7) The second method you can use to protect your privacy via a proxy server involves adjusting the settings of your web browser so that you can surf anonymously without having to visit the home page of your proxy each time. To do this you will first need to know the name of your proxy server and the port number it uses. This information can be gleaned from either a public proxy server list or the FAQ referring to a private subscription based service. Once you have the name of the proxy server you wish to use, select 'Internet Options' from the 'Tools' menu of your browser. Now select 'Connections' followed by 'Settings' and tick the 'use a proxy server' check box. To finish the job all you have to do now is enter the name of the server in the 'address' box, the port which it uses in the 'port' box and go forth and surf anonymously.
8) Free, manual proxy servers as advertised on anonymity sites, if you can find one at all, are likely to be highly oversubscribed, and as a result the speed at which they retrieve web pages can deteriorate. In which case you can go in pursuit of a public proxy server list and select an alternative from it, which can then be set up manually. To locate such a list you can investigate sites such as Code:
hxxp://www.proxys4all.com/
9) however, this method isn't problem free either, so before you get too carried away and go jumping on the anonymity bandwagon there are a few things you should be aware of. It's very easy to use proxies to protect your privacy, but often the disadvantages of using them far out weigh the benefits. You see, the problem is that, like the proxy servers provided Rewebber et al, free, public proxies are nearly all over subscribed and so they can slow down web browsing considerably.
> Digging out fast reliable proxy servers is an art form in itself and is a skill which takes considerable practice. You could find a list of public proxy servers and then experiment with each one until you find one that runs at a reasonable speed, but this can be very time consuming and frustrating. Instead, your search would be much more efficient if you got a dedicated program to carry out this task for you. There are literally dozens of proxy seeking programs around which can do just that, and many of them are available as freeware. What these do is scan the internet for public proxy servers. These servers are then tested for speed and anonymity (not all of them are truly anonymous, even if they claim to be!) and once you find one which suits your requirements you can select it as your default proxy with the click of a button.
10) One of the most significant advantages of using an automated tool to locate proxy servers is that you do not have to keep editing your proxy settings manually each time you wish to try out a new one. Instead, what you do is enter 'localhost' or '127.0.0.1' into the 'address' box and '8088' into the 'port' box of your browser's proxy settings menu and then forget about it. All future proxy switching is then orchestrated from within your proxy seeking software, which subsequently relays the information to your browser or whatever type of application you are attempting to make anonymous. For those of you who are curious 'localhost' and the IP address '127.0.0.1' are the names by which every computer on the internet refers to itself.
π¦Here's a good selection of links, which should help you to get started - Code:
hxxp://www.a4proxy.com/ Anonymity 4 Proxy
hxxp://www.helgasoft.com/hiproxy/ Hi Proxy
hxxp://www.proxy-verifier.com/ Proxy Verifier
hxxp://www.photono-software.de/ Stealther.
8) Free, manual proxy servers as advertised on anonymity sites, if you can find one at all, are likely to be highly oversubscribed, and as a result the speed at which they retrieve web pages can deteriorate. In which case you can go in pursuit of a public proxy server list and select an alternative from it, which can then be set up manually. To locate such a list you can investigate sites such as Code:
hxxp://www.proxys4all.com/
9) however, this method isn't problem free either, so before you get too carried away and go jumping on the anonymity bandwagon there are a few things you should be aware of. It's very easy to use proxies to protect your privacy, but often the disadvantages of using them far out weigh the benefits. You see, the problem is that, like the proxy servers provided Rewebber et al, free, public proxies are nearly all over subscribed and so they can slow down web browsing considerably.
> Digging out fast reliable proxy servers is an art form in itself and is a skill which takes considerable practice. You could find a list of public proxy servers and then experiment with each one until you find one that runs at a reasonable speed, but this can be very time consuming and frustrating. Instead, your search would be much more efficient if you got a dedicated program to carry out this task for you. There are literally dozens of proxy seeking programs around which can do just that, and many of them are available as freeware. What these do is scan the internet for public proxy servers. These servers are then tested for speed and anonymity (not all of them are truly anonymous, even if they claim to be!) and once you find one which suits your requirements you can select it as your default proxy with the click of a button.
10) One of the most significant advantages of using an automated tool to locate proxy servers is that you do not have to keep editing your proxy settings manually each time you wish to try out a new one. Instead, what you do is enter 'localhost' or '127.0.0.1' into the 'address' box and '8088' into the 'port' box of your browser's proxy settings menu and then forget about it. All future proxy switching is then orchestrated from within your proxy seeking software, which subsequently relays the information to your browser or whatever type of application you are attempting to make anonymous. For those of you who are curious 'localhost' and the IP address '127.0.0.1' are the names by which every computer on the internet refers to itself.
