Fraudulent Emails Sent -=your Hosting Is Suspended=- "this Is Spam" And Not From Admins At Trap. Be aware that fake suspension emails are sent.

[snlildude87 0]

Yeah, I got that email today. The thing is, though, I have 124.4 hosting days left as of now, so there is no way my account is in danger.

[Shadow 0]

Well, I received a certain e-mail from "Management <administrator>", and I forwarded it to Trap 17 abuse email.

 

Here are full headers from that e-mail...

X-Apparently-To: =my_email=@yahoo.com via 216.155.196.65; Thu, 17 Mar 2005 00:05:54 -0800Authentication-Results: mta140.mail.dcn.yahoo.com  from=; domainkeys=neutral (no sig)X-Originating-IP: [69.50.187.114]Return-Path: <Xisto@dasher.psychz.net>Received: from 69.50.187.114  (EHLO dasher.psychz.net) (69.50.187.114)  by mta140.mail.dcn.yahoo.com with SMTP; Thu, 17 Mar 2005 00:05:38 -0800Received: from Xisto by dasher.psychz.net with local (Exim 4.44)        id 1DBpvF-0001LX-DW; Thu, 17 Mar 2005 00:00:01 -0800To: =my_email=@yahoo.comSubject:  : HOSTING ACCOUNT SUSPENDED.MIME-Version: 1.0Content-type: text/html; charset=iso-8859-1To:=my_email=@yahoo.comFrom:  Management <administrator@>Date: Thu, 17 Mar 2005 00:00:01 -0800X-AntiAbuse: This header was added to track abuse, please include it with any abuse reportX-AntiAbuse: Primary Hostname - dasher.psychz.netX-AntiAbuse: Original Domain - yahoo.comX-AntiAbuse: Originator/Caller UID/GID - [32257 32258] / [47 12]X-AntiAbuse: Sender Address Domain - dasher.psychz.netX-Source: X-Source-Args: X-Source-Dir: Content-Length: 849

Now, I dont think that Trap 17 admins have administrator@ email... Nor that they would send account suspension notices from administrators e-mail... I could be wrong though...

 

However, Xisto@dasher.psychz.net is definitely a suspicious e-mail address, for someone like Trap 17 to use I mean, they provide web hosting, paid AND free, would they use some weird mail server, or just use something@Xisto.com? Hope they catch this lamer

64678[/snapback]

I tried to access dasher.psychz.net, and all it did was refer me to its cpanel. that makes it that much more suspiscious

[dawu 0]

Some one or some thing is sending out emails to the cpanel users of Xisto.com stating that their account is suspended. The email looks legit, however your hosting credits and site are all ok.  If you are  having this problem please reply and state the situation.

 

(please do not reply if your hosting credits are not positive)

Thanks

Eric Drinkard

62406[/snapback]

I got that email some time ago (a months or so) and I wasn't sure why my account got deleted so I stopped visiting Xisto Forums.Today I came here to check what's new on Xisto and I see this warning, I try to login and it says: Attepmt failed so I figured I threw away my account for nothing.Do I need to post 10posts again to apply for the account? Please reply.

 

Daniel

[mahesh2k 0]

well i havent checked my email yet. maybe i also got some mail in my inbox. i will check and inform here later.Hey Nilsc new script is not working good with users anymore our stats is decreasing rapidly if it is at 22 today tommoroow i found it in 14 definitely.anyway check out bugs with credit system.

[finaldesign 0]

If you findout who is doing that... tell me, I got some ideas about how to solve that...

[googlue 0]

Here is the header of the email I received:

X-Gmail-Received: 480836e5360f8e4762cfbb58acccd5a4f68550b0Delivered-To: googlue@gmail.com
Received: by 10.54.24.54 with SMTP id 54cs40666wrx;
        Mon, 28 Mar 2005 21:07:16 -0800 (PST)
Received: by 10.54.35.65 with SMTP id i65mr564111wri;
        Mon, 28 Mar 2005 21:07:12 -0800 (PST)
Return-Path: <Xisto@dasher.psychz.net>
Received: from dasher.psychz.net (dasher.psychz.net [69.50.187.114])
        by mx.gmail.com with ESMTP id 24si1514361wrl.2005.03.28.21.07.11;
        Mon, 28 Mar 2005 21:07:12 -0800 (PST)
Received-SPF: pass (gmail.com: best guess record for domain of Xisto@dasher.psychz.net designates 69.50.187.114 as permitted sender)
Received: from Xisto by dasher.psychz.net with local (Exim 4.44)
id 1DG8ph-0005Vh-2h; Mon, 28 Mar 2005 21:00:06 -0800
To: googlue@gmail.com
Subject:  : HOSTING ACCOUNT SUSPENDED.
MIME-Version: 1.0
Content-type: text/html; charset=iso-8859-1
To: googlue@gmail.com
From:  Management <administrator@>
Message-Id: <E1DG8ph-0005Vh-2h@dasher.psychz.net>
Date: Mon, 28 Mar 2005 21:00:05 -0800
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - dasher.psychz.net
X-AntiAbuse: Original Domain - gmail.com
X-AntiAbuse: Originator/Caller UID/GID - [32257 32258] / [47 12]
X-AntiAbuse: Sender Address Domain - dasher.psychz.net
X-Source:
X-Source-Args:
X-Source-Dir:

I have more than 30 hosting credits and was taken by surprise when I saw the mail! This is not how Xisto works!!

But I did check with Nils and was reassured soon

Googlue

[psychiccyberfreak 0]

they coud have used a php script that reads off the cpanel database and e-mails everyone this. That's how it could say "administrator@Xisto.com"

[Florisjuh 0]

they coud have used a php script that reads off the cpanel database and e-mails everyone this. That's how it could say "administrator@Xisto.com"

150352[/snapback]

Opaque told about this in another toic if I'm right, they shifted servers withoud disabling the cron jobs that checked hosting credits on the old server, so reputation points where getting lower even if you where posting, I think this has been fixed already

[crapoartworks 0]

Well, how you can spam people? well, there are services out there on the net that allow you to send joke emails using fake email addresses and people abuse that and spam.

[BuffaloHelp 24]

This topic was brought to my attention for being an old one. But I think I might know why emails were originated from psychz.net and to most Xisto users.

 

I was replying to one of our nameserver IP topic and noticed that some (few or less) members might be using IP address to enter as the namesever under their DNS control. And mistakenly ns1.trap17.com and ns2.trap17.com IP's are circulating as 69.50.188.18 and 69.50.188.19. This is incorrect check here to verify. The IP address of 69.50.188.19 belongs to ns2.psychz.net. If you have entered IP address as Xisto nameserver please do not use the second IP address. Xisto's nameservers are:

ns1.trap17.com

ns2.trap17.com

 

And if you HAVE to use IP addresses, the correct IPs are:

64.5.44.113

209.152.167.59

 

Some have made a comment that using 69.50.188.18 and 69.50.188.19 works just fine. It's because the first nameserver (69.50.188.18) is resolving to your hosing account. When 69.50.188.18 fails, it will switch over to 69.50.188.19 and that is when psychz.net will be notified and send back the appropriate message.

[TripleH13 0]

well thanks for the info on this i hope this doesnt start happening again. But by seeing the topic is old and what you just said it seems done with

[nelimitat 0]

This is very rude to many people, because many could take this message as a true one and leave your services.Have you found out the hosting company (competitor) that made this spam?

[BuffaloHelp 24]

When 69.50.188.18 fails, it will switch over to 69.50.188.19 and that is when psychz.net will be notified and send back the appropriate message.

185349[/snapback]

...because 69.50.188.19 belongs to ns2.psychz.net. The email is originated from that site and since many of you have "catch all" as your setting in cPanel's email setting, you are receiving a message directed towards, i.e. anyone@yoursite.com. Since you do not host with psychz.net, they are sending you their version of error message. Using the correct nameserver for Xisto will correct this matter.

 

I'm not sure if you read my post but read it again. And I don't believe it's a marketing tactic from one of the competitors but a simply an error on some of our member's DNS setting. Or it could be that the IP used for ns1.trap17.com is a shared nameserver that hosts other nameservers. Nevertheless, it seems like this issue has been resolved.

 

----- Until another message like this is received, this topic is closed -----