• Howdy! Welcome to our community of more than 130.000 members devoted to web hosting. This is a great place to get special offers from web hosts and post your own requests or ads. To start posting sign up here. Cheers! /Peo, FreeWebSpace.net
managed wordpress hosting

Avoid mkes.com from touching your server - spammer

Fakher

New Member
Hello,
All hosts, please never ever allow this domain to get any single hosting account with you
mkes.com

Unfortunately i did host him on my fee hosting server and this guy was sending thousands of spam emails from my server. Look at this copy as we got an abuse report.

Attn: Sir/Madam,

I am Senior Manager, Societe General Bank. Your sincere partnership is required to enable me transfer some funds(12 Million GBP) for both of us. If interested, get back to me via my personal email: mikes1960@rocketmail.com for details.

Best Regards,
Mike Smith.

I checked my mail queue and ll you believe 80000+ emails were in queue .... :O
This was because hourly limit set by me was 100 emails/hour for all free hosting accounts.

check out image attached about the emails he sent this is last 20 days report.

View Sent Summary
mkes.png


www.hostingdreams.net/spam_only/mkes.png

His details at Hosting Dreams are
IP = 79.108.250.104
Username = desty
email = lsanchez@inbox.com

Regards
Fakher
 
Last edited:
I wonder, is there a well-known database of troublemaking users?
This is first time I see 4-1-9 messages being sent in such a straightforward way.
 
Well i don't how did he get that much IDs to spam. Removal of queued emails from the server still in progress and they were as below when i saw them first time
Delivery Queue 86397 emails
Deletion in progress less then 20000 thousand now.
 
So just using 80,000 total emails (sounds like there were more), and 2400 emails per day...he was sending spam for 33+ days, and you never noticed?

You are going to have a lot more abusing users on your hosting if you aren't noticing something like that for over a month.
 
yah i was busy changing my website and doing some modifications on forum's front end. Server loads did never go up and i didn't faced any downtime, more over i did never think that some thing like this ll happen as daily mail limit is set to 100emails/hour for every user, I ll have to reconsider this 100/hour now ....
From now onwards i shall be checking this on daily basis.
 
Last edited:
To me, most strange thing is no one has complained about the spam during this month.
So, good luck in studying your servers and locking out abusers.

Update: here's the link I told about: FraudRecord.
 
Last edited:
Perhaps it's answered in the forum somewhere...I didn't read through it, but what do they do with the information? Never heard of fraudrecord before. Does the plugin ultimately flag users from their database when they try signing up in your WHMCS? If they just collect the information, it doesn't do me much good.
 
Perhaps it's answered in the forum somewhere...I didn't read through it, but what do they do with the information? Never heard of fraudrecord before. Does the plugin ultimately flag users from their database when they try signing up in your WHMCS? If they just collect the information, it doesn't do me much good.

As far as I understand - according to the explanations on FraudRecord - they do not keep any information (domain names etc), but keep a convoluted hash of those. I.e., if hashes match, then there's possibility the customer is a problematic one.

So, no real data are stored and can't be stored/used for any purposes.
 
No If you would like to see it in action wswd i can give you a temp_admin account so you can see it. It does not automatically flag them that i have found yet. We are looking at hopefully modifying there whmcs plugin to do that so it automatically markes as fraud as the system works very well.

I am waiting on the geoip plugin that is supposed to be going free and opensource to be released. Sander is the one your using free?
 
Last edited:
Yes it is, let me try to figure out where we got it. If I find it I will email you the files.
 
No If you would like to see it in action wswd i can give you a temp_admin account so you can see it. It does not automatically flag them that i have found yet. We are looking at hopefully modifying there whmcs plugin to do that so it automatically markes as fraud as the system works very well.

So what does it do exactly? Just collect the information and send it to these guys? What do they do with it? If it doesn't flag the known bad accounts when people sign up, I don't get what good it does for companies to install and use it.

Or am I just missing something?
 
So what does it do exactly? Just collect the information and send it to these guys? What do they do with it? If it doesn't flag the known bad accounts when people sign up, I don't get what good it does for companies to install and use it.

Or am I just missing something?

The idea was to match email address, name, [hone etc of the person in question without storing actual data.
They do it by calculating a hash sum (the process is described on their site).

Thus, the troublemaker can be now detected by comparing hash sum of data entered and hashes stored, but actual data can't be decoded.
 
Ahhhh, but you can actually retrieve and compare hashes when people sign up? I.e. if somebody signs up for an account with me, does the WHMCS plugin automatically compare the hashes and let me know that this guy is on the blacklist?
 
Back
Top