I haven't visited the forum in a few weeks, and I never subscribed to any one of the Linux forums. But for some reason, just a few minutes ago, I got 8 messages about posts in the Linux Networking forum. I clicked the Unsubscribe link in the email and got the message that I am unsubscribed, AND I changed my forum password, but I've received an additional 13 messages since. Clicking the unsubscribe link in the new emails just takes me straight to the Linux Networking forum.

_________________
Kris the Piki Geeker

Now the emails are getting strange. Some refer to me as "kcarahan" while some have no name at all. The dates seem to be skewed (I know my laptop's time/date are correct, just verified), and they are all to "Undisclosed Recipients". I'm suspecting a forum hacking. If any of the admins want me to send in any of the messages, I've saved the most recent batch (20+).

_________________
Kris the Piki Geeker

Also, I'll add that I marked all forums read right before starting this thread, I've been receiving the emails since before marking the forums read, and I'm still getting the emails, all for Linux Networking, but there don't seem to be any new posts, or at least, the new posts are no longer new since I already marked them read.

_________________
Kris the Piki Geeker

Really? Then someone must have been using your account to write all these posts. Very odd. Definitely suspicious.

[quote="hybinet"][quote="Piki"]I haven't visited the forum in a few weeks[/quote]
Really? Then someone must have been using your account to write [url=http://forum.linode.com/search.php?search_author=Piki]all these posts[/url]. Very odd. Definitely suspicious.[/quote]

Very funny...

Yeah, those are my posts, I thought those were a couple weeks ago. Been under a lot of stress lately, so I guess my judgement of time is getting jumbled.

But I know for fact I'm not subscribing to any forums. I don't even know how to do that on phpBB or any other forum software, nor have I ever cared to.

If I did subscribe, it shouldn't be saying "Hello kcarahan!" or "Hello !" on the first line of the email. I've already confirmed it isn't my desktop email client -- I just signed into webmail to confirm it, and it shows the strange oddity there too.

As I already mentioned, I've saved the latest batch of the emails in case they're needed. They seem to have stopped coming in.

_________________
Kris the Piki Geeker

What do the headers look like? That should indicate where they came from...

_________________

/* TODO: need to add signature to posts */

From forums-admin@linode.com Mon Nov 14 12:03:39 2011
Delivered-To: xyz@gmail.com
Received: by 10.52.116.35 with SMTP id jt3cs12956vdb;
        Thu, 17 Nov 2011 16:52:14 -0800 (PST)
Received: by 10.52.72.104 with SMTP id c8mr967535vdv.105.1321577533424;
        Thu, 17 Nov 2011 16:52:13 -0800 (PST)
Return-Path: <forums-admin@linode.com>
[b]Received: from www.youdolinux.com (linuxjutsu.com. [66.228.33.45])
        by mx.google.com with ESMTP id z14si7705416vcv.101.2011.11.17.16.52.13;
        Thu, 17 Nov 2011 16:52:13 -0800 (PST)
Received-SPF: neutral (google.com: 66.228.33.45 is neither permitted nor denied by best guess record for domain of forums-admin@linode.com) client-ip=66.228.33.45;
Authentication-Results: mx.google.com; spf=neutral (google.com: 66.228.33.45 is neither permitted nor denied by best guess record for domain of forums-admin@linode.com) smtp.mail=forums-admin@linode.com[/b]
Received: from www.linode.com (mail.linode.com [67.18.92.99])
   by www.youdolinux.com (Postfix) with ESMTP id 8D49B40FF3
   for <xyz@youdolinux.com>; Mon, 14 Nov 2011 12:03:41 -0500 (EST)
Received: from mail.linode.com (li20-140.members.linode.com [67.18.187.140])
   by www.linode.com (8.13.6/8.9.1) with SMTP id pAEH3dvT008881;
   Mon, 14 Nov 2011 12:03:39 -0500
Subject: Topic Reply Notification for forum "Linux Networking" - constant IO
To: Undisclosed-recipients:;
Reply-to: forums-admin@linode.com
From: forums-admin@linode.com
Message-ID: <623d61344230eeb49316d1781521e76b@forum.linode.com>
MIME-Version: 1.0
Content-type: text/plain;
  charset=iso-8859-1
Content-transfer-encoding: 8bit
Date: Mon, 14 Nov 2011 12:03:39 -0500
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: PHP
X-MimeOLE: Produced By phpBB2
X-UID: 595
X-Length: 2246
Status: R
X-Status: NC
X-KMail-EncryptionState:  
X-KMail-SignatureState:  
X-KMail-MDN-Sent:  

Hello !

