This is just a little warning about a spammer that I've just suspended.

They contacted our support department saying that they were interested in our web hosting services. I replied to the support ticket myself and gave them a cPanel demo. An hour later they reply asking for a trial account just to test our services. I wouldn't have gave them this account because I know what some people are like but my colleague gave them the benefit of the doubt and set up an account... By the time I was told about this they had managed to send out quite a few emails and they're now suspended.

Here's some information that might help other hosts so they can't do it again.

These are the only details we have on them at this time.

Name: Lolita Mackenzie
Email: adminoffice@amplimail.com

Spam Information:
Envelope From: euromillion2008@europe.com
Reply-To: infopsgsl@aim.com
Subject: Notifications Of Email Prize 2008.
Senders IP: 81.202.97.69

I hope this information helps stop them from using other hosts to spam. Mods can feel free to edit this information if some of it should not be shown publicly.

Thanks for the heads up :)

Thanks for the heads up.

What you could do if your using whm is create another feature lsit, disable smtp, email, pop3 etc and create a demo plan with 1mb space and similar bandwidth etc using that feature list.

That way if you have to set up a demo account then you can put a stop to any spamming like that. Also disable anything else they may be able to abuse when your creature the new feature list in whm.

Hope this helps some of you.

thanks buddy, noted :)

They're not just spammers, they're sending out phishing/fraudulent mails too.

Had a couple in my junk mail.

Dam it! Thanks for the share dude!

I got more info on her...last month she came to me asking for a one month trial. i figured it was ok since she explained what her site was going to be about so here are her emails she sent me.
First:

Hello, We visited your website and find your hosting services to meet our desire. We would apprecaite your creating a demo or trial account of your Cpanel, Webmail, Hsphere trial sign up account for us to test with as we shall get hooked on to your server in the next 48hrs all things being equal. Our proposed domain name is www.medprints.info Regards Lolita Mackenzie
I replied:

Hi, How did you guys hear about us?
What is your website about?
Which package would you like and what username for cpanel would you like to use?

Thank you for contacting us!
Dan
She replied(note this all happened on the 5th of Feb...one day.

Hello,



Thanks for your response.



Our website is about media consultancy and printing materials.

It has been designed and chosen domain name is www.medprints.info (not registerred yet).


Your paid hosting - starter plan is of great interest to us.

We got your contact from a list of good hosting companies from google search engine.

Below is my details:Name: Lolita Mackenzie
Company: MedPrints Inc.
Email: office@emaillive.com
5 Queens Rd
Melbourne City Vic 3004
Phone: +61 039688 4559
Domain: www.medprints.info ( Not registerred yet)
Cpanel username: adminoffice

Expecting details of the trial account in your next mail.

Best regards

Lolita
I sent her her information on it being created. However the email never reached her as her email server died.

Here are her details, they are very different from above.
Email: office@emaillive.com
Name: Same as above.

Now please excuse me as I go have some fun terminating. :D


Dan

whats fun is tracing that ip address and any other ip address and doing a couple "tricks"

whats fun is tracing that ip address and any other ip address and doing a couple "tricks"

lol you dirty little devil you haha +rep

Thank you for your warning. I have had the same situation, but we do not allow to send emails on trial period. They move.

Yes that's the exact same email they sent us.

I'm glad they didn't get access but it just goes to show that they'll try anything to get free hosting to send out a lot of spam.

Thanks for the heads up, fortunately we dont offer trials at all..people like this make it harder for the legit users out there.

There are lots of great ways to avoid getting stung by this particular scam. Choose a mixture of these and you'll be pretty safe!

The first and simplest method is the human engineering method of not allowing free trials. Emphasize there's a money back guarantee for 30 days. This isn't bullet proof as they could use a stolen credit card but it does discourage some.

Second, and importantly, limit outgoing emails on new account by default. If it's a cpanel account, that can be done by editing /var/cpanel/maxemails and running a script. This means that any new user who tries spamming will be severely limited. If you limit to 150 per hour that's way more than a real human would ever send in 99% of cases, and for the rest, they can just call or email you and you can then raise the limit. We leave the limit set down for all users until they ask as it guards us against form-email script breakins/hijacks.

Third, prevent scripts running on your server from sending mail out on port 25. If you have emails out limited as above this will close off the other way they could send email. This comes for free with Configserver's free CSF firewall/security tool (www.configserver.com/cp/csf.html) and can also be set with cpanel's SMTP Tweak settings. It's important to understand that it's not enough to limit features in cpanel if they can upload and run PHP scripts!

One thing that works and is free, is, when communicating with them, just mention that you have strong anti-spam measures in place on the server. That will discourage most of these guys! The name "Lolita" should clue you in that they're spammers, I don't think anybody else uses that name! (And it's almost certainly a weird male, not a woman, if you know the story behind the choice of the name Lolita!)

There's a whole related area to do with securing scripts on your server which I won't go into in detail. Suffice to say that it works well to run your PHP under cpanel with suphp so you can see which user is doing which; and it works to run mod_security with a good, simple rule set. These two alone have saved me more time and angst than I care to even think about!