RE: Redirect of web link to a phishing website

 
From: "mrivner@PROTECTED mrivner@PROTECTED [Dada Mail Developers]" <dadadev@PROTECTED>
In-Reply-To: (no subject)
Date: August 19th 2021

Mary Ann,

 

Thank you.  That is exactly what happened.  When I examined the clickthrough links both in the tables dada_clickthrough_url and dada_clickthrough_url_log I found the malicious links.  I removed all these records even though it seems that the links that were important were in dada_clickthrough_url

 

The redirect_id was the number in the link and the url was the malicious link.  Removing the Mysql records fixed the problem.  Mary Ann without your guidance I would not have found that so I appreciate your answer.

 

Justin,

An outside company (Netcraft)  scanned my website (unsolicited)  and found this link.  Then they reported it to my ISP who shut my site down.

 

Thanks.

Michael

 

 

 

Michael H. Rivner, M.D.

Charbonnier Professor Emeritus of Neurology

Augusta University, Medical College of Georgia

Augusta, Georgia 30912

 

From: dadadev@PROTECTED <dadadev@PROTECTED>
Sent: Wednesday, August 18, 2021 3:05 PM
To: Dada Mail Developers Subscriber <mrivner@PROTECTED>
Subject: Re: [dadadev] Redirect of web link to a phishing website

 

 

From: justin@PROTECTED

So, a message sent by one of your subscribers in a discussion list had that malicious link. To prevent that, you may have to turn on moderation, and just double-check messages, before they’re sent to your entire list. Nothing else seemed… fishy about the message sent out? 

 

Was the message also then archived? Did your host run a scan on your site, and find the malicious link that way? 

 

In the future, I could add a feature that would not apply the Dada Mail redirect to certain URLs - like bit.ly - but that wouldn’t stop the malicious link from being posted. I guess I could also have moderation happen only for, “suspicious” email messages - like ones that have bit.ly links (or other link shorteners, file attachments, or any number of things). 

 

If tracking links isn’t that important to you, you can just disable that feature in the Tracker. In its prefs, select: 

 

 Track Message Clickthroughs:

            [x] Manually, By Tagging Message Links

 

Finally Michael I saw you sent a message that didn’t go through to the list - there was some sort of parsing error, but I’ve got a stack trace (sending those is a new feature in Dada Mail!) - so sorry for contributing finding a bug ;) 

 

-- 


Justin J: Lead Dadaist
url:         
dadamailproject.com
email:    
justin@PROTECTED

twitter:  @dadamail

 

Dada Mail Announcements: 

 

 



On Aug 14, 2021, at 6:17 PM, mrivner@PROTECTED mrivner@PROTECTED [Dada Mail Developers] <dadadev@PROTECTED> wrote:

 

 

From: mrivner@PROTECTED

Hi,

I recently had my websites deactivated because a link on my site:

http://wbad.com/loc/list/dada/mail.cgi/r/listnm/195056493661/6b736baba9e8a49fbf129f   (I changed the name of the domain (wbad.com) and name of the main directory (loc)  and list name (listnm) ).  But as you can see it called the mail.cgi file.

It redirected to an external website 

hxxts://bitly.com/a/warning?hash=   (I removed some of this redirection)

 

Does anyone know what produced this.  Does this indicate an attack on the mail.cgi code—I am not really sure where this code is.  I looked at the mysql database and could not find this.

 

Thanks.

Michael

 

Michael H. Rivner, M.D.

Charbonnier Professor Emeritus of Neurology

Augusta University, Medical College of Georgia

Augusta, Georgia 30912

 

 

 

                                                           

  • This mailing list is a public mailing list - anyone may join or leave, at any time.
  • This mailing list is a group discussion list (unmoderated)
  • Start a new thread, email: dadadev@dadamailproject.com

This is the developer discussion mailing list for Dada Mail.

If you are just looking for support Dada Mail, consult the message boards at:

https://forum.dadamailproject.com

Documentation for Dada Mail:

https://dadamailproject.com/d

Specifically, see the Error FAQ:

https://dadamailproject.com/d/FAQ-errors.pod.html

To post to this list, send a message to:

mailto:dadadev@dadamailproject.com

All subscribers of this list may post to the list itself.

Topics that are welcome:

  • Constructive critiques on the program (I like, "x", but, "y" needs some work - here's an idea on how to make this better...)
  • Bug/Error reports
  • Bug fixes
  • Request For Comments on any changes to the program
  • Help customizing Dada Mail for your own needs
  • Patches
  • Language Translations
  • Support Documentation/Doc editing, FAQ's, etc.
  • Discussion of any changes that you would like to be committed to the next version of Dada Mail -

Dada Mail is on Github:

https://github.com/justingit/dada-mail/

If you would like to fork, branch, send over PRs, open up issues, etc.

Privacy Policy:

This Privacy Policy is for this mailing list, and this mailing list only.

Email addresses collection through this mailing list are used explicitly to work within this email discussion list.

We only collect email addresses through our Closed-Loop Opt-In system.

We don't use your email address for any other purpose.

We won't be sharing your email address with any other entity.

Unsubscription can be done at any time. Please contact us at: justin@dadamailproject.com for any help regarding your subscription, including removal from the mailing list.

All mailing list messages sent from us will include a subscription removal link, which will allow you to remove yourself from this mailing list automatically, and permanently.

All consent to use your email address for any other purpose stated at the time of the mailing list subscription will also be revoked upon mailing list removal.