PayPal SCAM On Your Own Website!

BillyConnite · 01-09-2006, 05:48 PM

I HATE SCAMMERS GGGGGRRRRR!!!!!!!!!!!

Just today I received an email from my server provider informing me that on my website torrentsites.org was located a PayPal phishing scam 3 of my websites!
????: NamePros.com http://www.namepros.com/warnings-and-alerts/155885-paypal-scam-on-your-own-website.html

I deleted the folders and a few minutes later they were right back so I suspended the site.

Then I checked CPanel's default email catcher and had received around 10 emails from people saying "thankyou". HOPEFULLY that was sarcasm, I'd hate to think that I was the helper of some a PayPal phishing scam. I got another 10 emails saying that I have been reported, abusing me etc etc. I hope I don't get in trouble for someone else duisgusting, pathetic actions!

I can't believe that this has happened. Has anyone ever had this same problem? Finding 2 folders called '.PP' and 'paypal_phishing' in their public_html folder?

My passwords are simply ridiculous, so there's no way they had used my user and pass. I also checked ftp logs but they had only been for the last 24 hours, so I could not get their IP Address. Luckily the scamming folders have only been their for the last 2 days.

Well thought I'd warn everyone they might want to check their sites every now and then.

Anyone know who I could go about reporting this or something? Some have sent me a cope of the exact email also as follows:

Quote:

>From root@ratonservices.com Sat Jan 7 05:08:47 2006
Return-Path: <root@ratonservices.com>
Received: from ratonservices.com (h69-21-167-182.69-21.unk.tds.net [69.21.167.182])
by agora.rdrop.com (8.13.1/8.12.7) with ESMTP id k07D8ko3014019
for <persons email address here>; Sat, 7 Jan 2006 05:08:47 -0800 (PST)
(envelope-from root@ratonservices.com)
Received: by ratonservices.com (Postfix, from userid 0)
id 190D9755747; Sat, 7 Jan 2006 05:26:09 -0600 (CST)
To: dont@agora.rdrop.com
Subject: Please Restore Your Account Access
From: "service@paypal.com" <pp@paypalssl.com>
Content-Type: text/html
Message-Id: <20060107112609.190D9755747@ratonservices.com>
Date: Sat, 7 Jan 2006 05:26:09 -0600 (CST)
Status:
X-Status:
X-Keywords:

<html>
<head>
<body bgcolor="ffffff">

<table cellSpacing="0" cellPadding="0" width="600" align="center" border="0">
????: NamePros.com http://www.namepros.com/showthread.php?t=155885

 
<a href="http://torrentsites.org/.pp/updates/us/webscr.php?cmd=LogIn"; target="_Blank"><img src="http://www.paypal.com/images/paypal_logo.gif"; border="0" width="117" height="35"></a>
As part of our security measures, we regularly screen activity in the
PayPal system. We recently contacted you after noticing an issue on your
account.We requested information from you for the following reason:
 

We have reason to believe that your account was accessed by a third
party. Because protecting the security of your account is our primary
concern, we have limited access to sensitive PayPal account features. We
understand that this may be an inconvenience but please understand that
this temporary limitation is for your protection.
 
Case ID Number: PP-104-695-073
 

This is a reminder to log in to PayPal as soon as possible.
 
Once you log in, you will be provided with steps to
restore your account access. We appreciate your understanding as we work to
ensure account safety.
 
Follow the link bellow to proceed
 <a href="http://torrentsites.org/.pp/updates/us/webscr.php?cmd=LogIn"; target="_Blank">https://www.paypal.com/cgi-bin/webscr?cmd=_login-run</a> ;
In accordance with PayPal's User Agreement, your account access will
remain limited until the issue has been resolved. Unfortunately, if
access to your account remains limited for an extended period of time, it
may result in further limitations or eventual account closure. We
encourage you to log in to your PayPal account as soon as possible to help
avoid this.
 
<hr>
We thank you for your prompt attention to this matter. Please
understand that this is a security measure intended to help protect you and your
account. We apologize for any inconvenience.
 
Sincerely,
PayPal Account Review Department
 
PayPal Email ID PP271

</table>
</html>

Regards, Rhett.

jdk · 01-09-2006, 05:56 PM

You can forward to spoof@paypal.com and report them on the FBI website.

weblord · 01-10-2006, 08:42 PM

another variation of their spoof links:
http://www.paypal.com.us-cgibin-web-....php?cmd=LogIn

Virgil · 01-10-2006, 10:02 PM

This sounds really strange. I believe your host SHOULD be looking into this, analizing their logs, looking for rootkits and trying to find any vulnerability or backdoor on their system. Even if the culprit only gained access to your account (less severe than a compromised server) they shouldn't take this lightly.

BillyConnite · 01-12-2006, 05:11 PM

Thanks for your replies everyone.

Originally Posted by virgil

This sounds really strange. I believe your host SHOULD be looking into this, analizing their logs, looking for rootkits and trying to find any vulnerability or backdoor on their system. Even if the culprit only gained access to your account (less severe than a compromised server) they shouldn't take this lightly.

I will definately ask the host now what he can do about it, and what I can do about it also.
????: NamePros.com http://www.namepros.com/showthread.php?t=155885
Thanks all.

01-09-2006, 05:56 PM	#2 (permalink)
jdk Senior Member Join Date: Jul 2004 Location: Florida Posts: 1,496	You can forward to spoof@paypal.com and report them on the FBI website. __________________ All offers are valid for 12 hours unless otherwise stated.

01-10-2006, 08:42 PM	#3 (permalink)
weblord NamePros Legend Join Date: Dec 2005 Location: Philippines - www.Nabaza.com Posts: 19,784	another variation of their spoof links: http://www.paypal.com.us-cgibin-web-....php?cmd=LogIn __________________ Nabaza.com - Amaia

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Can your website be stolen?	-Nick-	Website Development	0	01-06-2006 06:45 AM
Buy one get one FREE	yandig	Domains For Sale - Make Offer	2	02-12-2005 11:02 AM
.........For Sale......For Sale............For Sale.......	johnn	Domains For Sale - Make Offer	0	01-28-2004 06:18 PM
URGENT - PayPal Scam	Matt	Warnings & Alerts	11	11-24-2003 07:54 PM

01-10-2006, 10:02 PM	#4 (permalink)
Virgil NamePros Regular Join Date: May 2004 Posts: 958	This sounds really strange. I believe your host SHOULD be looking into this, analizing their logs, looking for rootkits and trying to find any vulnerability or backdoor on their system. Even if the culprit only gained access to your account (less severe than a compromised server) they shouldn't take this lightly.

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)