Ask MetaFilter posts tagged with Spam

Someone hacked my… something... somehow

studentbaker — Tue, 05 Aug 2008 11:05:14 -0800

What do you do when you think you've been hacked, but don't know how? This morning, when I tried to check my gmail with my iPhone, I got an error that the username/password combination was wrong. I was connected to my home network at the time. I re-entered the password in the iPhone settings and tried check it again. I got the error that the connection to the server “imap.gmail.com” failed. Feeling funny, I went to my Macbook and changed my gmail password in the google account settings.

At lunch, I checked gmail from my work PC and noticed a spam message that got through which I found strange since gmail has been very good lately at blocking spam. The spam was sent from my account. I know that it’s easy enough to spoof this, but I did check my sent mail and there it was. Someone sent the email from me, to me. The email subject was: “Anjelina Jolie Free Video”. The content was: “The password on archive anjelina”. There was an attachment: Angelina_Jolie.rar which I did not open. It was sent at 12:32 pm. I was definitely at my desk during that time.

I quickly changed my password again, and I made sure the new one was very strong. But, what now? Check my home and work machines for keystroke programs? Check to see if my home network has been hacked? How would I go about doing this, anyway? I feel like I need to change all my passwords now – bank, social networks, etc. – but what if they are watching me… Right Now!?!

Stop the political spam!

CruiseSavvy — Thu, 31 Jul 2008 21:28:57 -0800

When I registered to vote here in San Francisco I made the mistake of putting down my permanent forwarding email. Now I get a bunch of spam about candidates and initiatives. Is there a way to make it stop? Apparently I'm not the only one. It seems there's some official database of voter information, which gets sold, and includes email addresses.

The messages aren't commercial, but they're still unwanted.

The emails include an "unsubscribe" link, which I use. Although I never hear from that specific issue / candidate again, I still get spammed by other issues / candidates.

Is there a way to take get my contact info off the list?

explain this email to me please

mizrachi — Sat, 12 Jul 2008 01:42:21 -0800

what is this email? I just received it.

Subject: To all the persons with ingenuous head and heart

To all the persons with ingenuous head and heart

If the bitch things hadn't happened to us , I won't care how dark the bitch China is . I hope my family and friends can live peacefully as you do . But all our family members were driven mad in the past, and worse now .

FYI

The Beijing bitches of our housing zone is from the worldwide famous Chinese No.1 University, the TSING HUA University ( I thought the No.1 should be the Peking University instead ) , which is the service company of our housing zone . They SERVICE us here by terrorism only since they have power as the government leaders .

Our house is new and the housing zone is new as well , I stand out organizing our House Owner Committee, asking our neibours to sign for this committee in our house , hoping to contribute something to our housing zone future . This enraged our Housing Service company , the HuaQingWuYe . Thus they arranged a dog to bite my mother !
And they note the Police to threat us , they send more than 100 bitches to our house , one by one , almost every day , to threat and disturb us , they use more than one year to arrange a complot to our Shenzhen company , they sent an agent provocateur to our company , and ask the supplier to send copied products to our company once we have new order from customers, that agent provocateur's name was also shown in the bitch sentence files , his name is Ye ZhiXuan. He has " worked " in our company for one week till all our clerks were put into prison by a secret abduction in the middle sudden night of May 21st., 2007 !

The bitch government clerks had also rob all our computers, 7pcs computer towers and 2pcs notebooks that night, as well as many goods , piratical or non-piratical !

I ask for help worldwide .
And the Beijing bitches threats to kill me .
And the Beijing bitches finally abducted me into the Shenzhen prison the same way as they did to our company clerks , on Jul. 13th., 2007 .

We were tortured into half-death by their bitch way in the bitch prison , you can't bear . You can only pray the earth to blast and kill all the bitches for you .

4 persons of a family , including a cousin , in prison , not knowing alive or dead , can you bear ?
No one of the bitch Chinese government do anything to punish their bitches and pay for their bitch actions to us till now , though I'm still asking for help worldwide !

Dear GeGe , if you still think such a bitch government is hopeful , please type out all the documents in the "http://www.firstsing.com/news_8.htm
http://www.firstsing.com/sue2007.rar "
and send to the highest court of the bitch China through the address below :

最高人民法院立案庭东城区东交民巷27号100745 85256114
The Registry Court of The Highest Court of China , Building No.27, DongJiaoMinXiang, east city zone, Beijing, China
Zip 100745 , Tel. 86 010 85256114

Don't say it's my idea .
We don't know whether the bitches will do next . They are stakeouting all our family members and friends every day .
If we can't do anything to save ourselves , they might kill all of us by their bitch way sooner or later .

