Ram Rebel Forum banner

1 - 4 of 4 Posts

·
Registered
Joined
·
1,423 Posts
Discussion Starter #1
I just got this notice by email, from actual address "[email protected]"

It says my password was reset by the forum admin. It gave me a new password, which I sanitized from the message body I've included below. Within 5 minutes, I logged into this forum using my normal password. I'm intensely and highly suspicious of "password resets" that I did NOT request.

Below the text of the message is the header, also sanitized of personal info. I'm also reporting this message to the abuse addresses listed in the header itself.

Regards,
-johnj


----------------------------------------------------------------------------
Dear johnj,

Your password has been reset by an administrator. Your new details are as follows:

Username: johnj
Password:

To change your password, please visit this page: http://www.ramrebelforum.com/forum/profile.php?do=editpassword

If you suspect this email is a scam, you can confirm the legitimacy of this email by manually navigate to the forum URL yourself and use your new password to log in.

All the best,
Ram Rebel Forum


----------------------------------------------------------------------------

Return-Path: <[email protected]mandrillapp.com>
Received: from compute1.internal (compute1.nyi.internal [10.202.2.41])
by sloti31d1t11 (Cyrus 3.0.0-beta2-git-fastmail-13513) with LMTPA;
Fri, 17 Jun 2016 10:40:23 -0400
X-Cyrus-Session-Id: sloti31d1t11-2853583-1466174423-1-4809698450092102044
X-Sieve: CMU Sieve 2.4
X-Spam-known-sender: no
X-Spam-score: 0.0
X-Spam-hits: BAYES_40 -0.001, RCVD_IN_DNSWL_NONE -0.0001, RP_MATCHES_RCVD -0.001,
SPF_HELO_PASS -0.001, SPF_PASS -0.001, LANGUAGES en, BAYES_USED global,
SA_VERSION 3.3.2
X-Spam-source: IP='198.2.180.1', Host='mail180-1.suw31.mandrillapp.com', Country='US',
FromHeader='com', MailFrom='com'
X-Spam-charsets: plain='utf-8'
X-Resolved-to: xxxxxxxxxxxxxxxxxxxxxxxxxx
X-Delivered-to: xxxxxxxxxxxxxxxxxxxxxxxxxx
X-Mail-from: [email protected]mandrillapp.com
Received: from mx3 ([10.202.2.202])
by compute1.internal (LMTPProxy); Fri, 17 Jun 2016 10:40:23 -0400
Received: from mx3.messagingengine.com (localhost [127.0.0.1])
by mailmx.nyi.internal (Postfix) with ESMTP id 4042336523
for <xxxxxxxxxxxxxxxxxxxxxxxxxx>; Fri, 17 Jun 2016 10:40:23 -0400 (EDT)
Received: from mx3.messagingengine.com (localhost [127.0.0.1])
by mx3.messagingengine.com (Authentication Milter) with ESMTP
id 7C90F707DE1;
Fri, 17 Jun 2016 10:40:23 -0400
Authentication-Results: mx3.messagingengine.com;
dkim=pass (1024-bit rsa key) header.d=mandrillapp.com [email protected] header.b=kVog/zYS;
dkim=pass (1024-bit rsa key) header.d=vsobr.com [email protected] header.b=eMnJ0qNZ;
dmarc=none (p=none) header.from=vsobr.com;
spf=pass smtp.mailfrom=[email protected]mandrillapp.com smtp.helo=mail180-1.suw31.mandrillapp.com
Received-SPF: pass
(mandrillapp.com: Sender is authorized to use '[email protected]mandrillapp.com' in 'mfrom' identity (mechanism 'include:spf.mandrillapp.com' matched))
receiver=mx3.messagingengine.com;
identity=mailfrom;
envelope-from="[email protected]mandrillapp.com";
helo=mail180-1.suw31.mandrillapp.com;
client-ip=198.2.180.1
Received: from mail180-1.suw31.mandrillapp.com (mail180-1.suw31.mandrillapp.com [198.2.180.1])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by mx3.messagingengine.com (Postfix) with ESMTPS
for <xxxxxxxxxxxxxxxxxxxxxxxxxx>; Fri, 17 Jun 2016 10:40:22 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=mandrill; d=vsobr.com;
h=From:Subject:To:Message-Id:Date:MIME-Version:Content-Type:Content-Transfer-Encoding; [email protected];
bh=w7WAretUBIoQld4Ms/R6+tNoqjk=;
b=eMnJ0qNZR4U3J/y1Rr+rHLmYzVbfeWqX9oYTWlvnCHTR5qNfIXmbSCZSSJ+wEu6qWuWsL8keNGuz
XflBWCe9F1d1b6tQsJWzSZqNjfcCdx1tK+rOsGi7+w//i/AD0O31EGJB6Y9Vgdde0LiRmuJeNqxz
PVGlznSLtlORsQ7m2uo=
Received: from pmta03.mandrill.prod.suw01.rsglab.com (127.0.0.1) by mail180-1.suw31.mandrillapp.com id hcg5tc22sc09 for <[email protected]>; Fri, 17 Jun 2016 14:40:21 +0000 (envelope-from <[email protected]mandrillapp.com>)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mandrillapp.com;
[email protected]; q=dns/txt; s=mandrill; t=1466174412; h=From :
Subject : To : Message-Id : Date : MIME-Version : Content-Type :
Content-Transfer-Encoding : From : Subject : Date : X-Mandrill-User :
List-Unsubscribe; bh=aGAer+AxzLcqHDRaPvgtdYCP6ap6chj5tytSWPfb7aY=;
b=kVog/zYSJnTfc6XHmXv3H+N/69DOYBvZvY28IvN7MPt9K5c5uzljc/Bt/evsX761BCtcXk
3IaWlyLOF2ntgTQA4QARjdwI7ZOuBitXypbfzqgeUxKlH2UIpRjQlKNBXNSi3t5KOMi0Ojiy
8dUdDze5hdvsbUTIGkZUcBo3OnJJM=
From: Ram Rebel Forum <[email protected]>
Subject: Your new password for Ram Rebel Forum
Received: from [208.43.63.73] by mandrillapp.com id 9b4d08cfebba42ba8b4e75e65098c340; Fri, 17 Jun 2016 14:40:12 +0000
X-Php-Originating-Script: 0:class_mail.php
X-Priority: 3
X-Mailer: vBulletin Mail via PHP
To: <xxxxxxxxxxxxxxxxxxxxxxxxxx>
Auto-Submitted: auto-generated
Message-Id: <[email protected]_unknown.unknown>
X-Report-Abuse: Please forward a copy of this message, including all headers, to [email protected]
X-Report-Abuse: You can also report abuse here: Abuse | Mandrill
X-Mandrill-User: md_30133740
Date: Fri, 17 Jun 2016 14:40:12 +0000
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
 

·
Registered
Joined
·
109 Posts
wrong forum, the password reset was for the other ram rebel forum, if you type in the url of it in here they have bot that changes it over to their domain name, so I cant tell you the name of that other forum, but you know what I mean. Check the stickies at it and there is a message explaining the reset.
 

·
Registered
Joined
·
1,423 Posts
Discussion Starter #3
Well aware. I sent the same info to the forum admins there. But I thought I'd share it here because other people here also use that forum. Guess I should have done more than just copy/past when I posted here.
 

·
Registered
Joined
·
1,423 Posts
Discussion Starter #4
I also note that my message is actually extra confusing because this stupid forum software changed all the "ram rebel forum dot com" entries to ramrebel.org when I posted it. So in the email addresses and the forum addresses, they're all pointing to this site now. Too bad the software is so buggy.
 
1 - 4 of 4 Posts
Top