Page 103 of 127 FirstFirst ... 35393101102103104105113 ... LastLast
Results 1,021 to 1,030 of 1263

Thread: Aussie Feeders

  1. #1021
    Team FR24 Olov's Avatar
    Join Date
    Feb 2010
    Location
    Stockholm, Sweden
    Posts
    197
    We have eleven confirmed FR24-exclusive email addresses (users that created specific email addresses for their FR24-accounts) that have received spam recently.
    All eleven accounts were registered more than a year ago.

    We have checked all our servers over and over again, all logs and everything else we could think of. So far no sign of intrusion in any of our servers.

    Since we do not share customer data with any third parties, we take this matter very seriously.

  2. #1022
    First officer
    Join Date
    Feb 2014
    Location
    Wagga Wagga
    Posts
    231
    Quote Originally Posted by Ressy View Post
    Just a word of warning in case you have not followed other threads, some of us are seeing spam to fr24 specific not used elsewhere or in public email addresses so it seems flightradar24 has had its systems compromised.
    Haven't had any spam with the address I use. Could be a number of ways it has happened without a server being compromised.
    F-YSWG1 and T-YSWG2

  3. #1023
    First officer
    Join Date
    Feb 2014
    Location
    Wagga Wagga
    Posts
    231
    Quote Originally Posted by nomad77 View Post
    Significant number of Tamworth CT4B's now ADSB equipped with some unusual C/S. Does anyone know what these are:

    HARR
    CHLE
    CHCK

    ROLR I assume is RAAF as the CT4's used to use it in RAAF service

    Any thoughts


    These are just guesses, need to get an airband radio.

    HARR - Harry?
    CHLE - Charlie or Charles?
    CHCK - Chuck?

    ROLR is Roller
    Last edited by YSWG; 2016-02-10 at 09:00.
    F-YSWG1 and T-YSWG2

  4. #1024
    Passenger
    Join Date
    Oct 2014
    Posts
    8
    Quote Originally Posted by Olov View Post
    We have eleven confirmed FR24-exclusive email addresses (users that created specific email addresses for their FR24-accounts) that have received spam recently.
    All eleven accounts were registered more than a year ago.

    We have checked all our servers over and over again, all logs and everything else we could think of. So far no sign of intrusion in any of our servers.

    Since we do not share customer data with any third parties, we take this matter very seriously.
    I too got 3 spam mails to my unique email address in the last 3 days (wrote about it here: http://forum.flightradar24.com/threa...-FlightRadar24). They are not personalised and pretend to come from DHL. Inside seems to be malware written in JavaScript. I wrote down my login credentials on 30.10.2014 so it seems to be in the same time range.

    Olov, can I send you the 3 emails in a password protected ZIP file via PM, if it helps you somehow?
    Last edited by StanE; 2016-02-10 at 21:21.

  5. #1025
    Passenger
    Join Date
    Oct 2014
    Posts
    8
    PS: I de-obfuscated the JavaScript malware payload and can confirm, that it is indeed a downloader, which downloads a windows executeable to your system...

    Here are the VirusTotal scanning results: https://www.virustotal.com/en/file/c...is/1455138279/

    Based on the few name matches, it seems to be one of those stupid malware, which encrypts your system, so you have to pay money for decryption (just guessing...).

  6. #1026
    First officer
    Join Date
    Mar 2014
    Location
    T-YBBN30
    Posts
    233
    Quote Originally Posted by StanE View Post
    PS: I de-obfuscated the JavaScript malware payload and can confirm, that it is indeed a downloader, which downloads a windows executeable to your system...

    Here are the VirusTotal scanning results: https://www.virustotal.com/en/file/c...is/1455138279/

    Based on the few name matches, it seems to be one of those stupid malware, which encrypts your system, so you have to pay money for decryption (just guessing...).
    spamassassin has caught all of these anyway - but trying to install a windaz executable on my linux desktops/laptops (I do not use windaz - period) wont get them far


    Easy enough to stop everything destined to that address except from fr24 at MTA stage now with milter-regex

  7. #1027
    Team FR24 Olov's Avatar
    Join Date
    Feb 2010
    Location
    Stockholm, Sweden
    Posts
    197
    Quote Originally Posted by StanE View Post
    Olov, can I send you the 3 emails in a password protected ZIP file via PM, if it helps you somehow?
    Thats OK, we already have them.

    Still haven't found any signs of intrusion in any of our servers, and all users with fr24 exclusive email addresses that received spam registered 12 months+ ago.

    We have one theory involving a confirmed security breach at our email provider around that time, but it is very difficult to confirm it 100%. Still working on it!

  8. #1028
    Passenger mbirth's Avatar
    Join Date
    Oct 2015
    Location
    Berlin, Germany
    Posts
    4
    Quote Originally Posted by Olov View Post
    We have one theory involving a confirmed security breach at our email provider around that time, but it is very difficult to confirm it 100%. Still working on it!
    Did you already rule out Tapatalk as a possible intrusion vector?
    T-EDDI15RasPi2 + RTL2838 USB dongle + stock antenna

  9. #1029
    Passenger
    Join Date
    Oct 2014
    Posts
    8
    Thank you for this info. Can you say something about similarities (except the time range)? I'm from Germany, use the local client Thunderbird, email address is not from a "public" email server, but from my own domain of my hosting provider all-inkl.com, Emails are downloaded locally and do not reside online. Also, my email address begins with fr24@... (I saw that at least one another affected user here seems to use exactly the same email prefix too).

  10. #1030
    Team FR24 Olov's Avatar
    Join Date
    Feb 2010
    Location
    Stockholm, Sweden
    Posts
    197
    Quote Originally Posted by StanE View Post
    Thank you for this info. Can you say something about similarities (except the time range)? I'm from Germany, use the local client Thunderbird, email address is not from a "public" email server, but from my own domain of my hosting provider all-inkl.com, Emails are downloaded locally and do not reside online. Also, my email address begins with fr24@... (I saw that at least one another affected user here seems to use exactly the same email prefix too).
    Basically all we have at this point is the time range.

    It is likely that only users with Flightradar24-specific email addresses would report this issue to us, the rest would never know the source that leaked their email address.
    It is also likely that a fair share of the users with Flightradar24-specific emails has choose to name them fr24, flightradar24, radar24 and so on.

    Did you report this to support btw? We are interested in all users with Flightradar24 specific email addresses that received spam to report this.. to be able to narrow down the time period even more.

    Thanks
    Olov

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •