Stolen WHMCS DB Spammers - name and shame

[easyhosting]

and Matts seems to be taking action against WHMCS members who have been spamming using this data by revoking their licences

[Jbro]

Mother blah blah spammers Shame on you $^#$^#^@

[Peter M Dodge]

and Matts seems to be taking action against WHMCS members who have been spamming using this data by revoking their licences

Well, he should, you're basically trying to have your cake and eat it too, by using data stolen from the people you get your billing soft from. It would be like robbing the bank, and then going to the same bank and legitimately expecting them to deposit the money in your account.

[gromett]

We're discussing semantics here, but the original act of obtaining the data was the theft. The subsequent release of that data cannot also be theft - it's already been stolen. At that point it is both stolen and leaked - but only the act of leaking it brought it into the public domain (and into the hands of spammers).

I think it's pretty accepted that "leak" isn't a term limited to small amounts of data (see the US diplomatic cable "leak", or just wikileaks in general).

Agreed it is semantics... However, The data was stolen, it doesn't matter how many hands it passes through it remains stolen data not leaked data. Leaked has connotations of accidental or minor. The word stolen more accurately represents the truth here.

Leaked data to me infers that it was someone inside the organisation who released data by accident or deliberately but covertly. Such as government leaks etc.

I am angry about what these criminals have done and the word stolen carries more weight than leaked. Using leaked seems to take some of the impact away. For example which of the following more accurately relays your anger over the current situation?

AJ Online Services used leaked data to send emails to.....
AJ Online Services used stolen data to send email to.....

Just my opinion tho

[easyhosting]

Agreed it is semantics... However, The data was stolen, it doesn't matter how many hands it passes through it remains stolen data not leaked data. Leaked has connotations of accidental or minor. The word stolen more accurately represents the truth here.

Leaked data to me infers that it was someone inside the organisation who released data by accident or deliberately but covertly. Such as government leaks etc.

I am angry about what these criminals have done and the word stolen carries more weight than leaked. Using leaked seems to take some of the impact away. For example which of the following more accurately relays your anger over the current situation?

AJ Online Services used leaked data to send emails to.....
AJ Online Services used stolen data to send email to.....

Just my opinion tho

well it looks like the upstream provider for frogost.com has taken action and taken their siite down

[Peter M Dodge]

New spammer, out of SoftLayer. My abuse dept already reported them but you should as well if you got it.

Email follows:

Return-path: <[email protected]>
Envelope-to: [email protected]
Delivery-date: Tue, 29 May 2012 01:18:54 -0400
Received: from 50.97.184.171-static.reverse.softlayer.com ([50.97.184.171]:55356 helo=datamoneyservices.com)
by viridian01.vtelectronics.net with esmtps (TLSv1:AES256-SHA:256)
(Exim 4.77)
(envelope-from <[email protected]>)
id 1SZEoh-00057z-Nr
for [email protected]; Tue, 29 May 2012 01:18:54 -0400
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=default; d=onliveinfotech.co.in;
h=Received:To:Subject:Message-IDate:From:Reply-To:MIME-Version:X-Mailer-LID:List-Unsubscribe:X-Mailer-RecptId:X-Mailer-SID:X-Mailer-Sent-By:Content-Type:Content-Transfer-Encoding;
b=GfNM4Dek08lhuHuk+FSqqiM9E4cE7r19sLQELZ/AC83LWSSdG5dGFJjbNs2qN3M26GVOhtld6+rRJ9wGOaxlJM8as CDUnGT3KV2HN3nz9BT2eSrVU4T**h4VnxFok4aP;
Received: from onlive by datamoneyservices.com with local (Exim 4.69)
(envelope-from <[email protected]>)
id 1SZElK-00030d-Va
for [email protected]; Tue, 29 May 2012 01:14:30 -0400
To: [email protected]
Subject: Web Hosting Talk
Message-ID: <[email protected] o.in>
Date: Tue, 29 May 2012 01:00:19 -0400
From: "onliveinfotech" <[email protected]>
Reply-To: [email protected]
MIME-Version: 1.0
X-Mailer-LID: 266
List-Unsubscribe: <http://onliveinfotech.co.in/unsubscribe.php?M=5305425&C=22f29e0563870c496e3ea4 a617c67ad3&L=266&N=307>
X-Mailer-RecptId: 5305425
X-Mailer-SID: 307
X-Mailer-Sent-By: 28
Content-Type: multipart/alternative; charset="UTF-8"; boundary="b1_ba588e2548a4209132c270b3d027952e"
Content-Transfer-Encoding: 8bit
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - datamoneyservices.com
X-AntiAbuse: Original Domain - vtelectronics.net
X-AntiAbuse: Originator/Caller UID/GID - [517 514] / [47 12]
X-AntiAbuse: Sender Address Domain - onliveinfotech.co.in
X-Spam-Status: No, score=2.6
X-Spam-Score: 26
X-Spam-Bar: ++
X-Ham-Report: Spam detection software, running on the system "viridian01.vtelectronics.net", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email. If you have any questions, see
no for details.

