ... (maybe after I do the research??)

Share this post


Link to post
Share on other sites

Wazoo, I've re-submitted both of the reports, received acceptances and confirmed them without any difficulties. The only problem is I've been unable to delete all of the unconfirmed reports. The "Delete unconfirmed reports" deleted two, but has left all of the others. I'm very grateful for your help. It appears the problem is solved. No doubt I'll receive more spam within the next 12 hours, so will be able to confirm that the problem is solved - as a result of your help.

Share this post


Link to post
Share on other sites

Well shucks ... OK, you're welcome ...

But, geeze, what did I do that solved it? I started a serch for "myVAULT" and was amazed that this is a pretty comon name for a bunch of different tools, then saw that ZoneLabs has their own support forum, and "myVAULT" did exist, although under a Category of "issues not found elsewhere" .... oooh, a real warm fuzzy feeling there <g>

And naturally, the first posting there was from a guy that was upset over the fact that after he'd programmed his PIN and account data into the thing, the alarms "weren't" going off .... I could tell I was in for some head scratching <g>

Then I come back here, and you're suggesting that I fixed it ...

It's going to be one of those days <g>

Share this post


Link to post
Share on other sites

The problem appears to be that SpamCop Tracking URLs you were using to complete the reporting of spam you emailed in, and which contain 42 seemingly-random hex digits, were bound to eventually contain your 4-digit PIN, as there are only 10,000 possible combinations of 4-digit PINs. If this problem should recur, I'd suggest temporarily disabling your MyVault protection while clicking on the Tracking URL.

Share this post


Link to post
Share on other sites

Duh! Thanks JeffG for the obvious. Hey, I should have been asleep at the time anyway <g>

Well shoot, after a re-read, I guess I did suggest this

unless there's some confusion about an authorization code that it thinks is also a PIN number

but obviously didn't carry on with the thought .. Yeah, I should have been sleeping <g>

Edited by Wazoo

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×