Re: Compromised email accounts
- From: flakeystuff <publiccopy1@xxxxxxxxx>
- Date: Fri, 6 Jun 2008 09:17:55 -0700 (PDT)
On May 21, 5:00 pm, Man Alive <nop...@xxxxxxxxxxx> wrote:
I'm in an IT department in a small community college that offers emails,
wireless, VPN to students.
Lately we have been having spammers access student email accounts and
sending spam. We are researching how the the account details were obtained.
I have looked in the server logs and noticed a number of successful
authentications from a suspicious IP; the authentications were to ~50
accounts. It looked like someone was testing if accounts from a list had
the correct credentials: the authentications were run via script.
Question: Are these type of account details bought and sold? I have a
feeling that someone bought set of college accounts and ran a script to
evaluate which were still working. About a month later the spam started.
Yeah, I hear some wanted a contaminating agent: aka contaminate.
They suffered 92% loss.
Knowin'.
.
- Follow-Ups:
- Re: Compromised email accounts
- From: flakeystuff
- Re: Compromised email accounts
- Prev by Date: Re: How the Chicom got my IP address???
- Next by Date: Re: How the Chicom got my IP address???
- Previous by thread: Re: Compromised email accounts
- Next by thread: Re: Compromised email accounts
- Index(es):
Relevant Pages
|
