Thanks to Textpattern, I'm going to be Rich!

bmattock · 2006-07-28 18:46:10

FYI: I didn’t know where else to post this. Got it via email – says it came from Textpattern. As a recent convert to Textpattern, I had recently registered on this support forum, which is, I suppose where this cretin got my email address. So this is a heads up to Textpattern Support Forum and I apologize for not knowing where to post something of this nature.

Thanks,

Bill Mattocks

*********************8

Message-Id: <200607281730.k6SHUjoi012831@robson.textdrive.com>
To: xxx@yyy.com
Subject: From :jacob david
From: “Textpattern Support Forum Mailer” <admin@forum.textpattern.com>
Reply-To: “jacob40” <jacobdavid40@yahoo.com>
Date: Fri, 28 Jul 2006 17:30:45 +0000
MIME-Version: 1.0
Content-transfer-encoding: 8bit
Content-type: text/plain; charset=utf-8

jacob40 from Textpattern Support Forum has sent you a message. You can reply to jacob40 by replying to this e-mail.

The message reads as follows:
———————————————————————————————————-

From :jacob david
Abidjan, Ivory Coast
(jacobdavid40@yahoo.com)

APPEAL FOR BUSINESS ASSISTANCE.

Dear ,

Permit me to inform you of my desire of going into business relationship with you. I got your name and contact from our country chambers of industry (internet department). I prayed over it and selected your name among other names due to its esteeming nature and the recommendations given
to me as a reputable and trust worthy person that I
can do business with and by the recommendation , I
must not hesitate to confide in you for this simple
and sincere business .

I am jacob david only son of late Mr. and Mrs. david Morgan . My father was a very wealthy cocoa merchant in Abidjan , the economic capital of Ivory coast, my father was poisoned to death by his business associates on one of their outings on a business trip .

My mother died when I was a baby and since then my father took me so special. Before the death of my father on october 2005 in a private hospital here in Abidjan he secretly called me on his bed side and told me that he has the sum of Six million,five hundred thousand United State Dollars. USD ($6,500,000.00) left in fixed / suspense account in one of the prime bank here in Abidjan ,that he used my name as his only son for the next of Kin in depositing of the fund. He also explained to me that it was because of this wealth that he was poisoned by his business associates. That I should seek for a foreign partner in a country of my choice where i will transfer this money and use it for investment purpose.
Dear, I am honourably seeking your assistance in the following ways:
(1) To provide a bank account into which this money
would be transferred to.
(2) To serve as a guardian of this fund.
(3) To make arrangement for me to come over to your
country to further my education and to secure a
resident permit in your country.

Moreover, I am willing to offer you 15%
of the total sum as compensation for your effort/
input after the successful transfer of this fund into
your nominated account overseas.

Furthermore, you indicate your options towards assisting me as I believe that this transaction would be concluded within fourteen (14) days you signify interest to assist me. Anticipating to hear from you soon.

Thanks and God bless.

Best regards,
Mr jacob david.

———————————————————————————————————-

—
Textpattern Support Forum Mailer

NyteOwl · 2006-07-28 19:06:22

This may be the giveaway

X-Authentication-Warning: robson.textdrive.com: txpforum set sender to admin@forum.textpattern.com using -f

Not sure if this is the case but it is consistant with

<a href=“http://www.sans.org/newsletters/risk/display.php?v=4&i=9#05.9.48”>http://www.sans.org/newsletters/risk/display.php?v=4&i=9#05.9.48</a>

I don’t know what version of punBB the forums are using.

For myself; I haven’t received any such spam (yet).

zem · 2006-07-28 22:51:41

Not sure if this is the case but it is consistant with

The SANS text doesn’t link to any information.

There’s a simpler possibility: someone is clicking on the “send email” links and using those to send spam.

Update: yes, that appears to be the case. I’ve banned the user in question.

Last edited by zem (2006-07-28 22:55:05)

NyteOwl · 2006-07-29 00:36:02

zem wrote:

The SANS text doesn’t link to any information.

Funny here it takes me to:
<ul>
<li>05.9.48 – CVE: CAN-2005-0569, CAN-2005-0570, CAN-2005-0571</li>
<li>Platform: Web Application</li>
<li> Title: PunBB Multiple Remote Input Validation Vulnerabilities</li>
<li> Description: PunBB is a web-based bulletin board application implemented in PHP with an SQL database back-end. PunBB is affected by multiple remote input validation vulnerabilities. PunBB versions 1.2.1 and earlier are known to be vulnerable.</li>
<li> Ref: http://www.securityfocus.com/archive/1/391463</li>
</ul>

There’s a simpler possibility: someone is clicking on the “send email” links and using those to send spam. Update: yes, that appears to be the case. I’ve banned the user in question.

Dern clumsy way to send spam; then again no one ever claimed spammers were too bright :) Glad you caught the bloke.

zem · 2006-07-29 01:11:34

PunBB versions 1.2.1 and earlier are known to be vulnerable.

Doesn’t affect us.

By “no information”, I mean no detail, no explanation, nothing that tells us what the symptoms or workarounds might be. The Ref link is useless.

Mary · 2006-07-29 06:21:30

http://forum.textpattern.com/viewtopic.php?pid=119560#p119560

Textpattern CMS

Textpattern CMS support forum

#1 2006-07-28 18:46:10

Thanks to Textpattern, I'm going to be Rich!

#2 2006-07-28 19:06:22

Re: Thanks to Textpattern, I'm going to be Rich!

#3 2006-07-28 22:51:41

Re: Thanks to Textpattern, I'm going to be Rich!

#4 2006-07-29 00:36:02

Re: Thanks to Textpattern, I'm going to be Rich!

#5 2006-07-29 01:11:34

Re: Thanks to Textpattern, I'm going to be Rich!

#6 2006-07-29 06:21:30

Re: Thanks to Textpattern, I'm going to be Rich!

Board footer