I just called to say, WTF? A phone call from a 4-digit number?

Unicorn on the cob — Wed, 02 Jul 2008 11:22:39 -0800

I recently have gotten a bunch of cell phone calls from non-phone numbers. WTF is going on? Okay, by non-phone-numbers, I mean, my phone rings, I look down, and I have seen, so far, the following:

9491221
1113
9491220

Also, I get a lot of "no name" or "new call" calls recently, too. Disclaimer: the credit companies are calling me to get me to pay an ex roommate's debt; I recently sent them all her contact info, so I can't tell if she has put me on some kind of spam list. I also get credit calls for my ex-husband and my mother (yes, I am surrounded by irresponsible people).

I tried googling with no luck; any idea what's going on? Is there any way to block these... whatever the hell the ares from calling me? I'm afraid to answer and nobody EVER leaves a message.

I have had my number on the Do Not Call registry since January of 2006.

Pharma Spam on a web site....

dobbs — Tue, 01 Jul 2008 09:17:21 -0800

A friend of mine's site is plagued with pharma spam in Google's cache. A friend of mine's site is hosted on Dreamhost and when the site and the code for the site is viewed, there are no problems with it. However, if you search for just about any drug on the planet, his site comes up pretty high in the ranks on Google.

When you follow the link off Google, it makes no sense why his site is appearing. However, if you view the Google cache for the page... tons of pharma spam. This despite no one but the friend having passwords or access to the site and he's running the latest version of his CMS (expression engine) which is, by all accounts we could find, secure. His site also doens't allow trackbacks, comments, or anything else that allows others access of any kind to the cms.

So...

1) How did these spammers do this?
2) How can we ensure they don't do it again?
3) What should we do regarding Google? (ie, alert them? ignore it and hope it's gone the next time the robot comes thru?)
4) I did a bit of searching and found some other people with this problem... they're also on DH, though DH won't own up to it and blames wordpress (which isn't installed and never has been) and the friend not being diligent with his password (he is).

Dead Letter Office

Shepherd — Fri, 13 Jun 2008 15:01:47 -0800

What happens when I tell catalogue people I am dead? Somehow -- I suspect it was the Folio Society, because it seems to be mostly book companies, British culture companies and classical music clubs -- my name and address has been sold to a list mill. This is addressed mail, not "Occupant" or "Current Resident" mail.

Conventional Internet spam wisdom is "never tell them you don't want their catalogue, because that just confirms the address is valid and raises your spam value rating." Does the same apply to junk mail?

And if so, what's the best way of dealing with it? I have considered drawing a line through the address and putting "UNSOLICITED" on the mail, then leaving it sticking out of the mailbox for the postal person to return to sender, but I'm worried that that's not a recognized reason to send mail back. "DECEASED" is more fun (and kind of cool), but I'm concerned that it, along with "NOT AT THIS ADDRESS," will result in the post office proper thinking I am dead/no longer resident and bouncing legitimate mail. My name, in theory, becomes valueless and is removed from lists (rather than becoming confirmed and therefore more valuable).

I am in Canada, and we do not have an equivalent to the options listed here. I think nipping this in the bud, and telling these companies I am "dead," either by "DECEASED: RETURN TO SENDER" post or by calling their 1-800 numbers, is the best method of getting my name conclusively removed from their lists, because dead people generally do not purchase things by mail order or otherwise.

But are there ramifications to being catalogue-dead that I am not considering?

Spammers ruin everything: how do I stop them from abusing mailing list signups?

chrominance — Tue, 03 Jun 2008 09:45:12 -0800

On our website, we've got a little one-field form where people can fill in their e-mail address and sign up for our mailing list. The form seems to now be the target of spammer-hacker bastards, and random people are complaining about being signed up for a list they've never heard of. What should we do, besides take down the form altogether? The only thing that comes to mind is a captcha (but that adds another step to what should be a one-step process). The list is administered by mailman, and it sends out confirmation e-mails before it signs anyone up. There's no way to add text to the automated mails so it shouldn't be the target of spammers. Nevertheless, it seems someone's using the form as a way to pester random people with (potentially lots of) confirmation e-mails. One of the goals with the very simple form was to make it easy for people to sign up; we'd rather not have to tell people to send arcane e-mail messages to a mailman address to sign up—and in any case, would that really solve the problem? Isn't that just as open to abuse? Captchas are at least a workable permanent solution, but I'd prefer something more accessible and easier to use. Nothing comes to mind.