Content preview: http://onliveinfotech.co.in/unsubscr...=266&N=307Your
email client cannot read this email. To view it online, please go here: http://onliveinfotech.co.in/display....07&L=266&N=157
[...]

Content analysis details: (2.6 points, 5.0 required)

pts rule name description
---- ---------------------- --------------------------------------------------
-0.0 SPF_PASS SPF: sender matches SPF record
0.0 URIBL_SC_SURBL Contains an URL listed in the SC SURBL blocklist
[URIs: onliveinfotech.co.in]
0.0 HTML_MESSAGE BODY: HTML included in message
1.8 HTML_IMAGE_ONLY_08 BODY: HTML: images with 400-800 bytes of words
0.7 MPART_ALT_DIFF BODY: HTML and text parts are different
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
0.0 KHOP_DYNAMIC Relay looks like a dynamic address
X-Spam-Flag: NO

--b1_ba588e2548a4209132c270b3d027952e
Content-Type: text/plain; format=flowed; charset="UTF-8"
Content-Transfer-Encoding: 8bit

http://onliveinfotech.co.in/unsubscr...=266&N=307Your
email client cannot read this email.
To view it online, please go here:
http://onliveinfotech.co.in/display....07&L=266&N=157


To stop receiving these
emails:http://onliveinfotech.co.in/unsubscr...d3&L=266&N=307

--b1_ba588e2548a4209132c270b3d027952e
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: 8bit

<html><head></head><body><pre><span style="font-size: medium;">Dear
Friends,

Just add your host,</span><br /><span style="font-size: medium;">Discuss
about new hosting, Hosting software and all about web hosting issue.
<br />Find more about Hosting at

<a class="moz-txt-link-freetext"
href="http://onliveinfotech.co.in/link.php?M=5305425&N=307&L=125&F=H">http://www.HostingTalk.in</a>

Hosting Talk
</span></pre><img
src="http://onliveinfotech.co.in/open.php?M=5305425&L=266&N=307&F=H&image=.jpg"
height="1" width="10"></body></html>

--b1_ba588e2548a4209132c270b3d027952e--

[HSc]

Here's one I just got yesterday. They called today to follow up.

I challenged Sonia on where they obtained my info and was told from a list they "obtained". I informed her their list was from a hacked source based on the Email it was sent to which is unique.

Also, these scumbags (allegedly) use WHMCS so I hope Matt takes whatever appropriate action he deems necessary. I have sent a full, uncensored copy of this with full mail headers to WHMCS Support via a ticket.

Their EMAIL:


FROM: Sonia Sahi <[email protected]>, <[email protected]>
SUBJECT: Ideas to eliminate bandwidth overage.

Hi XXXX,

I understand your company provides web hosting services and I also understand you’re always looking to increase performance of your business.

We help businesses deliver faster performance and eliminate overages by offering proximity hosting with unlimited bandwidth to XXXX based providers, like you. As well as off-site backup services.

I’ll give you a call this week to discuss what we can do for you.

Talk to you soon.

For more information visit our website www.amanah.com

Sonia Sahi
Account Manager
Amanah Tech Inc.
341-151 Front Street West, Toronto, Canada
Tel +1 416 603 9825 X1 | www.amanah.com
Go Unmetered - Save on Bandwidth

[xboss]

My phone has been ringing off the hook with a ton of new numbers, almost entirely business to business calls in regards to hosting add-ons, billing systems and security - and my info was NOT leaked. I think there is just some clever marketing people out there.

How do we knwo if our info got out or not. Didnt everybodys whmcs info get out?

[daz29]

How do we knwo if our info got out or not. Didnt everybodys whmcs info get out?

From what I understand, the whole database is out there, therefore - everyone's information would be included - another reason why I tend to stick to using PayPal for everything I purchase from online,

[easyhosting]

My phone has been ringing off the hook with a ton of new numbers, almost entirely business to business calls in regards to hosting add-ons, billing systems and security - and my info was NOT leaked. I think there is just some clever marketing people out there.

we use a number from flextel (free) for our business that directs to our phone/mobile, so if we get any of these constantly we just disable the number and get a new number