Do you know a Hacker? Read here

[Administrator]

Do you know someone who has the skills to trace IP's and routing and do all kinds of things only certain amazingly brilliant computer networking guru's can do? Do you know someone who could do all kind of bad things with their powers?

Someone has been sending out thousands of spam emails spoofing our email address. On the email they're linking to HairlossTalk. This is resulting in our server and website getting mass blacklisted on all the spam servers out there. Soon it will result in our server being completely cut offline for good. My personal feeling is that someone at Procerin is responsible for this because it all started after our procerin article shot to the top of Google, and I got some emails from the owner of Procerin.

We have contacted the FBI about it and they're looking into it, but we would like some local assistance as well. We need someone who really knows their stuff. We would be glad to pay for their time. But dont send someone who isn't an absolute guru.

The challenge here is finding where its originating. We have no intention of doing anything malicious back.

If you know someone, please contact me via private message here on these forums. Be prepared to prove your intentions are good and you can be trusted.

Admin

 

[Guest]

I don't know anyone, but in the last couple of months I have not been able to access HairLossTalk.com for a couple of days at a time, this has happened at least three or four times that I am aware of, I can get to everywhere else I crawl around, hotmail, google and so on, but HairLossTalk.com just returns a error message, I am in the UK and using BT (British Telecom) as my ISP. I hope this is some help.


Ty

 

[Administrator]

Tynan, its very important to document the error. Do you remember what it says?

And we're fully aware who is responsible. If its Ken, I dont know why he's doing it. But its more likely Procerin.

Go to google and type in Procerin, and look who comes up # 1 out of 60,000 results. Our article outing them.

The attacks came less than a week after the owner of Procerin and I had some words by email. Its no coincidence.

 

[Guest]

Admin, I can't remember the error message that came up, but if/when it happens again I will grab the message for you, I emailed HairLossTalk.com when it last happened and I may of pasted the error message into that email, so he could have it.

After being 'locked out' for around 36-48 hours, when I did manage to access the site I noticed that others from the UK (Zimmy and someone else I forget) had been able to access the site in that time, but I know others could not because a few posts went up on Hairsite to the effect of "HairLossTalk.com has gone down"


hope this helps

Ty

 

[blue]

Admin,
im with Ty on this one sometimes usually early in the morning your website is unable to be found.I dont know if this is because of the hacker but i have that problem aswell.Once i could nto get on for a whole day.

 

[Administrator]

No the server has been taken offline several times in the last month thanks to those jerks. So if this was happening prior to June, let me know, if not you probably just hit it when it was down a few times.

Admin

 

[elguapo]

Admin,

Wish I could help, but I can't because I don't know anybody. But I just want to say, and I believe I speak on behalf of ALL of us, that you cannot, repeat CAN NOT take our HairLossTalk.com away from us!!!

Why don't we come up with a list of things to do to put procerin out of business? That's my answer.

 

[The Gardener]

Yep. I think we should fight fire with fire. It is time for "info@procerin.com" or whatever email address they use to handle customer service to inquire into possible v**** orders, male penis enhancement, home refi's, software to 'steal their passwords', and to sign up for Los Angeles traffic alerts. I'll set the sensitivity on the alerts to "minor hazards" level... they'll be getting sh*t every ten seconds. Use a fake hotmail address to gather spam, and sign up "info@procerin.com" for everything. They like spam... we'll give 'em spam! f*** those f*****g prickfucks. There are few things on this planet that really set me off. Taking advantage of men with hairloss to bilk them of their money is one of them.

 

[incognito]

HairLossTalk.com, I am a networking guru and know all about traces and stuff like that. Also have a strong unix background, but don't know any C++ that would allow me to do anything "powerful". If I can help let me know.

 

[Bismarck]

I'm a C++ programmer but I think that wouldn't help at all. If you are really confronted with professional spammer I don't see a big chance to catch them on your own. I remember amazon.com was often down because of attacks and it took a long time to hunt them down although I guess amazon has much more powerful ressources than HairLossTalk.com.com. And I don't recommend to fight fire with fire since you will be responsible for that as well. Perhaps any user here is working for the NSA they won't have a problem to locate the spammers.

 

[Administrator]

What we are a victim of here is called a "Joe Job".

Basically someone finds a server ... anywhere ... in the world that they can send emails from, and they spoof the email address.

Then they send out thousands of emails and make it look like it came from "shop@hairlosstalk.com". They made sure to put spam trigger words like "buy" and "propecia" and even the word "Spam" into the subject line.

This results in all the spam engines out there, and the internets main spam hubs like spamcop.net being alerted that "shop@hairlosstalk.com" is spamming millions of people.

