Jump to content

Strange webmail logon message


mshalperin

Recommended Posts

This should probably be moved to the lounge, as it is not directly email related.

That line is telling you the IP address that webmail saw you making a connection from the last time you logged in.

My bet is that you have one of the link tracker programs on your machine which proxy all of your web traffic through them.

Sometimes this is done on purpose to get the great deals they will sent you (usually in pop up ads while you browse), but most of the time it is because someone went to a site without adequate protection setting on their browser and an unscroupulous website decided to change your network configuration to track your every move.

There are a couple of different programs I use to clean this type of problem, both are free for home use. http://www.lavasoft.de/ will get you to Ad-aware. http://www.safer-networking.org/ will get you to Spybot-Search & Destroy. There are other similiar programs available as well.

Good luck and post back with your results.

Link to comment
Share on other sites

This should probably be moved to the lounge, as it is not directly email related.
My bet is that you have one of the link tracker programs on your machine which proxy all of your web traffic through them.

Thanks. I'm not sure how to move this topic. I have spyware programs (PestPatrol and ZoneAlarm) which don't show anything. However, on a hunch I checked my popup blocker - PopupDummy - which has switch to "Enable Adware Protection." When I DISABLE this option I login to webmail with an IP address (I assume to be from RoadRunner). ENABLING the "adware protection" brings back the 1800specialoffers.com. I don't know if this "feature" is an unscroupulous attempt to track me or a side effect of it's intended function, but I will investigate further.

Link to comment
Share on other sites

Moving the topic was aimed at one of the moderators. ou do not have that capability.

You have probably hit on the "problem". That popup blocker might be protecting you by having all messages route through their servers. I had never thought about how those work...always assumed a local lookup table type of system.

Link to comment
Share on other sites

Moving the topic was aimed at one of the moderators.

And his aim was good! <g>

Interesting anomoly, the source site for this software makes no mention of this "additional benefit" ... SpyChecker makes no mention of this on their listing page ... so the only suggestion I could offer is to go to http://www.dummysoftware.com/contact.html and make note that there seems to be something a bit fishy going on ....

Link to comment
Share on other sites

You have probably hit on the "problem". That popup blocker might be protecting you by having all messages route through their servers

Actually, it isn't PopupDummy - further testing after deleting it didn't get rid of the 1800specialoffers.com. There were some random logins without it which I prematurely interpreted as being related to the adware protection feature. I ran Spybot in addition to PestPatrol and deleted some other detected problems but this didn't help either...

Interesting anomoly, the source site for this software makes no mention of this "additional benefit" ... SpyChecker makes no mention of this on their listing page ... so the only suggestion I could offer is to go to http://www.dummysoftware.com/contact.html and make note that there seems to be something a bit fishy going on ....

I contacted them and got a quick response from the author (Kory Becker) who indicated that PopupDummy does't filter connections and has no relationship with 1800specialoffers.com. If it's spyware, the adware protection feature should help, not cause the probem. Whatever the source, I'm not finding it. Maybe I'll try Ad-Aware also (am I getting too obsessive?).

Moderator Edit: Based on data provided in Linear Post #24, this post was edited to correct data posted in error.

Link to comment
Share on other sites

Whatever the source, I'm not finding it. Maybe I'll try Ad-Aware also (am I getting too obsessive?).

You'll find that there are a number of tools out there, and they all do things a bit differently, find different things, etc. If AdAware (and remember to update the databases on all of these tools before running) doesn't come up with something, then the next suggestion may be something like HiJackThis ...

Link to comment
Share on other sites

What is the HOSTS file?

13609[/snapback]

I'm not sure of the connection made .. but the HOSTS file is a text file that Windows will look at .. it's normally used to block / redirect traffic during a DNS look-up .. If you are on a Windows platform, do a Find / Search for a file HOSTS.SAM which is the "sample" file provided by Microsoft. If you have made your own (or had some nice application along the way set one up for you) you will find a file named HOSTS (no file extension) ... This file is normally used to block traffic to certain locations ... and once again, Google has many answers and examples out there for you.

Link to comment
Share on other sites

Look in the C:\Windows Directory

or/and

Look in C:\WINDOWS\SYSTEM32\DRIVERS\etc

for a file calld hosts without an extension.

Open it up with notepad and let us know whats in there.