π¦Here's a good selection of links, which should help you to get started - Code:
hxxp://www.a4proxy.com/ Anonymity 4 Proxy
hxxp://www.helgasoft.com/hiproxy/ Hi Proxy
hxxp://www.proxy-verifier.com/ Proxy Verifier
hxxp://www.photono-software.de/ Stealther.
You may find that even when using these programs you have difficulty finding good proxy servers. It is for this reason that many people choose only to use proxy servers temporarily whilst doing something which may land them in trouble with their ISP, or in a worst case scenario with the law. The most obvious example of a situation in which you would want to cover your tracks is when scanning for public FTP servers and subsequently uploading to them. Most other net activities are unlikely to incur serious consequences so under these circumstances you can safely surf the web without a proxy. If you're really serious about protecting your privacy, however, your best bet is probably to invest in a dedicated, stable proxy such as the ones offered by Code:
hxxp://www.ultimate-anonymity.com/ Ultimate Anonymity
11) These aren't free, but may be worth the expense if you aren't keen on continuously switching proxy servers.
12) Before splashing out though it may be worth checking if your current ISP has a proxy server of its own which you can use. These aren't there to help you to commit cyber crimes and get away with it, they actually have a legitimate purpose as well - otherwise they wouldn't exist. You see, proxy servers were originally designed to help speed up web page loading times.
13) Proxy servers contain a cache of all the web pages which have been requested via the browsers of the people using the proxy. When someone surfs the web using a proxy, the proxy first checks to see if it already has a copy of the web page stored in its cache. If this version of the page is bang up to date, it is sent to your computer and appears in your browser.
14) If the page found in the cache of the proxy server is older than the one stored on the server hosting the page, a new request to the web server is made and the page is updated in the cache of the proxy before being sent to you. Because these servers use very fast internet connections they can retrieve web pages at much greater speeds than you can via your modest home setup. If these servers are located physically nearer to your home than the web host servers you wish to retrieve web pages from, the speed at which you browse the web will be accelerated.
hxxp://www.ultimate-anonymity.com/ Ultimate Anonymity
11) These aren't free, but may be worth the expense if you aren't keen on continuously switching proxy servers.
12) Before splashing out though it may be worth checking if your current ISP has a proxy server of its own which you can use. These aren't there to help you to commit cyber crimes and get away with it, they actually have a legitimate purpose as well - otherwise they wouldn't exist. You see, proxy servers were originally designed to help speed up web page loading times.
13) Proxy servers contain a cache of all the web pages which have been requested via the browsers of the people using the proxy. When someone surfs the web using a proxy, the proxy first checks to see if it already has a copy of the web page stored in its cache. If this version of the page is bang up to date, it is sent to your computer and appears in your browser.
14) If the page found in the cache of the proxy server is older than the one stored on the server hosting the page, a new request to the web server is made and the page is updated in the cache of the proxy before being sent to you. Because these servers use very fast internet connections they can retrieve web pages at much greater speeds than you can via your modest home setup. If these servers are located physically nearer to your home than the web host servers you wish to retrieve web pages from, the speed at which you browse the web will be accelerated.
π¦Anonymity - Cookies :
1) One last important point you need to be aware of before jumping in with both feet is that different programs have to be setup in different ways before being able to make external connections via a proxy server. For example, you can surf the web anonymously by modifying the settings in Internet Explorer or Netscape Navigator as explained earlier in this tutorial, but this will only affect your browser.
2) If you then used Flash FXP to copy a batch of 0-day releases from one FTP server to another, this isn't going to protect you in the slightest. What you have to do is enter the name of the proxy server into each application you wish to make anonymous before making any external connections. This can usually be done by browsing through the preferences of your program to see if there is a 'use proxy server' option available. If there is, make sure you use it!
π¦Cookies:
1) You have little to fear from the edible variety, but the digital ones can be a major threat to your security and privacy. A cookie is a tiny text file (usually less than 1kb in size), which is created and stored on your hard drive whenever you visit a dynamic (or an interactive if you like) web site. These are used to log your personal details so that you can access members only areas of web sites without having to type in a password every time, or to retain your customised settings so that they are available the next time you visit. If you're using a shared computer, anyone who visits the same site that you have previously logged in to can access your accounts.
2) This is particularly worrying if you have entered your credit card details into a form on an e-commerce site. If your browser is set to automatically fill in these details whenever you
return to a previously visited site, this information could be clearly visible - you don't need me to explain the problems this could entail.