To make it even more incriminating, the content of the email contains a link to our site. In fact to our store. This makes it look even more like we are doing it.

The result? We get blacklisted all over the internet. Any emails we send to our customers, or to you, end up getting routed to a trashbin instead of to your inbox. When we send our newsletter out to 10,000 subscribers, nobody ends up getting it. That is their goal. Even worse? Our ISP has accused us of lying. Telling us that we really are the ones sending out the emails. They've threatened to take us offline for good if we don't stop. Meanwhile some jackass in toledo ohio with zits on his face and no life, just has to hit the button again and we're gone. If any of you work with Interland - a word of advice, cancel your account now. I've never been treated as poorly by an ISP in my life. Ive had to pay almost $1,000 out of pocket just to have a security assessment done on the server, and the rest was lost in "lost sales" due to them taking me offline for no reason. Someone had hacked into our server and was doing port scanning on other interland servers as well.

The other reason I think Procerin is behind this, is because these emails were originally linking to the "Generic Propecia" Page on our store. We then modified the page to have a warning about Procerin saying "Stay away from Procerin its a fraud" (something to that effect).

Next thing I know, the emails were no longer linking to that page. They suddenly were linking to our home page. I think its pretty obvious that they didn't want people seeing that warning. I think that establishes very clearly who is doing this. There's always a chance I could be wrong.

I emailed CJ Mongomery, the mastermind behind Procerin and plainly stated "What is it going to take for you to call the dogs off?". I would rather bite the bullet and pull the anti-procerin article if it means the harassment stops. If that's what he wants, Im giving him the opportunity to just tell me. I'll do it.

He hasn't replied. Obviously replying will incriminate him. But I don't know what else to do.

Admin

 

[Administrator]

This is one of the servers they were sending the emails from:

inetnum: 203.59.0.0 - 203.59.255.255
netname: IINET-AU
descr: iiNet Technologies Pty Ltd
descr: Letter Box One, 105 St Georges Tce
descr: Perth
descr: WA 6000
country: AU
admin-c: IH207-AP
tech-c: IH207-AP
remarks: ** Conversion note - reference 'IH207-AU' changed to 'IH207-AP'
remarks: Record imported from AUNIC as part of AUNIC->APNIC migration
remarks: Please see http://www.apnic.net/db/aunic/
mnt-by: MAINT-AU-IH207-AP
changed: nobody@aunic.net 19930101
changed: nobody@aunic.net 19990513
changed: aunic-transfer@apnic.net 20010525
status: ALLOCATED PORTABLE
source: APNIC

person: iiNet Hostmaster
address: iiNet Limited
address: Level 9, 250 St Georges Tce
address: Perth
address: WA 6000
phone: +61 8 9214 2222
phone: +61 8 9214 2211
e-mail: hostmaster@iinet.net.au
nic-hdl: IH207-AP
remarks: Hostmaster
remarks: This data originated from AUNIC, and was copied as part of
remarks: the AUNIC to APNIC migration. http://www.apnic.net/db/aunic/
remarks: Original nic-hdl in AUNIC: IH207-AU
mnt-by: MAINT-AU-IH207-AP
changed: nobody@aunic.net 19990403
changed: nobody@aunic.net 20000125
changed: aunic-transfer@apnic.net 20010523
source: APNIC

When I lookd up the company name: iiNet Technologies Pty Ltd This is what I found (do a text search on the page for the company) http://www.src.co.jp/spam/2004/02/NoPTRE20040216.html note the title of the page IP list which have no PTR record.

Dont know what that means.

 

[Administrator]

Here is the email that was being sent out last month
----------------------------

[ Offending message ] Return-Path: Delivered-To: x Received: (wp-smtpd smtp.wp.pl 7041 invoked from network); 16 Jun 2004 08:27:53 +0200 Received: from unknown (HELO yahoo.com) ([200.30.105.115]) (envelope-sender ) by smtp.wp.pl (wp-smtpd) with SMTP for ; 16 Jun 2004 08:27:53 +0200 Received: from unknown (HELO smtp4.cyberemailings.com) (139.144.57.202) by mail.naihautsui.co.kr with local; 16 Jun 2004 00:27:51 -0900 Received: from relay-x.misswldrs.com ([124.241.154.15]) by smtp-server1.cfdenselr.com with NNFMP; Tue, 15 Jun 2004 15:24:19 +1100 Received: from unknown (HELO rly04.hottestmile.com) (73.190.187.181) by relay-x.misswldrs.com with QMQP; 16 Jun 2004 02:20:47 +0500 Received: from unknown (HELO mail.gimmicc.net) (134.156.148.201) by mx03.listsystemsf.net with smtp; Wed, 16 Jun 2004 07:17:15 -0100 Message-ID: <2347______________________8730@propeciatipnvjqo> Reply-To: "Generics4Less" From: "Generics4Less" To: Subject: [SPAM] Buy Generic Propecia! Date: Wed, 16 Jun 2004 07:57:17 +0200 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_A6E_347D_036CD048.63569E20" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 X-AntiVirus: skaner antywirusowy poczty Wirtualnej Polski S. A. [wersja 2.0c] X-WP-AntySpam-Rezultat: TAK-SPAM This is a multi-part message in MIME format. ------=_NextPart_A6E_347D_036CD048.63569E20 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable ------=_NextPart_A6E_347D_036CD048.63569E20 Content-Type: text/html; charset="us-ascii" [ This spam was encoded base64. Normal text is below. ]


GeNeRiC version of Propecia that is way cheaper. No more doctor visits, delivered at your door. The cheapest and best!

Order now!


This is not SPPAM. You agree to receive emails from me when you visit my FFA links

To remove go here: http://james.webspace4free.biz/dutasteride/remove.htm

historic elder Chernot kellie distort eddings strut carmel

---------------------------
Anyone wanna try and decode that last line? It probably says "FU!!!! Procerin is going to bring you down HairLossTalk.com!" or something ... really spooky.. like that.

Admin

 

[Axon]

It never ceases to amaze me.....the sh*t that goes on.

HairLossTalk.com, I'd like to thank you, again, for having this site and keeping it going in lieu of all the insane crap that you have to deal with. You're the man.

 

[Administrator]

Honestly, its no big deal. Comes with the territory.

You know how you walk around and run across, maybe, 15 people during the day and see that one annoying freak who is just obnoxious to people around him, or says something loud that is totally inappropriate and you think... "there are some real nutjobs out there"

Imagine how many you'd run into when you run a shop that has 150,000 people visiting it every month

 

[Axon]

Still, we appreciate it.

 

[Cassin]

No doubt. This site has helped me more than I can possibly fathom.

I would be knee deep in shrink bills without it.

 

[Administrator]

Axon - thanks for the comments. On that note, check out this email some guy sent me today. Human beings really make me ill sometimes.




-----Original Message-----
From: Kevin S. Wilson
Sent: Wednesday, July 21, 2004 9:57 PM
To: news@hairlosstalk.com
Subject: RE: Subject: Buy Hair Loss Products!

On 21 Jul 2004 at 18:12, HairlossTalk News wrote:

> 1. We didn't send this email. Someone spoofed it as us. If you look
> at the headers you will see it did not even come from our server.

Gee whiz, what a novel idea. A spammer sending spam from a server different from his own e-mail server. Around 1995, that might have been unusual.

Now, why would someone be wanting to spoof you in a spam run?
Is the hair-loss biz that competitive? You sent the spam and you know it. Please don't piss on my shoes and tell me that it's raining.

> 2. Where did you get all the other email addresses on our server.
> For instance, how did you know we even had a "photogallery@hairlosstalk.com"
> email address in existence, for you to carbon copy your email to?
> Just curious...

You might want to look at your own web site from time to time, dumb-***. All of those addresses are there. Odd thing, though. Mail sent to those addresses bounces as being undeliverable. Something about "this address no longer accepts email." Must be tough to be a spammer who can't receive e-mail replies, no?

> The mail is undeliverable because we had to
> delete all our email addresses and start over because
> these guys were spoofing them. We couldn't correspond
> with our own users or customers. We also had to get a new
> server because the existing one was hacked to hell.

By the way, are you aware that you are violating federal law by spamming? And are you aware that I can sue your sorry *** under state law for $1000 per incident? How about the fact that you are violating the contract you entered into with your ISP and your web host? What in the blue-eyed froggy world makes you think anyone would do business with someone who willfully violates federal and state law while also violating the contracts he's entered into with his service providers?

Kiss your web site goodbye.

 

[Axon]

Even with a valid e-mail addy given to this site, I've yet to recieve a single piece of spam e-mail. Go figure.

And yes, if you're selling a product that costs $5 to create for a 300% markup, you're talking liveable income if the product sells. So it is that competitive, in a sense.

 

[Administrator]

Even with a valid e-mail addy given to this site, I recieve no spam. Go figure.

It definitely would seem odd that nobody on our internal mailing list got the emails, wouldn't it? Good point.

And yes, if you're selling a product that costs $5 to create for a 300% markup, you're talking liveable income if the product sells. So it is that comptetitive, in a sense.

Exactly what Procerin is doing, and exactly why they are pissed off right now about the expose article we did on them. Im glad to see our users are capable of basic logic.

Admin