Not hosts.sam because that is a sample file. Just the one without the extension.

Link to comment
Share on other sites

for a file calld hosts without an extension
This is the complete contents of th HOSTS file. The file date suggests it hasn't

been altered since the initial installation of the system. (LMHOST.SAM gave a much more detailed explanation.)

____________________________________________________________________

# Copyright © 1993-1999 Microsoft Corp.

#

# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.

#

# This file contains the mappings of IP addresses to host names. Each

# entry should be kept on an individual line. The IP address should

# be placed in the first column followed by the corresponding host name.

# The IP address and the host name should be separated by at least one

# space.

#

# Additionally, comments (such as these) may be inserted on individual

# lines or following the machine name denoted by a '#' symbol.

#

# For example:

#

# 102.54.94.97 rhino.acme.com # source server

# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

___________________________________________________________________

I'm not sure what the above "localhost" refers to - I'm not connected

to any network other than the internet (through a Netgear router which

currently isn't connected to any other computer.)

Link to comment
Share on other sites

With the date identified and the contents listed, it would appear that you offered up the contents of the Hosts.sam file .. the 127.0.0.1 is Internet Protocol talk for "this computer" ... anyway, if this is the HOSTS file (again, apparently a direct copy of Hosts.sam), then as suspected above, this has nothing to do with your original issue. Back to running the other spyware / trojan checkers.

Link to comment
Share on other sites

I feel its appropriate to suggest downloading and installing Firefox and logging in (and back out and back in) to see if you get a different "last logged in from" message.

At the same time you may consider using Firefox as your main browser from now on (after you're done using it to test the current issue you're trying to fix).

How to switch from IE to Firefox.

Why use Firefox.

(my apologies if in the end this ends up that your issue was not caused by IE's security problems, but I'm betting that it is, and you can avoid them buy using Firefox as well as other software listed at the link in my signature below)

Link to comment
Share on other sites

  • 2 years later...
Actually, it isn't PopupDummy - further testing after deleting it didn't get rid of the 1800specialoffers.com. There were some random logins without it which I prematurely interpreted as being related to the adware protection feature. I ran Spybot in addition to PestPatrol and deleted some other detected problems but this didn't help either...

I contacted them and got a quick response from the author (Kory Becker) who indicated that PopupDummy does't filter connections and has no relationship with specialoffers.com. If it's spyware, the adware protection feature should help, not cause the probem. Whatever the source, I'm not finding it. Maybe I'll try Ad-Aware also (am I getting too obsessive?).

Hi guys, I just wanted to clear the record a bit: ww w. special offers. com has absolutely NOTHING to do with 1800specialoffers.com or other companies with "special offers" in the domain /return mailing address. I know it's easy to confuse them so no hard feelings; in fact I get many emails from people asking to be taken off the "list," even though I haven't sent an email in years.

Please use the contact form [at] ht tp:// ww w.special offers. com/co ntact/ for any question, clarifications or comments.

sincerely,

Landi Gjoni

Link to comment
Share on other sites

Hi guys, I just wanted to clear the record a bit: ww w.special offers. com has absolutely NOTHING to do with 1800specialoffers.com or other companies with "special offers" in the domain /return mailing address. I know it's easy to confuse them so no hard feelings; in fact I get many emails from people asking to be taken off the "list," even though I haven't sent an email in years.

Please use the contact form [at] ht tp://ww w.specialo ffers.com/co ntact/ for any question, clarifications or comments.

I fail to see where anyone made a mis-connection within this Topic/Discussion.

This actually looks like an attempt to spamvertise some other site.

Later Edit:

OK, these tired eyes finally noted that the connection was made in a reply made by yet another company about thier product .. crap .. even that isn't totally true ... it's an 'offered translation/snippet' from yet another un-seen e-mail between a forum user and another third-party application representative ....

Off to do some research to see if anyone can figure who might be lying, acting more confused than I, or has simply got their facts wrong .. geeze .....

Link to comment
Share on other sites

...I fail to see where anyone made a mis-connection within this Topic/Discussion....
I think the mshalperin quote given can be construed as (at least) an incautious bundling of the two. IME a "right of reply" exists.

[And I did a quick background check]

Link to comment
Share on other sites

PM sent:

http://forum.spamcop.net/forums/index.php?showtopic=2131 has some current dialog based on your text offered as a bit of communication between yourself and someone else. Time has gone by, but the issue remains ....

a typo on your part?

a lie by someone else?

something else going on?