3) The solution to this problem is to delete any cookies which contain sensitive data once you have completed your transactions. Your cookies will be stored in a different place depending on which operating system you are using so you will have to use your detective skills to find them.
> As an example, in Windows XP they are located in your 'c:\Documents and Settings\Kylie Minogue\Cookies' directory (that is if your name is Kylie Minogue. Mine isn't in case you're wondering!). If you look in this directory, in some cases it is easy to identify which cookie is associated with which web site, but in other cases it's not so obvious. The cookie which was created when you visited Yahoo.com to check your email may be called kylie minogue@yahoo.txt for example. Unfortunately some cookies refer to the IP address of the site you visited and so look more like kylie minogue@145.147.25.21. These cookies can be selectively deleted one at a time if it's obvious which ones are causing a threat to your security, or you can just wipe out the whole lot in one fell swoop and have them recreated as and when they are required. However, if
you're really struggling to find your cookie jar, you could delete your cookies via your browser's tool bar instead. In Internet Explorer this can be done through the 'Tools' > 'Internet Options' menu items.
4) If all this sounds like too much hassle, you can always find a labour saving program which will be happy to take the job off your hands. These 'cookie crunching' programs allow you to be more selective when editing, viewing and deleting cookies from your system, and some of them will even prevent cookies from being created in the first place. Yes, I know you're hungry for links so I won't deprive you. Have a look here - Code:
> hxxp://www.rbaworld.com/Programs/CookieCruncher/ Cookie
Cruncher
hxxp://www.thelimitsoft.com/ Cookie Crusher
hxxp://www.angove.com/ Cookie Killer
hxxp://www.kburra.com/ Cookie Pal
and
hxxp://www.cookiecentral.com/ Cookie Web Kit.
@UNDERCODEtESTING
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
1) One last important point you need to be aware of before jumping in with both feet is that different programs have to be setup in different ways before being able to make external connections via a proxy server. For example, you can surf the web anonymously by modifying the settings in Internet Explorer or Netscape Navigator as explained earlier in this tutorial, but this will only affect your browser.
2) If you then used Flash FXP to copy a batch of 0-day releases from one FTP server to another, this isn't going to protect you in the slightest. What you have to do is enter the name of the proxy server into each application you wish to make anonymous before making any external connections. This can usually be done by browsing through the preferences of your program to see if there is a 'use proxy server' option available. If there is, make sure you use it!
π¦Cookies:
1) You have little to fear from the edible variety, but the digital ones can be a major threat to your security and privacy. A cookie is a tiny text file (usually less than 1kb in size), which is created and stored on your hard drive whenever you visit a dynamic (or an interactive if you like) web site. These are used to log your personal details so that you can access members only areas of web sites without having to type in a password every time, or to retain your customised settings so that they are available the next time you visit. If you're using a shared computer, anyone who visits the same site that you have previously logged in to can access your accounts.
2) This is particularly worrying if you have entered your credit card details into a form on an e-commerce site. If your browser is set to automatically fill in these details whenever you
return to a previously visited site, this information could be clearly visible - you don't need me to explain the problems this could entail.
3) The solution to this problem is to delete any cookies which contain sensitive data once you have completed your transactions. Your cookies will be stored in a different place depending on which operating system you are using so you will have to use your detective skills to find them.
> As an example, in Windows XP they are located in your 'c:\Documents and Settings\Kylie Minogue\Cookies' directory (that is if your name is Kylie Minogue. Mine isn't in case you're wondering!). If you look in this directory, in some cases it is easy to identify which cookie is associated with which web site, but in other cases it's not so obvious. The cookie which was created when you visited Yahoo.com to check your email may be called kylie minogue@yahoo.txt for example. Unfortunately some cookies refer to the IP address of the site you visited and so look more like kylie minogue@145.147.25.21. These cookies can be selectively deleted one at a time if it's obvious which ones are causing a threat to your security, or you can just wipe out the whole lot in one fell swoop and have them recreated as and when they are required. However, if
you're really struggling to find your cookie jar, you could delete your cookies via your browser's tool bar instead. In Internet Explorer this can be done through the 'Tools' > 'Internet Options' menu items.
4) If all this sounds like too much hassle, you can always find a labour saving program which will be happy to take the job off your hands. These 'cookie crunching' programs allow you to be more selective when editing, viewing and deleting cookies from your system, and some of them will even prevent cookies from being created in the first place. Yes, I know you're hungry for links so I won't deprive you. Have a look here - Code:
> hxxp://www.rbaworld.com/Programs/CookieCruncher/ Cookie
Cruncher
hxxp://www.thelimitsoft.com/ Cookie Crusher
hxxp://www.angove.com/ Cookie Killer
hxxp://www.kburra.com/ Cookie Pal
and
hxxp://www.cookiecentral.com/ Cookie Web Kit.
