பாயும் வேகம் ஜெட் லீ தாண்டா
பன்ச் வெச்சா இட்லி தாண்டா
Rated PG - for Pseudo-DK, DMK, Liberals, Marxists....
ஊர்ல சொல்றது சொலவடை
உண்மையைச் சொல்றது இட்லிவடை

Friday, October 26, 2007

எனக்கு வந்த மெயில் இது தான்

From: holyox@gmail.com [mailto:holyox@gmail.com]
Sent: Friday, October 26, 2007 12:34 PM
To: idlyvadai@gmail.com
Subject: Please read this (About Gnani)

Dear Idlyvadai,

I start a topic about Gnani in Orkut community. There alot of our friends
share their opinions without any caste feelings. So please read and write
a post then add their main points to your post.

Please login and read. Orkut also gmail web same as like blogger. We can
login through our gmail account.

http://www.orkut.00bp.com/Community.aspx.cmm=2160605.html

Anbudan,
Selvan

11 Comments:

Anonymous said...

உங்கள் பாஸ்வேர்டை சுட்டது டாலர் செல்வனா? :-(

Anonymous said...

who is dollar selvan?

செல்வன் said...

Idlyvadai

Shocking.I DID NOT SEND THAT MAIL.I got the same mail in manjoor rajas name.Thankfully I did not join that community.

IdlyVadai said...

செல்வன் எனக்கு தெரியும். மற்றவர்களுக்காக இந்த மெயிலை போட்டேன். உஷாராக இருப்பதற்காக. உங்களை சங்கடபடுத்துவதற்கு இல்லை.

Anonymous said...

everybody should login to this URL and give correct user Id and some 5-6 wrong passwords. let those bastards try with them.

Anonymous said...

பேசாமா எல்லாரும் holyox@gmail.com முகவரியை hack செய்யலாம்.

சீனு said...

எப்படி திரும்பப்பெற்றீர்கள்?

சீனு said...

எப்படி திரும்பப்பெற்றீர்கள்?

Praveen said...

Oh, Jeez! Never enter password on a page that uses HTTP protocol without SSL (HTTPS). Always take a quick look at the address input box to ensure that you have 'https://' prefix in the address before you enter password. How lame! Anyway, be careful in the future.

Tamil KeyBoard said...

The person behind the attach is pathivan@gmail.com ,The site which helped him/her is http://www2.fiberbit.net/form/mailto.cgi
and the site is hosted in Japan.

Praveen said...

I am not sure how "TamilKeyboard" arrived at the information that he had published above. I am not going to try to find who initiated this attack. I just wanted to find more about the infrastructure used in this. Here is what I have seen.

The domain used in this attack "00bp.com" is registered by SharedGroup, LLC from Las Vegas. I am sure that this is not the original name of the registrant.

Registrant:
ShareGroup, LLC
P.O. Box 27740
Las Vegas, Nevada 89126
United States

Registered through: GoDaddy.com, Inc. (http://www.godaddy.com)
Domain Name: 00BP.COM
Created on: 29-Dec-05
Expires on: 29-Dec-07
Last Updated on: 09-Jun-07

Administrative Contact:
ShareGroup, LLC admin@1kay.com
ShareGroup, LLC
P.O. Box 27740
Las Vegas, Nevada 89126
United States
5555555555 Fax --

Technical Contact:
ShareGroup, LLC admin@1kay.com
ShareGroup, LLC
P.O. Box 27740
Las Vegas, Nevada 89126
United States
5555555555 Fax --

Domain servers in listed order:
NS1.00BP.COM

The subdomain "orkut.00bp.com" has the IP address 74.86.87.203 that is hosted on Softlayer Network, Dallas (http://www.softlayer.com/network.html). I have sent an e-mail to the admin about "00bp.com"'s orkut spoof site. I have also mailed Google about this. In this case, both registration and site hosting are inside Unites States. So, something would be done about it. I think that this site should soon be removed. But, there are plenty of spoofing sites lurking out in the Internet. We can't do much about it. Everytime we encouter one, we try to notify the authorities about it so that they can take feasible action. But end-users should be careful and they should always look for the "https://" login page and verify the SSL certificate in case of doubt.

OrgName: SoftLayer Technologies Inc.
OrgID: SOFTL
Address: 1950 N Stemmons Freeway
City: Dallas
StateProv: TX
PostalCode: 75207
Country: US

ReferralServer: rwhois://rwhois.softlayer.com:4321

NetRange: 74.86.0.0 - 74.86.255.255
CIDR: 74.86.0.0/16
OriginAS: AS36351
NetName: SOFTLAYER-NETBLOCK5
NetHandle: NET-74-86-0-0-1
Parent: NET-74-0-0-0-0
NetType: Direct Allocation
NameServer: NS1.SOFTLAYER.COM
NameServer: NS2.SOFTLAYER.COM
Comment: abuse@softlayer.com
RegDate: 2007-05-16
Updated: 2007-08-23

Also the site was using Google Analytics to track the traffic on this page. The account handles were UA-18005-1 and UA-2858826-2. I have also mailed Google about this. Those two account might be suspended as well. If IV wants, he/she(?) can complain to Google with this information. Anyway, I am happy that IV is making progress in the processor of recovering his/her account.

பின்குறிப்பு: ஆட்டோ அனுப்ப இட்லிவடை address இல்லாததால, இப்பிடியேல்லாம் அவரோட e-mail addressல attack பண்ணறங்க போல! தமிழ் நாட்டுல அரசியல்வாதிகளும் Hi-tech ஆயிடங்கய்யா!