It is noted that the "problem" was never addressed as being "cleared up" ....

Link to comment
Share on other sites

I fail to see where anyone made a mis-connection within this Topic/Discussion.

This actually looks like an attempt to spamvertise some other site.

Later Edit:

OK, these tired eyes finally noted that the connection was made in a reply made by yet another company about thier product .. crap .. even that isn't totally true ... it's an 'offered translation/snippet' from yet another un-seen e-mail between a forum user and another third-party application representative ....

Off to do some research to see if anyone can figure who might be lying, acting more confused than I, or has simply got their facts wrong .. geeze .....

I apologize if it seemed like I was advertising; it was not my intention--especially not on a spam fighting forum. The reason I decided to post was that, while the post says that the names are not connected, it's easy for the average person to make a connection. "Special__offers_com" or 1800_special_offers may seem the same to the average guy, and spam has negative connotations. I just wanted to clear that up.

Landi

Link to comment
Share on other sites

Forums, blogs, and such are the latest targets for both spammers and kiddies-with-scripts ... trying to stay ahead of all that leads to certain conditions .... your selection of a username caught my attention, seeing a new post to an 'old' Topic was another one of those sneaky ways the idiots try to sneak their spam in (not understandng that a new post bumps the Topic to the top of the list) .... read you post, read the Topic several times and didn't see the connection ... made the first call, went back to other things I had open .. came back and used tools ... thus leading to the follow-on actions ....

As noted, there was a typo/mis-copy involved, the anti-ware vendor intentionally mis-lead in that reply, or ..???

Worst case, having to admit that myself or the Moderators didn't catch that bit of data when it was posted .. for that I have to apologize .... one of us should have caight that bit of different data at the time ...

Intended action .. either edit the original post and/or follow-up with that vendor to see what's really being stated by them .... research first though ....

Link to comment
Share on other sites

I apologize if it seemed like I was advertising; it was not my intention--especially not on a spam fighting forum. The reason I decided to post was that, while the post says that the names are not connected, it's easy for the average person to make a connection. "Special__offers_com" or 1800_special_offers may seem the same to the average guy, and spam has negative connotations. I just wanted to clear that up.

Landi

I originally started this thread in July 2004 because I would get a message from the SpamCop Webmail site that I had logged on from "1800Specialoffers.com." I got the same feedback from other sites as well. It turned out to be due to my assigned static IP address having this as its reverse DNS listing (but no forward DNS listing for 1800Specialoffers.com). Presumably, this entity once used this IP address and didn't get cleared out of the reverse DNS. DNSstuff.com had that IP address listed as on one or more spam BL's under that name as well. I got a new IP address and this issue was resolved.

Link to comment
Share on other sites

I originally started this thread in July 2004 because I would get a message from the SpamCop Webmail site that I had logged on from "1800Specialoffers.com." I got the same feedback from other sites as well. It turned out to be due to my assigned static IP address having this as its reverse DNS listing (but no forward DNS listing for 1800Specialoffers.com). Presumably, this entity once used this IP address and didn't get cleared out of the reverse DNS. DNSstuff.com had that IP address listed as on one or more spam BL's under that name as well. I got a new IP address and this issue was resolved.

Thanks for closing the issue first raised .... but the current question deals with the data you provided in your Linear Post #6 ... specifically;

I contacted them and got a quick response from the author (Kory Becker) who indicated that PopupDummy does't filter connections and has no relationship with specialoffers.com.

most everywhere else, you used 1800specialoffers ....

The question is ... did you mistype, did the vendor lie/misdirect to you, is there yet more to the story ...???

Link to comment
Share on other sites

Thanks for closing the issue first raised .... but the current question deals with the data you provided in your Linear Post #6 ... specifically;

most everywhere else, you used 1800specialoffers ....

The question is ... did you mistype, did the vendor lie/misdirect to you, is there yet more to the story ...???

At the time it appeared to me that I didn't get the "logged on from 1800Specialoffers.com" message if I turned off an addware blocking feature of PopupDummy. On your advice I contacted the PopupDummy author who could see no connection. With more investigation, the association with PopupDummy settings was spurious - just random. There is no connection between 1800Specialoffers.com and PopupDummy or any other vendor.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...