Spammers ruin everything.

Gmail spamming

Class Goat — Thu, 08 May 2008 09:56:39 -0800

How do I report a gmail user who is spamming me? Google seems to be doing their damndest to not allow me to send them anything. (I do not have a login with them and don't want one.)

Someone has started a "blog by email" and somehow I've landed on his list of people to send several emails per day. He has ignored my requests to stop. He is using gmail to send his spam. How do I tell Google about him so that they pull his account? Does anyone have a contact email address, or can tell me which web page I can use?

IMail or GMail - which is the better spam fighter?

bcarroll — Tue, 15 Apr 2008 09:14:21 -0800

Which is a better option for controlling spam? Buying the IMail Premium Anti-Spam filter for our existing IMail mail server or migrating our mail to Google Apps for Your Domain? The IMail solution will be far less work as it is a managed service through our hosting provider. GMail migration and support would have to be done internally.

If the anti-spam capabilities are equal, then IMail would be the best for us. Does anyone have any experience on whether IMail's solution is as good as GMail's?

I've stopped my web form spam. What am I missing?

fantabulous timewaster — Thu, 03 Apr 2008 13:23:50 -0800

I seem to have stopped form spammers from cluttering a business inbox. Have I set myself up for some more mysterious problem down the road? The website for my wife's dog training business has some "contact us" and "schedule an appointment" forms, which send email through the venerable cgiemail. Shortly after we added these sometime last fall, spammers began sending messages by POSTing directly to the emailer. I was able to stop these robots by changing the name of a required field on the form. After half a dozen name changes over six months or so, we finally got found by a robot smart enough to check the form first, began getting fifty or sixty junk messages a day.

The standard approach to this problem seems to be the addition of a "captcha." I decided against a captcha for three reasons:

I'd have to change my backend to something that can validate a captcha. This probably isn't much of a hurdle.
I'd have to trust the new backend. This takes a little thought, depending on how much of it I would have to write.
Some potential customers might, like me, dislike squinting at captchas. We don't want to lose their business.

I think the third of these is a different goal than most people have. I don't want "no spam ever" or "fanciest web doohickey ever"; I want "no missed messages" and "minimum work." An occasional bit of junk doesn't pose a problem; the problem arises when there's enough junk to make my wife overlook the handful of legitimate messages. So before the final required field, I included the output of

echo "<!--"
head -c$((128*1024)) /dev/urandom | uuencode - | tr "<>" " "
echo "--&gt"

a few times. Now the HTML making up the form is about 700 kb long. This makes viewing the form once no more painful than viewing a graphics-heavy page, but my fifty-a-day form spammer has decided I'm not worth a 30 Mb download and gone away. Success! Now: how could someone break this?

Obviously, sending extra junk counts towards our bandwidth limit. But our limit right now is generous enough that getting close to the limit would take a distributed effort; I think we're a sufficiently low-value target that this is unlikely. The same logic makes me not too worried about loading the server --- the loop waits for the output to go out the network before making more. I'm not parsing any input. I can't think of any other server-side problems.

So, hive mind: what problems should I expect on the client side? Now that so many people have broadband, do I need to worry about sending a 700k HTML comment? Are there browsers that won't display the top of the form (where you type things) while the bottom loads? This trick does what I want very effectively --- what does it also do that I don't want?

(there's a link in my profile if you want to see the real deal)

Do marketing spams and popup/popunder ads really work anymore?

slavlin — Sat, 15 Mar 2008 21:09:32 -0800

Do marketing spams and popup/popunder ads really work anymore? I am just wondering why anyone still uses spam or popup/popunder ads anymore (other than as a scam.) I think everyone using the internet regularly anymore has universally agreed that these things suck and are annoying, so I don't understand why they are still used. Is there any study that someone could point me to about the effectiveness of these?

Spamhaus?

Nancy Lebovitz — Thu, 06 Mar 2008 09:49:03 -0800

How good is spamhaus at preventing false positives? When I checked, I found a couple of people praising spamhaus for blocking spam, but I'd like to get my actual email reliably too.

WP image submit with captcha?

zenpop — Wed, 05 Mar 2008 11:15:24 -0800

Kinda strange Wordpress plugin request: We're looking for a contact form with image submission that also employs a captcha or similar form of validation. Our blog allows folks to submit images for 'critiquing.' Lately the spambot freakazoids have found us and the erectile dysfunction ads are now rife. Hourly. Ugh.