@UNDERCODEtESTING
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Prem proxies :
twitter.com/undercodenews
45.250.226.48 8080 1 hour ago
3862 ms 21% (96) in India - Pune Transparent -
159.203.19.110 3128 1 hour ago
355 ms 93% (71) ca Canada Transparent -
169.57.157.146 8123 1 hour ago
455 ms 100% (50) br Brazil - SΓ£o Paulo Elite -
167.86.102.12 3129 1 hour ago
1297 ms 97% (55) us United States Transparent -
154.0.12.57 8080 1 hour ago
3616 ms 7% (112) za South Africa - Johannesburg Transparent -
150.107.20.152 8080 1 hour ago
1963 ms 1% (111) in India - Boisar Transparent -
178.63.41.235 9999 1 hour ago
703 ms 75% (85) de Germany Transparent -
163.172.63.172 5836 1 hour ago
2979 ms 29% (85) fr France Transparent -
182.161.38.50 3128 1 hour ago
5016 ms 27% (89) hk Hong Kong Transparent -
165.227.15.78 3128 1 hour ago
1466 ms 75% (63) us United States - Santa Clara Anonymous -
176.115.197.118 8080 1 hour ago
3335 ms 24% (76) ru Russia - Lyubertsy Transparent -
177.75.159.8 8080 1 hour ago
3772 ms 18% (100) br Brazil - Vacaria Transparent -
175.138.164.75 8080 1 hour ago
2418 ms 73% (11) my Malaysia Transparent -
180.183.200.206 8081 1 hour ago
2747 ms 24% (17) th Thailand Elite -
179.191.233.211 8080 1 hour ago
4810 ms 12% (99) br Brazil - Manaus Transparent -
5.196.255.171 3128 1 hour ago
3783 ms 12% (106) fr France Elite -
103.209.194.18 8118 1 hour ago
680 ms 4% (104) nz New Zealand Transparent -
103.119.145.138 8080 1 hour ago
3703 ms 18% (90) id Indonesia - Jakarta Elite -
103.124.90.130 80 1 hour ago
3839 ms 3% (100) id Indonesia Transparent -
104.154.143.77 3128 1 hour ago
1979 ms 72% (83) us United States Anonymous -
103.21.163.81 6666 1 hour ago
4051 ms 19% (105) in India - Surendranagar Elite -
110.232.94.131 8087 1 hour ago
3044 ms 10% (92) id Indonesia - Medan Transparent -
103.60.137.2 4 1 hour ago
3696 ms 4% (101) in India - Chennai Transparent -
103.89.235.98 83 1 hour ago
2836 ms 6% (116) cn China Transparent -
123.7.17.237 8060 1 hour ago
1862 ms 10% (105) cn China Elite -
107.178.6.30 8080 1 hour ago
3452 ms 16% (93) us United States - Stephenville Transparent -
110.49.11.50 8080 1 hour ago
2861 ms 4% (115) th Thailand - Bangkok Transparent -
110.36.200.245 8080 1 hour ago
3686 ms 19% (101) pk Pakistan Transparent -
103.87.48.57 8080 1 hour ago
4275 ms 23% (88) in India Transparent -
110.36.228.168 8080 1 hour ago
4229 ms 4% (107) pk Pakistan - Lahore Transparent -
139.196.120.52 8080 1 hour ago
1618 ms 63% (66) cn China - Hangzhou Elite -
118.97.164.19 8080 1 hour ago
3460 ms 12% (93) id Indonesia - Medan Transparent -
134.175.80.19 3128 1 hour ago
1829 ms 82% (50) Transparent -
119.2.53.146 8080 1 hour ago
3813 ms 16% (83) id Indonesia - Semarang Transparent -
39.106.223.134 80 1 hour ago
2150 ms 69% (60) cn China - Hangzhou Elite -
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Prem proxies :
twitter.com/undercodenews
45.250.226.48 8080 1 hour ago
3862 ms 21% (96) in India - Pune Transparent -
159.203.19.110 3128 1 hour ago
355 ms 93% (71) ca Canada Transparent -
169.57.157.146 8123 1 hour ago
455 ms 100% (50) br Brazil - SΓ£o Paulo Elite -
167.86.102.12 3129 1 hour ago
1297 ms 97% (55) us United States Transparent -
154.0.12.57 8080 1 hour ago
3616 ms 7% (112) za South Africa - Johannesburg Transparent -
150.107.20.152 8080 1 hour ago
1963 ms 1% (111) in India - Boisar Transparent -
178.63.41.235 9999 1 hour ago
703 ms 75% (85) de Germany Transparent -
163.172.63.172 5836 1 hour ago
2979 ms 29% (85) fr France Transparent -
182.161.38.50 3128 1 hour ago
5016 ms 27% (89) hk Hong Kong Transparent -
