My Hackers redirect page
You have come to this page because you have received E-mails that show as from @Lighthorse-scavenger.org.
There is a real problem with the hackers using my E-mail address and my web site E-mail. This is refered to as SPOOFING where the return address of an E-mail is not your own.
This has caused me to be blocked from most servers on the Internet so I have not used that E-mail address for over a year.
What I have done is actively pursued the BotNet servers that are sending out spam.
What the Hell is a BotNet?
That is a network of computers that have been taken over by hackers because people do not use anti-virus software or fail to update it. Those free download Anti-virus software do not work and often are run by the hackers themselves. Those web sites often just put the hackers software onto you computer.
Here is how to figure out where the actual E-mail comes from. Anyone can create an E-mail and make it look like it came from someplace else including making it look like it came from the President of the US. That is easy to do but it is next to impossible to block out the info needed to see the IP address of the PC that sent it.
Seeing as Outlook and Outlook express are still the most popular E-mails I will use them to show how to find the source of this E-mail. When you get a spam message click on FILE and then PROPERTIES. At the top will be two tabs. Click on the one that says DETAILS then at the bottom right will be MESSAGE SOURCE. This will open another box and now you click on the upper right Tab to expand the section to cover you entire screen.
What you now see is all of the information that is a complete E-mail along with all the routing info plus all the HTML info broken out.
In the first three lines you will see the RETURN PATH then the next line is X ORIGINAL TO and the third line says DELIVERED TO. Now all of those you can easily manipulate to produce whatever you want a person to see including the supposed person it was sent from.
What counts is about the source IP address. That is usually in the 2nd line down from a line that may say RECEIVED FROM MAIL7.MDX.SAFEPAGES or another mail server. You will see a set of numbers that have a bracket around them [190.253.154.44] is an example of one that I already had to chase.
Now highlight that number and do a CTRL C which means you are copying it to a clipboard. Now go onto the Internet to one of the regional Internet address registries such as the Latin America one LANIC which is at http://www.lacnic.net/en/index.html . There is several of these that cover all the geographic areas of the world.
Now click on that link and somewhere on the web page will be a box with a description of WHOIS. That is a universal term for a way to lookup any web site via either the ISP number or the web site name. It gives you the actual source of the E-mail message.
Now in the case of http://www.lacnic.net/en/index.html On the right hand side about a third of the way down is a box with WHOIS SEARCH right under it. I place my cursor in that box and then do a CTRL V which means the same as paste and it inserts that ISP number. 190.253.154.44
Now in this case that number is in fact under the control of the Latin America Registry. It shows as
Joint Whois - whois.lacnic.net % This server accepts single ASN, IPv4 or IPv6 queries % LACNIC resource: whois.lacnic.net % Copyright LACNIC lacnic.net % The data below is provided for information purposes % and to assist persons in obtaining information about or % related to AS and IP numbers registrations %
By submitting a whois query, you agree to use this data % only for lawful purposes. % 2009-07-01 22:45:09 (BRT -03:00) inetnum: 190.252/14 status: allocated owner: COLOMBIA TELECOMUNICACIONES S.A. ESP
ownerid: CO-CTSE-LACNIC responsible: Administradores Internet address: Transversal, 49, 105-84 address: N - BOGOTA - country: CO phone: +57 1 5935399 [1539]
owner-c: JRJ tech-c: JRJ abuse-c: JRJ inetrev: 190.252/14 nserver: DNS5.TELECOM.COM.CO nsstat: 20090629 AA nslastaa: 20090629
nserver: DNS.TELECOM.COM.CO nsstat: 20090629 QREFUSED nslastaa: 20090623 created: 20080422 changed: 20080422 nic-hdl: JRJ person: Jairo Rojas Jurado e-mail: jairo.rojas@TELECOM.NET.CO
address: Trv 60, 114A, 55 address: 1 - Bogotá, D.C. - Cu country: CO phone: +57 1 5935399 [3303] created: 20050603 changed: 20090205 % whois.lacnic.net accepts only direct match queries. % Types of queries are: POCs, ownerid, CIDR blocks, IP % and AS numbers.
Buried in the middle of the info is the actual ISP info for the PC that sent the message. Scan through the info and usually they will provide an E-mail address to send reports about SPAM or ABUSE. I just highlight it and do a CTRL C to copy it. I then send an E-mail to that web site and send the MESSAGE SOURCE version of the offending E-mail to them so they get all of the info. If the info from the lookup does not show the place to send abuse calls to then do a highlight of the @TELECOM.NET.CO or whatever that persons e-mail address is. Just put in ABUSE in front of that and send the e-mail to them. I now have a list of almost 300 E-mails that I sent out before I finally stopped doing it because after I send out a bunch of E-mails they stop SPOOFING my web site E-mail. That lasts about 3 months and then they bomb the internet with mass mailings and my E-mails get shut down again. In virtually all of the messages you can scan through the entire message and somewhere in there will be a bogus link that shows as A HREF and that is an imbedded link.
What you often see in that link it goes to a .CN link which is the hackers in China. The trouble is because you don't normally look at messages this way you are often clicking on a link that says you can unsubscribe from this E-mail message by clicking there. A favorite target is an Email message that says it is from Microsoft and you can unsubscribe from them by clicking there. Instead you connect to a web site that looks like a Microsoft web site that asks for all sorts of private info. The end result is you now have opened yourself to identity theft.