We've posted to WordPress forums but no one seems to know of a plugin that allows for image submissions and includes a captcha process.

What to do after a PayPal Phishing Scam?

JulianDay — Mon, 03 Mar 2008 16:20:00 -0800

My friend just - 30 minutes ago - entered a bunch of information in a PayPal phishing website. What should he do right now? I looked up the other questions and see he can do a Fraud Alert, which I'll tell him about right after I ask this, but is there anything else he should do?

He gave to the website his:

Full Name
Social Security Number
Mother's Madien Name
A CC number w/ Security Code
Full Address (I guess for the CC)

I told him to call his CC and I'll show him the www.ftc.gov site.

He's nervous about what he just did, but I explained to him he can watch this post and see the answers as they come in.

Thanks.

How can I get rid of a Blogspot spam blog?

Locative — Sat, 01 Mar 2008 03:05:15 -0800

How can I get rid of a Blogspot spam blog? A year ago, I had a blog related to my professional interests set up on on Blogger. I posted a while, but eventually deleted it. It was not at all popular and used a very obscure address (i.e. obscureblogname.blogspot.com). A few months ago, I Googled myself and in the results found an old link to my blog from a prominent blogger in my field (from when the blog was still active). Since the link was dead, I didn't care -- until I realized that the same URL is now being used for one of Blogger's many spam blogs.

Essentially, I don't want people (especially prospective employers) Googling me and finding a link to a blog full of debt consolidation crap. I tried asking the prominent blogger to take down the link, but he never replied. I have flagged the blog, but it remains up months later. Is there anything I can do to expedite the removal of this blog from the site? Thank you!

Turn off Instiki spam/flood protection

djgh — Sun, 10 Feb 2008 11:18:36 -0800

Is there any way to stop spam protection on Instiki? I run a local version of Instiki (0.12) on my Mac (OSX 10.4.11) which I keep notes on. This isn't an as-you-go operation - I'll take notes by hand, and then at the end of the day or week sit down and try and type them all in.

Problem is, Instiki's flood/spam protection is stopping me. Is there any way of turning it off? I'm more than happy to dive in using Terminal. I've Googled around, but there doesn't seem to be a ready-made solution yet.

How can I stop cell phone spam?

cleverevans — Wed, 06 Feb 2008 12:47:16 -0800

How can I stop cell phone spam? I have a cell phone with Verizon Wireless. I have voice and text messaging, but not data. I've been receiving text spam messages recently. These text messages appear to come from an e-mail address. My cell phone is on the national do not call registry.

Is it possible that my stalker ex-girlfriend is joe-jobbing me?

TigerCrane — Fri, 01 Feb 2008 17:16:52 -0800

I have been the victim of a joe job. This means that spammers are putting my domains into the "reply to" of their spam messages, resulting in a barrage of auto-replies to my inbox. I am also being stalked by my ex-girlfriend. She has already vandalized my window, my car, and myspace page. She's pretty computer savvy, but I'm not aware of a method that would allow an individual (ie. not a professional spammer) to pass a domain onto a spammer. Is it possible that she is behind this?

If I were really hitting on guys via Craigslist, at least I'd have better grammar

korres — Thu, 24 Jan 2008 05:14:51 -0800

Can I do anything about a spammer using my e-mail address to answer ads on Craigslist? My primary e-mail address is MyFirstNameMyLastName@gmail. I've had it for several years now, used it for online banking, shopping, personal e-mailing, and my resume, and have never had a problem.

Yesterday, I started getting e-mails at that address from strange men. They all look like this:

From: Some Guy

[message like "lol ur sexie lets hook up lol!!!!!!"]

On [date] [time], MyFirstName MyLastName wrote:

Hi. I know I did not have a pic on craigslist and I am sure you dont want to meet someone your not attracted to. Go to [suspicious-looking URL/MyFirstName/] to see my pic. I got some more info about me on there as well. So if your still interested contact me and we can talk further.