165.227.15.78 3128 1 hour ago
1466 ms 75% (63) us United States - Santa Clara Anonymous -
176.115.197.118 8080 1 hour ago
3335 ms 24% (76) ru Russia - Lyubertsy Transparent -
177.75.159.8 8080 1 hour ago
3772 ms 18% (100) br Brazil - Vacaria Transparent -
175.138.164.75 8080 1 hour ago
2418 ms 73% (11) my Malaysia Transparent -
180.183.200.206 8081 1 hour ago
2747 ms 24% (17) th Thailand Elite -
179.191.233.211 8080 1 hour ago
4810 ms 12% (99) br Brazil - Manaus Transparent -
5.196.255.171 3128 1 hour ago
3783 ms 12% (106) fr France Elite -
103.209.194.18 8118 1 hour ago
680 ms 4% (104) nz New Zealand Transparent -
103.119.145.138 8080 1 hour ago
3703 ms 18% (90) id Indonesia - Jakarta Elite -
103.124.90.130 80 1 hour ago
3839 ms 3% (100) id Indonesia Transparent -
104.154.143.77 3128 1 hour ago
1979 ms 72% (83) us United States Anonymous -
103.21.163.81 6666 1 hour ago
4051 ms 19% (105) in India - Surendranagar Elite -
110.232.94.131 8087 1 hour ago
3044 ms 10% (92) id Indonesia - Medan Transparent -
103.60.137.2 4 1 hour ago
3696 ms 4% (101) in India - Chennai Transparent -
103.89.235.98 83 1 hour ago
2836 ms 6% (116) cn China Transparent -
123.7.17.237 8060 1 hour ago
1862 ms 10% (105) cn China Elite -
107.178.6.30 8080 1 hour ago
3452 ms 16% (93) us United States - Stephenville Transparent -
110.49.11.50 8080 1 hour ago
2861 ms 4% (115) th Thailand - Bangkok Transparent -
110.36.200.245 8080 1 hour ago
3686 ms 19% (101) pk Pakistan Transparent -
103.87.48.57 8080 1 hour ago
4275 ms 23% (88) in India Transparent -
110.36.228.168 8080 1 hour ago
4229 ms 4% (107) pk Pakistan - Lahore Transparent -
139.196.120.52 8080 1 hour ago
1618 ms 63% (66) cn China - Hangzhou Elite -
118.97.164.19 8080 1 hour ago
3460 ms 12% (93) id Indonesia - Medan Transparent -
134.175.80.19 3128 1 hour ago
1829 ms 82% (50) Transparent -
119.2.53.146 8080 1 hour ago
3813 ms 16% (83) id Indonesia - Semarang Transparent -
39.106.223.134 80 1 hour ago
2150 ms 69% (60) cn China - Hangzhou Elite -
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Backtracking EMAIL Messages
t.me/UndercodeTesting
Tracking email back to its source: Twisted Evil
cause i hate spammers... Evil or Very Mad
Ask most people how they determine who sent them an email message and the response is almost universally, "By the From line." Unfortunately this symptomatic of the current confusion among internet users as to where particular messages come from and who is spreading spam and viruses. The "From" header is little more than a courtesy to the person receiving the message. People spreading spam and viruses are rarely courteous. In short, if there is any question about where a particular email message came from the safe bet is to assume the "From" header is forged.
So how do you determine where a message actually came from? You have to understand how email messages are put together in order to backtrack an email message. SMTP is a text based protocol for transferring messages across the internet. A series of headers are placed in front of the data portion of the message. By examining the headers you can usually backtrack a message to the source network, sometimes the source host. A more detailed essay on reading email headers can be found .
If you are using Outlook or Outlook Express you can view the headers by right clicking on the message and selecting properties or options.
Below are listed the headers of an actual spam message I received. I've changed my email address and the name of my server for obvious reasons. I've also double spaced the headers to make them more readable.
Return-Path: <s359dyxtt@yahoo.com>
X-Original-To: davar@example.com
Delivered-To: davar@example.com
Received: from 12-218-172-108.client.mchsi.com (12-218-172-108.client.mchsi.com [12.218.172.108])
by mailhost.example.com (Postfix) with SMTP id 1F9B8511C7
for <davar@example.com>; Sun, 16 Nov 2003 09:50:37 -0800 (PST)
Received: from (HELO 0udjou) [193.12.169.0] by 12-218-172-108.client.mchsi.com with ESMTP id <536806-74276>; Sun, 16 Nov 2003 19:42:31 +0200
Message-ID: <n5-l067n7z$46-z$-n@eo2.32574>
From: "Maricela Paulson" <s359dyxtt@yahoo.com>
Reply-To: "Maricela Paulson" <s359dyxtt@yahoo.com>
To: davar@example.com
Subject: STOP-PAYING For Your PAY-PER-VIEW, Movie Channels, Mature Channels...isha
Date: Sun, 16 Nov 2003 19:42:31 +0200
X-Mailer: Internet Mail Service (5.5.2650.21)
X-Priority: 3
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="MIMEStream=_0+211404_90873633350646_4032088448"
According to the From header this message is from Maricela Paulson at s359dyxxt@yahoo.com. I could just fire off a message to abuse@yahoo.com, but that would be waste of time. This message didn't come from yahoo's email service.
The header most likely to be useful in determining the actual source of an email message is the Received header. According to the top-most Received header this message was received from the host 12-218-172-108.client.mchsi.com with the ip address of 21.218.172.108 by my server mailhost.example.com. An important item to consider is at what point in the chain does the email system become untrusted? I consider anything beyond my own email server to be an unreliable source of information. Because this header was generated by my email server it is reasonable for me to accept it at face value.
The next Received header (which is chronologically the first) shows the remote email server accepting the message from the host 0udjou with the ip 193.12.169.0. Those of you who know anything about IP will realize that that is not a valid host IP address. In addition, any hostname that ends in client.mchsi.com is unlikely to be an authorized email server. This has every sign of being a cracked client system.
Here's is where we start digging. By default Windows is somewhat lacking in network diagnostic tools; however, you can use the tools at to do your own checking.
davar@nqh9k:[/home/davar] $whois 12.218.172.108
π¦Backtracking EMAIL Messages
t.me/UndercodeTesting
Tracking email back to its source: Twisted Evil
cause i hate spammers... Evil or Very Mad
Ask most people how they determine who sent them an email message and the response is almost universally, "By the From line." Unfortunately this symptomatic of the current confusion among internet users as to where particular messages come from and who is spreading spam and viruses. The "From" header is little more than a courtesy to the person receiving the message. People spreading spam and viruses are rarely courteous. In short, if there is any question about where a particular email message came from the safe bet is to assume the "From" header is forged.
So how do you determine where a message actually came from? You have to understand how email messages are put together in order to backtrack an email message. SMTP is a text based protocol for transferring messages across the internet. A series of headers are placed in front of the data portion of the message. By examining the headers you can usually backtrack a message to the source network, sometimes the source host. A more detailed essay on reading email headers can be found .
If you are using Outlook or Outlook Express you can view the headers by right clicking on the message and selecting properties or options.
Below are listed the headers of an actual spam message I received. I've changed my email address and the name of my server for obvious reasons. I've also double spaced the headers to make them more readable.
Return-Path: <s359dyxtt@yahoo.com>
X-Original-To: davar@example.com
Delivered-To: davar@example.com
Received: from 12-218-172-108.client.mchsi.com (12-218-172-108.client.mchsi.com [12.218.172.108])
by mailhost.example.com (Postfix) with SMTP id 1F9B8511C7
for <davar@example.com>; Sun, 16 Nov 2003 09:50:37 -0800 (PST)
Received: from (HELO 0udjou) [193.12.169.0] by 12-218-172-108.client.mchsi.com with ESMTP id <536806-74276>; Sun, 16 Nov 2003 19:42:31 +0200
Message-ID: <n5-l067n7z$46-z$-n@eo2.32574>
From: "Maricela Paulson" <s359dyxtt@yahoo.com>
Reply-To: "Maricela Paulson" <s359dyxtt@yahoo.com>
To: davar@example.com
Subject: STOP-PAYING For Your PAY-PER-VIEW, Movie Channels, Mature Channels...isha
Date: Sun, 16 Nov 2003 19:42:31 +0200
X-Mailer: Internet Mail Service (5.5.2650.21)
X-Priority: 3
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="MIMEStream=_0+211404_90873633350646_4032088448"
According to the From header this message is from Maricela Paulson at s359dyxxt@yahoo.com. I could just fire off a message to abuse@yahoo.com, but that would be waste of time. This message didn't come from yahoo's email service.
The header most likely to be useful in determining the actual source of an email message is the Received header. According to the top-most Received header this message was received from the host 12-218-172-108.client.mchsi.com with the ip address of 21.218.172.108 by my server mailhost.example.com. An important item to consider is at what point in the chain does the email system become untrusted? I consider anything beyond my own email server to be an unreliable source of information. Because this header was generated by my email server it is reasonable for me to accept it at face value.
The next Received header (which is chronologically the first) shows the remote email server accepting the message from the host 0udjou with the ip 193.12.169.0. Those of you who know anything about IP will realize that that is not a valid host IP address. In addition, any hostname that ends in client.mchsi.com is unlikely to be an authorized email server. This has every sign of being a cracked client system.
Here's is where we start digging. By default Windows is somewhat lacking in network diagnostic tools; however, you can use the tools at to do your own checking.
davar@nqh9k:[/home/davar] $whois 12.218.172.108
AT&T WorldNet Services ATT (NET-12-0-0-0-1)
12.0.0.0 - 12.255.255.255
Mediacom Communications Corp MEDIACOMCC-12-218-168-0-FLANDREAU-MN (NET-12-218-168-0-1)
12.218.168.0 - 12.218.175.255
# ARIN WHOIS database, last updated 2003-12-31 19:15
# Enter ? for additional hints on searching ARIN's WHOIS database.
I can also verify the hostname of the remote server by using nslookup, although in this particular instance, my email server has already provided both the IP address and the hostname.
davar@nqh9k:[/home/davar] $nslookup 12.218.172.108
Server: localhost
Address: 127.0.0.1
Name: 12-218-172-108.client.mchsi.com
Address: 12.218.172.108
Ok, whois shows that Mediacom Communications owns that netblock and nslookup confirms the address to hostname mapping of the remote server,12-218-172-108.client.mchsi.com. If I preface a www in front of the domain name portion and plug that into my web browser, http://www.mchsi.com, I get Mediacom's web site.
There are few things more embarrassing to me than firing off an angry message to someone who is supposedly responsible for a problem, and being wrong. By double checking who owns the remote host's IP address using two different tools (whois and nslookup) I minimize the chance of making myself look like an idiot.
A quick glance at the web site and it appears they are an ISP. Now if I copy the entire message including the headers into a new email message and send it to abuse@mchsi.com with a short message explaining the situation, they may do something about it.
But what about Maricela Paulson? There really is no way to determine who sent a message, the best you can hope for is to find out what host sent it. Even in the case of a PGP signed messages there is no guarantee that one particular person actually pressed the send button. Obviously determining who the actual sender of an email message is much more involved than reading the From header. Hopefully this example may be of some use to other forum regulars.
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
12.0.0.0 - 12.255.255.255
Mediacom Communications Corp MEDIACOMCC-12-218-168-0-FLANDREAU-MN (NET-12-218-168-0-1)
12.218.168.0 - 12.218.175.255
# ARIN WHOIS database, last updated 2003-12-31 19:15
# Enter ? for additional hints on searching ARIN's WHOIS database.
I can also verify the hostname of the remote server by using nslookup, although in this particular instance, my email server has already provided both the IP address and the hostname.
davar@nqh9k:[/home/davar] $nslookup 12.218.172.108
Server: localhost
Address: 127.0.0.1
Name: 12-218-172-108.client.mchsi.com
Address: 12.218.172.108
Ok, whois shows that Mediacom Communications owns that netblock and nslookup confirms the address to hostname mapping of the remote server,12-218-172-108.client.mchsi.com. If I preface a www in front of the domain name portion and plug that into my web browser, http://www.mchsi.com, I get Mediacom's web site.
There are few things more embarrassing to me than firing off an angry message to someone who is supposedly responsible for a problem, and being wrong. By double checking who owns the remote host's IP address using two different tools (whois and nslookup) I minimize the chance of making myself look like an idiot.
A quick glance at the web site and it appears they are an ISP. Now if I copy the entire message including the headers into a new email message and send it to abuse@mchsi.com with a short message explaining the situation, they may do something about it.
But what about Maricela Paulson? There really is no way to determine who sent a message, the best you can hope for is to find out what host sent it. Even in the case of a PGP signed messages there is no guarantee that one particular person actually pressed the send button. Obviously determining who the actual sender of an email message is much more involved than reading the From header. Hopefully this example may be of some use to other forum regulars.
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
Mediacomtoday
Home - Welcome to Mediacom
Home - Welcome to Mediacom - Mediacom's start experience including trending news, entertainment, sports, videos, personalized content, web searches, and much more.
