"DirectAdmin Client Message" Email - Scam/Real?

This may sound harsh, but, if "server admins" even clicked the link, then that is very worrying imho.

Like, why would you click a link that has nothing to do with DA/JBMC anyway?
 
Peter Laws said:
This may sound harsh, but, if "server admins" even clicked the link, then that is very worrying imho.

Like, why would you click a link that has nothing to do with DA/JBMC anyway?
Click to expand...

Sure, but do not disregard the fact that it came from the newsletter list of DA which INCLUDED our first and lastname. Would you really expect that? No.

If it didn't include my first and last name, I would never have clicked anything.
 
Dlink Routers has taken actions too.

This is a known phishing site.

www.austinfosec.com.au

Why am I seeing this?
Your D-Link router's advanced DNS services feature prevented you from loading this page to protect you from potentially harmful sites.
Learn more about advanced DNS services.

What is phishing?
Phishing is a method that criminals use to steal valuable personal information from you, such as credit card numbers and passwords, by impersonating legitimate, trustworthy sites.
Click to expand...
 
Peter Laws said:
This may sound harsh, but, if "server admins" even clicked the link, then that is very worrying imho.

Like, why would you click a link that has nothing to do with DA/JBMC anyway?
Click to expand...

I clicked the link. The email included my full name, which I don't share with anyone - and when looking at the source, it clearly came from Direct Admin. But before clicking the link, I Googled the domain name and saw it related to security. So although it sounded unusual, all the other factors gave me enough reason to click on the link.

With that said, I'm on a Mac, so I have some natural protection there. Additionally, my anti-virus program blocked the page regardless.
 
Peter Laws said:
This may sound harsh, but, if "server admins" even clicked the link, then that is very worrying imho.

Like, why would you click a link that has nothing to do with DA/JBMC anyway?
Click to expand...

I did not know that server admin are perfect and never made mistakes.

If a web developper clicked on the link, that would be normal ?

All i mean is that people make mistakes, i proposed a solution to help, not a judgment based on the idea that server admin dont click on links from forged emails.

Sry for off topic.

Sky
 
I also got the email today . Luck me i use opendns and the site was instantly blocked.

I allready had a bad feeling bout it :D
 
Mark,

Thanks for the update and assurance in email. I was a little worried about them having my email/name but I wasn't too worried about the DA program itself.

Glad to see the change password link now, continue making a great product!

-Devon
 
Not my work

i have come here to say that this is not my work just to clarify
i never do such stupid things
Hope the Support team understand's
 
Peter Laws said:
This may sound harsh, but, if "server admins" even clicked the link, then that is very worrying imho.

Like, why would you click a link that has nothing to do with DA/JBMC anyway?
Click to expand...

To see what it actually does? ;)
It looked suspicious despite the content, or else we wouldn't be querying here in the first place. But what exactly is it? Curiosity might kill the cat but I figured I could trust NoScript to shortcircuit any malicious script.
 
I thing this is not a DirectAdmin vulnerability, I see that it's only related with some portion of the DA client area. We all use DirectAdmin and none of us do not have a hacked server so far. Also if you have antivirus software you do not infected, if not your computer might already infected before. Because if you use internet, you have to use antivirus software. Therefore it does not matter much. Then please help DirectAdmin and do not magnify this issue.
 
I scanned my computer with Trend Micro Online Free Scan, AVG, Malware Bytes, Avira, MS Security Essentials but it found nothing so i think i didnt had a vulnerable version of adobe or java. I am a little bit worried but i will backup everything twice for sure =]

ps. i opened the link because it didnt had any parameters in the url (stupid, i know)
 
Last edited:
The announcements mailing list is not on DirectAdmin's server, and was not compromised. Why would someone open the email? Because it did come from DirectAdmin.

One of our employee desktop systems did get compromised; we're running clamav on it now.

Jeff
 
can't change password

FYI, I can't change the password in my account:

Parse error: syntax error, unexpected ')' in change_password.php on line 28
 
Another mail from attackers:

Code: 
Delivered-To: [email protected]
Received: by 10.229.233.77 with SMTP id jx13cs27008qcb;
        Fri, 27 May 2011 11:38:03 -0700 (PDT)
Received: by 10.224.113.142 with SMTP id a14mr1756092qaq.269.1306521483588;
        Fri, 27 May 2011 11:38:03 -0700 (PDT)
Received-SPF: softfail (google.com: best guess record for domain of transitioning [email protected] does not designate 69.50.198.190 as permitted sender) client-ip=69.50.198.190;
Message-ID: <[email protected]>
Received: by 10.241.83.230 with POP3 id 38mf590643qyl.27;
        Fri, 27 May 2011 11:38:02 -0700 (PDT)
X-Gmail-Fetch-Info: [email protected] 3 data.pl 995 [email protected]
Return-Path: <[email protected]>
Received: from bbdns1.dnsx1.com.au [69.50.198.190] (HELO bbdns1.dnsx1.com.au)
 by data.home.pl [212.85.96.58] with SMTP (IdeaSmtpServer v0.70)
 id 10ee28a9318199b8; Fri, 27 May 2011 20:35:14 +0200
Received: from localhost ([127.0.0.1]:42906 helo=bbdns1.dnsx1.com.au)
	by bbdns1.dnsx1.com.au with esmtp (Exim 4.69)
	(envelope-from <[email protected]>)
	id 1QQ1sN-0007Ln-CB
	for [email protected]; Sat, 28 May 2011 04:35:11 +1000
Content-Type: multipart/mixed; boundary="===============1760523113=="
MIME-Version: 1.0
Subject: Cease and desist copyright infrigement!
To: Recipients <[email protected]>
From: Andrew Webber - Arizonakey.com<[email protected]>
Date: Sat, 28 May 2011 04:35:08 +1000
X-Mailer: sendmail
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - bbdns1.dnsx1.com.au
X-AntiAbuse: Original Domain - bochinski.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - arizonakey.com

You will not see this in a MIME-aware mail reader.

--===============1760523113==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Description: Mail message body

Dear Sir,

Attached is a list of the copyrighted material you are infriging on.
We are the proprietors of all copyrighted material that is being fringed up=
on on your companies webste.
We have reserved all rights regarding these trademarked files.
Permission was neither asked nor granted to reproduce our copyrighted mater=
ial, therefore what your company is doing constitutes infringement of our r=
ights. In terms of the Copyright Statutes, we are entitled to an injunction=
 against your continued infringement, as well as to recover damages from yo=
u for the loss we have suffered as a result of your infringing conduct.

In the circumstances, we demand that you immediately:

1. remove all infringing content and notify us in writing that you have don=
e so;

2. pay a licensing fee in the amount of 160,000 USD;

3. immediately cease the use and distribution of copyrighted material;

We await to hear from you by.

This is written without prejudice to our rights, all of which are hereby ex=
pressly reserved.

Yours faithfully,
CEO Andrew Webber
www.arizonakey.com


--===============1760523113==
Content-Type: application/msword
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="Document.doc"
 
You must log in or register to reply here.
Back
Top