Somebody snooping with RedHat?
Debbie Deutsch
fedoralist at ddeutsch.org
Thu Apr 13 17:08:41 UTC 2006
Thomas Taylor wrote:
> Hi All
>
> I've gotten several messages in the last couple of days which seem to be
> invoking the RedHat Apache test page. Here are the message headers:
>
> ************** message header ********************
> Received: from srv89.shorsel.com ([86.59.186.89])
> by sccrmxc23.comcast.net (sccrmxc23) with SMTP
> id <20060413143530s2300kbg12e>; Thu, 13 Apr 2006 14:35:30 +0000
> X-Originating-IP: [86.59.186.89]
> Return-path: <6gzmzizakufzgu5zbzalzmzqza at lafipico.com>
> Received: (qmail 6350 invoked by uid 0); 13 Apr 2006 10:35:58 -0400
> Errors-to: plasm at lafipico.com
> Message-ID: <1144938958.0.1031839853261396756.qmail at linxt>
> Date: Thu, 13 Apr 2006 10:35:58 -0400
> From: "PLASMA" <plasm at lafipico.com>
> To: <linxt at comcast.net>
> Precedence: normal
> Subject: Claim your 42" Plasma TV today!
> Mime-Version: 1.0
> Content-Type: multipart/alternative;
> boundary="----=_NextPart_000_18CE_01C65F07.94A0FAB0"
> Status: R
> X-Status: NC
> X-KMail-EncryptionState:
> X-KMail-SignatureState:
> X-KMail-MDN-Sent:
>
> ------=_NextPart_000_18CE_01C65F07.94A0FAB0
> Content-Type: text/plain; charset="iso-8859-1"
> ************** message header ********************
>
> When the "86.59.186.89" is put into the url bar on Firefox it returns with the
> RedHat Apache test page. From the subject (free 42" plasma tv) that doesn't
> compute to use an old cliche.
>
> Is this a hack attempt?
>
> Tom
>
The messages are simply spam. Look at the Received: headers. Spammers
often forge them. However in this case, even if they are forged, they
do not indicate that the message came from RedHat. The
X-Originating-IP: field may be bogus. Want more evidence of spam with
forged headers? Look at the To: field. RedHat would not use an address
like that for sending mail.
HTH,
Debbie
More information about the users
mailing list