Ericson578 has posted a new reply to "constant IO" in the "Linux Networking" forum. You can use the following link to view the replies made:

http://forum.linode.com/viewtopic.php?p=45830#45830

You are receiving this email because you are watching the forum, "Linux Networking" at Linode Forum. If you no longer wish to watch this forum you can either click the "Stop watching this forum link" found at the bottom of the "Linux Networking" forum, or by clicking the following link:

http://forum.linode.com/viewforum.php?f=19&unwatch=forum

-- 
Thanks, The Linode.com Team

Both linuxjutsu.com and youdolinux.com are owned by me and hosted on my Linode. I have a mail server for youdolinux.com hosted on my Linode, and I have it setup to forward to my Gmail. I think that should explain the references to Google/youdolinux, though I don't know why it's pulling in linuxjutsu because the only reference to it on my entire Linode is in nginx. No references at all in postfix/dovecot, the linuxjutsu DNS records are with my domain registrar, and my Linode's hostname is set to it's default. Also, my iptables only allow ssh through an alternate port, http, ftp (outbound requests only for apt-get), and secure imap/smtp. Unless I've got someone telnet'ing into port 587 and tricking my server into sending via linuxjutsu.com, I doubt that would be my problem.

EDIT: I forgot to mention, I masked my gmail and youdolinux email addresses, they are the xyz@gmail.com and xyz@youdolinux.com. Don't want anybody sending unsolicited emails, nor anybody mistaking them as someone else's addresses

_________________
Kris the Piki Geeker

Note the ~3 day gap in time between when Linode generated the message and when it transitioned from www.youdolinux.com to google's servers. Looks like it got stuck for several days on your system.

Perhaps you accidentally got subscribed to a thread (it's not that hard to accidentally check the box), and even though you eventually unsubscribed there was already bunch of messages sitting in a queue on your youdolinux system from each of a number of prior posts to the thread. So the stuff you kept getting today had been already sent several days ago.

-- David

The details I've mentioned so far (strange or missing name, and pulling in my other domain when postfix/dovecot shouldn't know about it) it seem way too suspicious for that. Plus, the checkbox on the post screen is only for a single thread, not for the entire forum to which the the messages refer. It's possible the messages got hung up in my system, but that's

Just to be thorough, here's a paste of an email that mentions "kcarahan" (including the headers), since the other email was a no-name one:
[code]From forums-admin@linode.com Sat Nov 12 21:13:42 2011
Delivered-To: xyz@gmail.com
Received: by 10.52.116.35 with SMTP id jt3cs12885vdb;
Thu, 17 Nov 2011 16:42:14 -0800 (PST)
Received: by 10.52.19.177 with SMTP id g17mr987222vde.107.1321576933889;
Thu, 17 Nov 2011 16:42:13 -0800 (PST)
Return-Path: <forums-admin@linode.com>
Received: from www.youdolinux.com (linuxjutsu.com. [66.228.33.45])
by mx.google.com with ESMTP id z14si7692921vcv.205.2011.11.17.16.42.13;
Thu, 17 Nov 2011 16:42:13 -0800 (PST)
Received-SPF: neutral (google.com: 66.228.33.45 is neither permitted nor denied by best guess record for domain of forums-admin@linode.com) client-ip=66.228.33.45;
Authentication-Results: mx.google.com; spf=neutral (google.com: 66.228.33.45 is neither permitted nor denied by best guess record for domain of forums-admin@linode.com) smtp.mail=forums-admin@linode.com
Received: from www.linode.com (mail.linode.com [67.18.92.99])
by www.youdolinux.com (Postfix) with ESMTP id D71C540FE4
for <xyz@youdolinux.com>; Sat, 12 Nov 2011 21:13:46 -0500 (EST)
Received: from mail.linode.com (li20-140.members.linode.com [67.18.187.140])
by www.linode.com (8.13.6/8.9.1) with SMTP id pAD2Dg3P012864;
Sat, 12 Nov 2011 21:13:42 -0500
Subject: New Topic Notification for forum "Linux Networking" - netstat output question
To: Undisclosed-recipients:;
Reply-to: forums-admin@linode.com
From: forums-admin@linode.com
Message-ID: <635db1ac5f395e9166c64fdefefe4fc2@forum.linode.com>
MIME-Version: 1.0
Content-type: text/plain;
charset=iso-8859-1
Content-transfer-encoding: 8bit
Date: Sat, 12 Nov 2011 21:13:42 -0500
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: PHP
X-MimeOLE: Produced By phpBB2
X-UID: 591
X-Length: 2290
Status: R
X-Status: NC
X-KMail-EncryptionState:
X-KMail-SignatureState:
X-KMail-MDN-Sent:

