This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/anti-abuse-wg@ripe.net/
[anti-abuse-wg] Someone on this list has been hacked
- Previous message (by thread): [anti-abuse-wg] Someone on this list has been hacked
- Next message (by thread): [anti-abuse-wg] Someone on this list has been hacked
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Michele Neylon - Blacknight
michele at blacknight.com
Thu Apr 14 13:23:22 CEST 2022
It’s one of the more recent tactics being used by the “lovely” scumbags. It’s happening against multiple public mailing lists both RIPE and LINX ones so far .. probably others -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ https://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 From: anti-abuse-wg <anti-abuse-wg-bounces at ripe.net> on behalf of Rob Evans <rhe at nosc.ja.net> Date: Thursday, 14 April 2022 at 09:19 To: Hans-Martin Mosner <hmm at heeg.de> Cc: anti-abuse-wg at ripe.net <anti-abuse-wg at ripe.net> Subject: Re: [anti-abuse-wg] Someone on this list has been hacked [EXTERNAL EMAIL] Please use caution when opening attachments from unrecognised sources. Hi Hans-Martin, > looks like someone on this list had their PC and/or mailbox hacked, I got a "reply" to one of my mails trying to make me open some link (probably malware). This stuff is pretty common, but it feels a bit weird that it happened through someone who's active in anti-abuse and presumably not a noob :-) I received a similar message on Monday supposedly ‘in reply to’ a message I sent to the list nearly two years ago. It may not be a list subscriber’s mailbox that has been hacked, it may just be using a public archive of the list. Whilst the “real name” in the From: field was indeed the person I was replying to at the time (Suresh), the sender’s email address did not match the name. In my case the spam message originated from: > Received: from beatingart.com ([62.113.107.99]) The sending IP address matches the SPF record for beatingart.com and from a quick check doesn’t seem to be on the major block lists, so it could well be a user in that domain has been compromised via phishing or some other means… I must admit I had just deleted the message at the time, but perhaps worth following up with <abuse at ionos.com>, assuming your message matches the details of mine. Cheers, Rob -- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://mailman.ripe.net/ -------------- next part -------------- An HTML attachment was scrubbed... URL: </ripe/mail/archives/anti-abuse-wg/attachments/20220414/8801e573/attachment.html>
- Previous message (by thread): [anti-abuse-wg] Someone on this list has been hacked
- Next message (by thread): [anti-abuse-wg] Someone on this list has been hacked
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]