MyFirstName

---- Original Message ----

** CRAIGSLIST ADVISORY --- AVOID SCAMS BY DEALING LOCALLY ** Avoid: wiring money, cross-border deals, work-at-home ** Beware: cashier checks, money orders, escrow, shipping ** More Info: http://www.craigslist.org/about/scams.html
[message that seems like a response to something, such as "it sounds like we like the same things" or "I like your ad, do you want to meet me"]
------------------------------------------------------------------
this message was remailed to you via: pers-549473412@craigslist.org
------------------------------------------------------------------

The suspicious URLs aren't anything porn-y, but they do sound sketchy, like "mybestwebsitehosting4free.info." The URL is different most times but they all point to the same page, a pretty innocuous picture of a chick with some fake vaguely-porny text and links to "XXX Black Book," which I assume is the actual porn site.

So it seems like a spammer puts an ad on Craigslist, a guy replies, and the spammer responds using my e-mail address. Then I get a creepy response from the guy.

Is my assessment right? And is there anything I can do about it, since it appears that my e-mail address isn't actually in these ads? I've only received six of these e-mails so far, but I'm afraid that it's only a matter of time before my inbox is flooded.

Help me snatch a hacker/spammer

snsranch — Mon, 31 Dec 2007 16:24:09 -0800

My hotmail acct has been hacked/cracked and is being used to spam people including a few MeFites. I'm pissed and concerned. Please hope me! I've changed my password to something I think is pretty uncrackable but it's still happening.

Ultimately, I know, I should just use a g-mail acct. But in the mean time, what can I do to investigate, complain and secure the info that exists there in my acct?

It's also odd that at least one Mefite has been spammed who I've never had contacted with hotmail. So I believe that this might be MeFi related too.

p.s. Should I post a PSA to MeTa to let folks know that I'm not spamming them?

Spam in documents folder

ilike — Wed, 26 Dec 2007 15:26:54 -0800

I found an rtf file in my documents folder in vista that contained instruction on how to get a free ipod by refering friends to a site. I have not downloaded this. Is my computer compromised? Should I do anything? Did it matter that i opened it in word?

How about never? Is never good for you?

Artifice_Eternity — Tue, 11 Dec 2007 18:56:15 -0800

How are other people adding events to my non-shared Google Calendar? My calendar is private -- I've chosen "Do not share with everyone" in the settings, and no one is on the sharing list but myself. But recently I've found 2 different events on my calendar that I didn't add. I know the people involved, but I don't know how or why they are adding events to my calendar. Also, I have SMS notifications enabled, so I am getting text messages to my cell phone (which I pay for) for events I didn't put on my schedule. I can't let this continue, or it will become a major spam issue. Is there no way to disallow people from adding events to my calendar? The Gcal help files do not seem to address this issue.

Ai o felicitare?

ohio — Sat, 08 Dec 2007 07:44:20 -0800

Romanian spam? Anyone here able to read what I think is Romanian? I just received the following, and I think it is Romanian spam. Can anyone tell me what it says? I could defniitely be wrong about the Romanian part.

Ai o felicitare de la Emi
Ca sa o vezi, apasa pe urmatorul link:
http://felicitari.resursecrestine.ro/view.php?action=view&id=2516129263

Felicitare trimisa de pe http://felicitari.resursecrestine.ro
Subdomeniu al http://www.resursecrestine.ro - tot ce doresti in materie de resurse crestine!

Christian treacle

levijk — Sat, 24 Nov 2007 11:16:00 -0800

How should I respond to syrupy Christian emails? I am in my immediate family's address books and they like to forward syrupy sweet Christian emails to me even though they know I am an atheist. They also send me personalized ecards with Christian platitudes because they think I "know the truth but choose not to believe it," if that's even logically possible. I've ignored this for the longest time but I'm finding it more and more disrespectful. I do not send them atheist ecards. Should I start? I figured just go the direct route: I appreciate the card but not the motivation behind it...? Maybe I should diffuse the situation with humor? All ideas welcome.

Can text message spam be forever cast into the darkness from whence it came?

moonbird — Sun, 11 Nov 2007 19:33:49 -0800

Has anyone had any luck in stopping text message spam? [Cingular/ATT, Treo 650] I'm getting positively (or negatively, as it were) bombarded. Today I received 23 spams, as a mix between MMS and plain text. This has been going on for months and is getting progressively worse.

I've called "customer service" several times now and all I get is the same fairly uneducated response: "Send them a message back and tell them you want to unsubscribe." Not so much, and it certainly costs more to do so. I've been on the Do Not Call registry since its inception. They've begrudgingly refunded the cost of some spams, but not all. It has been a bit sad when I have to explain to the tech folks what a spam filter is, so I have no clue as to whether they actually are using any.

Have any real useful solutions been discovered, save transferring to another carrier or not canceling texting altogether?