My Site Shut Down For Nigerian Bank Scams

Posted on Dec 13, 2007 in News |

[image]http://www.kylehealey.com/wp-content/uploads/2008/09/djz.jpg[/image]

I have no idea how it happened, but it did. I went to login to one of my websites today and make a blog post, and I was greeted with “This host has been suspended, please contact administrators”. So I think I must have forgot to pay hosting, but this is not the case because the rest of the sites on the server are still up. So I e-mail hostgator and receive the following response.

Hi,

The account “#@$##@” on server xxxx.xxxxxxxxx.net was suspended for sending out a large amount of spam (see attachment for a sample). (SquirrelMail authenticated user ballermike@ballersguide.com). If the user had a terrible/easy password, it may have been guessed and abused, and the password should be changed to something difficult. Please ensure this account is not involved in any further spam activity. Thank you.

I look at the attachment and it is a classic “Nigerian 419″ bank e-mail. Somehow these scammers are using my website to send out their scams:

Return-Path:

Received: from rly-md07.mx.aol.com (rly-md07.mail.aol.com [172.20.29.145]) by air-md03.mail.aol.com (v121.4) with ESMTP id MAILINMD033-914475c0fd4101; Sun, 09 Dec 2007 10:55:15 -0500

Received: fromxxxx.xxxxxxx.net (b2.4d.5746.static.theplanet.com [70.87.77.178]) by rly-md07.mx.aol.com (v121.4) with ESMTP id MAILRELAYINMD074-914475c0fd4101; Sun, 09 Dec 2007 10:55:02 -0500

Received: from ballersg by xxxxx.xxxxx.net with local (Exim 4.68)

(envelope-from )

id 1J0Gq5-0004FT-Fi; Thu, 06 Dec 2007 07:32:29 -0600

Received: from 82.128.6.100 ([82.128.6.100])

(SquirrelMail authenticated user ballermike@ballersguide.com)

by xxxxx.net with HTTP;

Thu, 6 Dec 2007 07:32:29 -0600 (CST)

Message-ID: <2082.82.128.6.100.1196947949.squirrel@xxxx.net>

Date: Thu, 6 Dec 2007 07:32:29 -0600 (CST)

Subject: ATM CARD PAYMENT

From: “MR. DANIEL AMECHI.”

Reply-To: danielamechi01@yahoo.fr

User-Agent: SquirrelMail/1.4.9a

MIME-Version: 1.0

Content-Type: text/plain;charset=iso-8859-1

Content-Transfer-Encoding: 8bit

X-Priority: 3 (Normal)

Importance: Normal

X-AntiAbuse: This header was added to track abuse, please include it with any abuse report

X-AntiAbuse: Primary Hostname – xxxxxxxxx.net

X-AntiAbuse: Original Domain – aol.com

X-AntiAbuse: Originator/Caller UID/GID – [32017 32021] / [47 12]

X-AntiAbuse: Sender Address Domain – yahoo.es

X-AOL-IP: 70.87.77.178

X-AOL-SCOLL-AUTHENTICATION: listenair ; SPF_helo : n

X-AOL-SCOLL-AUTHENTICATION: listenair ; SPF_822_from : n

To:

X-Mailer: Unknown (No Version)

MIME element (text/plain)

ATM CARD PAYMENT FOR FUND BENEFICIARIES

INTERNATIONAL CREDIT SETTLEMENT

OFFICE OF THE DIRECTOR OFOPERATIONS

CENTRAL BANK OF NIGERIA.

DATE; 6TH NOV 2007

ATTENTION BENEFICIARY:

THIS IS TO OFFICIALY INFORM YOU THAT WE HAVE VERIFIED YOUR CONTRACT

/INHERITANCE FILE AND FOUND OUT THAT WHY YOU HAVE NOT RECEIVED YOURPAYMENT

IS BECAUSE YOU HAVE NOT FUFILLED THE OBLIGATIONS GIVEN TO YOU IN RESPECT

OF YOUR CONTRACT / INHERITANCE PAYMENT.

SECONDLY WEHAVE BEEN INFORMED THAT YOU ARE STILL DEALING WITH THE NONE

OFFICIALS IN THE BANK ALL YOUR ATTEMPT TO SECURE THE RELEASE OF THE FUND

TO YOU. WE WISH TO ADVIVE YOU THAT SUCH AN ILEGAL ACT LIKE THIS HAVE TO

STOP IF YOU WISHES TO RECEIVE YOUR PAYMENT SINCE WE HAVE DECIDED TO BRING

A SOLUTION TO YOUR PROBLEM.

RIGHT NOW WE HAVE ARRANGED YOUR PAYMENT THROUGH OUR SWIFT CARD PAYMENT

CENTER ASIA PACIFIC, THAT IS THE LATEST INSTRUCTION BY THE PRESIDENT CHIEF

ALHAJI UMAR MUSA YAR-ADUA (GCFR FEDERAL REPUBLIC OF NIGERIA.

THIS CARD CENTER WILL SEND YOU AN ATM CARD WHICH YOU WILL USE TO WITHDRAW

YOUR MONEY IN ANY ATM MACHINE IN ANY PART OF THE WORLD, BUT THE AXIMUM IS

ONE THOUSAND FIVE DOLLARS PER DAY,

SO IF YOU LIKE TO RECIEVE YOUR FUND THIS WAY PLEASE LET US KNOW BY

CONTACTING THE CARD PAYMENT CENTER AND ALSO SEND THE FOLLOWING

INFORMATION:

1.YOUR FULL NAME

2. PHONE AND FAX NUMBER,

3. ADDRESS WERE YOU WANT THEM TO SEND THE ATM CARD

4. YOUR AGE AND CURRENT OCCUPATION

5. A COPY OF YOUR IDENTITY ATTACHED TO E-MAIL

CONTACT PERSON:

Dr. SAM EDE FRANCIS

INTEGRATED PAYMENT DEPARTMENT

EMAIL:samedeforpaymentdepartment@yahoo.es

I have changed my password and asked Hostgator to sweep my server for vulnerabilities or exploits. Hopefully this will put an end to it. I just logged into my email for that site and there were 3 pages of failed spam reports. Not a good day.

If you enjoyed this post, make sure you subscribe to my RSS feed!