Hello kcarahan!

Ericson578 has posted a new topic called "netstat output question" in the "Linux Networking" forum at Linode Forum. You can use the following link to view the topic:

viewtopic.php?p=45784#45784

You are receiving this email because you are watching the forum, "Linux Networking" at Linode Forum. If you no longer wish to watch this forum you can either click the "Stop watching this forum link" found at the bottom of the "Linux Networking" forum, or by clicking the following link:

viewforum.php?f=19&unwatch=forum

--
Thanks, The Linode.com Team[/code]

Just at a quick glance, it appears only the dates and message IDs changed.

_________________
Kris the Piki Geeker

Reverse DNS.

[root@server:~] host youdolinux.com
youdolinux.com has address 66.228.33.45
[root@server:~] host 66.228.33.45
45.33.228.66.in-addr.arpa domain name pointer linuxjutsu.com.

_________________
sleddog

Well, accidentally following a forum isn't that hard either (it's just a link near the bottom of the page when viewing the forum). Similar to the last, this message was stuck for a while on your system (even longer at almost 5 days this time), so again you could have a whole slew of pent up notifications that you didn't know about before you finally unsubscribed. My guess is something got fixed recently that ended up flushing out your outgoing queue.

Can't necessarily address the kcarahan bit, but I'd assume if anyone else was getting a lot of unsolicited notifications that they'd have posted by now. I hesitate to even wonder, since I presume you wouldn't have brought it up otherwise, but is there no chance you had "kcarahan" at any point involved with your forum registration, even if you later edited it out, say at some point after 11/12?

Otherwise, I'm probably out of ideas, but hopefully if anyone else encounters anything similar they'll post here.

-- David

Ah, right... I changed it to linuxjutsu awhile back, completely forgot about that one.



I didn't even notice the link at the bottom.

No reboots recently or dist-upgrades at least since I was here last (unless my Linode crashed recently and got rebooted by the Lassie thing).



"kcarahan" doesn't look remotely familiar. Plus, I didn't have my youdolinux.com email until after I was already registered, I setup postfix after and then changed my email address on the forum.

_________________
Kris the Piki Geeker

The "undisclosed recipients" can be easily explained if forum notifications are sent with all recipients in the BCC field. This prevents recipients from seeing the e-mail address of others who are also subscribed to the same thread, which is good from a privacy point of view.

Both notices seem to have been generated when Ericson578 posted in the Networking forum. Did other emails also mention the same username? If so, that could be one clue in this detective game...

It could also be a bug in phpBB. Ever tried clicking "Memberlist" in this forum and attempt to sort by any column? The code that deals with the user database is completely bonkers. I wouldn't be surprised if this made notifications to go to the wrong user. Apparently, there have been instances in another site where PMs went to the wrong user.

Some of them were from him, not all of them.



Possible. It's very likely that phpBB was modified by Linode. I used to run phpBB2 on a forum awhile back, before phpBB3 was released, never had the memberlist bug.

_________________
Kris the Piki Geeker

Dude, you ok? I'm half-joking, half-serious, but did you hit your head or something and just.... forgot stuff? Checked your Id or driver's license? Maybe YOU are the kcarahan?