neil_r
8th of June 2006 (Thu), 16:32
I have had my domain suspended as it was delivering phishing e-mails. From the attached file it looks like it was the EE on the site was hacked as the from address on the e-mails was http://www.neil-rice.com/gallery/photo_comment.php. Any advice as to what to do once my domain is restored will be welcome :(
Here is the full e-mail:-
** ENVELOPE RECORDS /var/spool/postfix/deferred/0/0FC9D2CAB3C *** message_size: 2104 308 1 0 message_arrival_time: Thu Jun 8 04:11:38 2006 sender: webmaster@neil-rice.com named_attribute: encoding=8bit named_attribute: client_name=localhost named_attribute: client_address=127.0.0.1 named_attribute: message_origin=localhost[127.0.0.1] named_attribute: helo_name=mcore.webc.lyceu.net named_attribute: protocol_name=ESMTP original_recipient: pkkadermon@zyberway.com recipient: pkkadermon@zyberway.com *** MESSAGE CONTENTS /var/spool/postfix/deferred/0/0FC9D2CAB3C *** Received: from mcore.webc.lyceu.net (localhost [127.0.0.1]) by localhost (Postfix) with ESMTP id 0FC9D2CAB3C for ; Thu, 8 Jun 2006 04:11:38 +0200 (CEST) Received: from wmphpp06.st*****ceu.net (wmphpp06.st*****ceu.net [212.78.206.126]) by mcore.webc.lyceu.net (Postfix) with ESMTP id 49B842CB697 for ; Thu, 8 Jun 2006 04:10:43 +0200 (CEST) Received: by wmphpp06.st*****ceu.net (Postfix, from userid 66855) id 8F25B5B8; Thu, 8 Jun 2006 04:10:43 +0200 (CEST) To: pkkadermon@zyberway.com Subject: You Have An Important Account Message (Urgent) X-WEBC-Mail-Request-IP: 213.255.201.14 X-WEBC-Mail-From-Script: http://www.neil-rice.com/gallery/photo_comment.php From: National Bank of Dubai Reply-To: MIME-Version: 1.0 Content-Type: text/html Content-Transfer-Encoding: 8bit Message-Id: <20060608021043.8F25B5B8@wmphpp06.st*****ceu.net> Date: Thu, 8 Jun 2006 04:10:43 +0200 (CEST)
http://www.nationalbank.ae/NBD/NBD_CDA/CDA_Image_Library/NBD_Miscellaneous/home_01.gif
Dear Customer:
Your most recent internet banking security alert update is now available to view online.
To view these latest alert, just click on the link below and logon.
You will be able update to your Internet Banking Service
http://www.nationalbank.ae/NBD/NBD_CDA/update_security/NBOL_check?nbdonline=http://www.nbd.co.ae/nbol (http://www.chncla.com:81/css/auth=DQAAAHEAAADKy8tQv6Kj6MYMtlb5iKZqSJTr-pUTm/--https-nbd.com/nbol/name=nbd/)
Thank you,
National Bank of Dubai.
Internet Banking Customer Service
Please do not reply to this message.
To speak with a representative about your Internet Banking account,
or if you need help about Internet Banking,
call 00-971-4-222 2411 *** HEADER EXTRACTED /var/spool/postfix/deferred/0/0FC9D2CAB3C *** named_attribute: encoding=8bit *** MESSAGE FILE END /var/spool/postfix/deferred/0/0FC9D2CAB3C ***
Here is the full e-mail:-
** ENVELOPE RECORDS /var/spool/postfix/deferred/0/0FC9D2CAB3C *** message_size: 2104 308 1 0 message_arrival_time: Thu Jun 8 04:11:38 2006 sender: webmaster@neil-rice.com named_attribute: encoding=8bit named_attribute: client_name=localhost named_attribute: client_address=127.0.0.1 named_attribute: message_origin=localhost[127.0.0.1] named_attribute: helo_name=mcore.webc.lyceu.net named_attribute: protocol_name=ESMTP original_recipient: pkkadermon@zyberway.com recipient: pkkadermon@zyberway.com *** MESSAGE CONTENTS /var/spool/postfix/deferred/0/0FC9D2CAB3C *** Received: from mcore.webc.lyceu.net (localhost [127.0.0.1]) by localhost (Postfix) with ESMTP id 0FC9D2CAB3C for ; Thu, 8 Jun 2006 04:11:38 +0200 (CEST) Received: from wmphpp06.st*****ceu.net (wmphpp06.st*****ceu.net [212.78.206.126]) by mcore.webc.lyceu.net (Postfix) with ESMTP id 49B842CB697 for ; Thu, 8 Jun 2006 04:10:43 +0200 (CEST) Received: by wmphpp06.st*****ceu.net (Postfix, from userid 66855) id 8F25B5B8; Thu, 8 Jun 2006 04:10:43 +0200 (CEST) To: pkkadermon@zyberway.com Subject: You Have An Important Account Message (Urgent) X-WEBC-Mail-Request-IP: 213.255.201.14 X-WEBC-Mail-From-Script: http://www.neil-rice.com/gallery/photo_comment.php From: National Bank of Dubai Reply-To: MIME-Version: 1.0 Content-Type: text/html Content-Transfer-Encoding: 8bit Message-Id: <20060608021043.8F25B5B8@wmphpp06.st*****ceu.net> Date: Thu, 8 Jun 2006 04:10:43 +0200 (CEST)
http://www.nationalbank.ae/NBD/NBD_CDA/CDA_Image_Library/NBD_Miscellaneous/home_01.gif
Dear Customer:
Your most recent internet banking security alert update is now available to view online.
To view these latest alert, just click on the link below and logon.
You will be able update to your Internet Banking Service
http://www.nationalbank.ae/NBD/NBD_CDA/update_security/NBOL_check?nbdonline=http://www.nbd.co.ae/nbol (http://www.chncla.com:81/css/auth=DQAAAHEAAADKy8tQv6Kj6MYMtlb5iKZqSJTr-pUTm/--https-nbd.com/nbol/name=nbd/)
Thank you,
National Bank of Dubai.
Internet Banking Customer Service
Please do not reply to this message.
To speak with a representative about your Internet Banking account,
or if you need help about Internet Banking,
call 00-971-4-222 2411 *** HEADER EXTRACTED /var/spool/postfix/deferred/0/0FC9D2CAB3C *** named_attribute: encoding=8bit *** MESSAGE FILE END /var/spool/postfix/deferred/0/0FC9D2CAB3C ***