[wp-forums] Keep an eye out for the phisher
Mika A Epstein
ipstenu at ipstenu.org
Wed Mar 28 13:07:41 UTC 2012
From this list?
72.233.56.172 I believe, but you can view the raw source of any email from the list and see stuff like this:
Return-path: <wp-forums-bounces at lists.automattic.com>
Envelope-to: ipstenu at ipstenu.org
Delivery-date: Tue, 27 Mar 2012 07:55:10 -0500
Received: from lists.luv.wordpress.org ([72.233.56.172]:1668)
by gamera.ipstenu.org with esmtp (Exim 4.77)
(envelope-from <wp-forums-bounces at lists.automattic.com>)
id 1SCVvZ-0001IS-Sm
for ipstenu at ipstenu.org; Tue, 27 Mar 2012 07:55:10 -0500
Received: from lists.luv.wordpress.org (localhost.localdomain [127.0.0.1])
by lists.luv.wordpress.org (Postfix) with ESMTP id 7633B4FAFF;
Tue, 27 Mar 2012 12:55:09 +0000 (UTC)
X-Original-To: wp-forums at lists.automattic.com
Delivered-To: wp-forums at lists.automattic.com
Received: from mail-qa0-f46.google.com (mail-qa0-f46.google.com
[209.85.216.46])
by lists.luv.wordpress.org (Postfix) with ESMTP id B9823473ED
for <wp-forums at lists.automattic.com>;
Tue, 27 Mar 2012 12:55:07 +0000 (UTC)
Received: by qaeb19 with SMTP id b19so3542750qae.5
for <wp-forums at lists.automattic.com>;
Tue, 27 Mar 2012 05:55:07 -0700 (PDT)
The reason x-orginating-IP won't work here is that you'd get MY IP ;) I sent the email after all. Mailing lists are harder to fake, given the multiple layers and, in WP's case, the lack of an open relay (which is how people send email through folks that aren't them).
Check for lists.luv.wordpress.org and lists.automattic.com
On 27 Mar 2012, at 7:55:07AM, Daniel Fenn wrote:
> Hello, what ip address can one expect for email sent from the mailing
> list system? (I know that off topic but that would be handy to know)
>
> On 27/03/2012, Mika A Epstein <ipstenu at ipstenu.org> wrote:
>> The phisher has gotten a hold of SOME ids. The IP 96.48.241.183 is known to
>> be his.
>>
>> These IDs are currently blocked, but he'll probably make more.
>>
>> http://wordpress.org/support/profile/vanessa_
>> http://wordpress.org/support/profile/perez_
>> http://wordpress.org/support/profile/tranons
>> http://wordpress.org/support/profile/2k8bomb
>>
>> wp.org knows who the spammer is, and all the details, so they'll take care
>> of it. We just need to make sure they don't stir up trouble on the forums.
>>
>> If you get EMAILS from a hotmail account or anything suspect from the
>> forums, check the originating IP of the email (view the raw headers) and
>> look for this:
>>
>> X-Originating-IP: [96.48.241.183]
>>
>> That's our guy. Hang on to the emails, delete, forward 'em on. Just don't
>> reply.
>>
>> Props to Jan for spotting it right away last night!
>> _______________________________________________
>> wp-forums mailing list
>> wp-forums at lists.automattic.com
>> http://lists.automattic.com/mailman/listinfo/wp-forums
>>
>
>
> --
> Regards,
> Daniel Fenn
> _______________________________________________
> wp-forums mailing list
> wp-forums at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-forums
More information about the wp-forums
mailing list