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦This is well written explanation about bandwidth, very useful info.
t.me/UndercodeTesting
π¦BandWidth Explained
1)Most hosting companies offer a variety of bandwidth options in their plans. So exactly what is bandwidth as it relates to web hosting? Put simply, bandwidth is the amount of traffic that is allowed to occur between your web site and the rest of the internet. The amount of bandwidth a hosting company can provide is determined by their network connections, both internal to their data center and external to the public internet.
2) Network Connectivity
The internet, in the most simplest of terms, is a group of millions of computers connected by networks. These connections within the internet can be large or small depending upon the cabling and equipment that is used at a particular internet location. It is the size of each network connection that determines how much bandwidth is available. For example, if you use a DSL connection to connect to the internet, you have 1.54 Mega bits (Mb) of bandwidth. Bandwidth therefore is measured in bits (a single 0 or 1). Bits are grouped in bytes which form words, text, and other information that is transferred between your computer and the internet.
3) If you have a DSL connection to the internet, you have dedicated bandwidth between your computer and your internet provider. But your internet provider may have thousands of DSL connections to their location. All of these connection aggregate at your internet provider who then has their own dedicated connection to the internet (or multiple connections) which is much larger than your single connection. They must have enough bandwidth to serve your computing needs as well as all of their other customers. So while you have a 1.54Mb connection to your internet provider, your internet provider may have a 255Mb connection to the internet so it can accommodate your needs and up to 166 other users (255/1.54).
4) Traffic
A very simple analogy to use to understand bandwidth and traffic is to think of highways and cars. Bandwidth is the number of lanes on the highway and traffic is the number of cars on the highway. If you are the only car on a highway, you can travel very quickly. If you are stuck in the middle of rush hour, you may travel very slowly since all of the lanes are being used up.
Traffic is simply the number of bits that are transferred on network connections. It is easiest to understand traffic using examples. One Gigabyte is 2 to the 30th power (1,073,741,824) bytes. One gigabyte is equal to 1,024 megabytes. To put this in perspective, it takes one byte to store one character. Imagine 100 file cabinets in a building, each of these cabinets holds 1000 folders. Each folder has 100 papers. Each paper contains 100 characters - A GB is all the characters in the building. An MP3 song is about 4MB, the same song in wav format is about 40MB, a full length movie can be 800MB to 1000MB (1000MB = 1GB).
π¦This is well written explanation about bandwidth, very useful info.
t.me/UndercodeTesting
π¦BandWidth Explained
1)Most hosting companies offer a variety of bandwidth options in their plans. So exactly what is bandwidth as it relates to web hosting? Put simply, bandwidth is the amount of traffic that is allowed to occur between your web site and the rest of the internet. The amount of bandwidth a hosting company can provide is determined by their network connections, both internal to their data center and external to the public internet.
2) Network Connectivity
The internet, in the most simplest of terms, is a group of millions of computers connected by networks. These connections within the internet can be large or small depending upon the cabling and equipment that is used at a particular internet location. It is the size of each network connection that determines how much bandwidth is available. For example, if you use a DSL connection to connect to the internet, you have 1.54 Mega bits (Mb) of bandwidth. Bandwidth therefore is measured in bits (a single 0 or 1). Bits are grouped in bytes which form words, text, and other information that is transferred between your computer and the internet.
3) If you have a DSL connection to the internet, you have dedicated bandwidth between your computer and your internet provider. But your internet provider may have thousands of DSL connections to their location. All of these connection aggregate at your internet provider who then has their own dedicated connection to the internet (or multiple connections) which is much larger than your single connection. They must have enough bandwidth to serve your computing needs as well as all of their other customers. So while you have a 1.54Mb connection to your internet provider, your internet provider may have a 255Mb connection to the internet so it can accommodate your needs and up to 166 other users (255/1.54).
4) Traffic
A very simple analogy to use to understand bandwidth and traffic is to think of highways and cars. Bandwidth is the number of lanes on the highway and traffic is the number of cars on the highway. If you are the only car on a highway, you can travel very quickly. If you are stuck in the middle of rush hour, you may travel very slowly since all of the lanes are being used up.
Traffic is simply the number of bits that are transferred on network connections. It is easiest to understand traffic using examples. One Gigabyte is 2 to the 30th power (1,073,741,824) bytes. One gigabyte is equal to 1,024 megabytes. To put this in perspective, it takes one byte to store one character. Imagine 100 file cabinets in a building, each of these cabinets holds 1000 folders. Each folder has 100 papers. Each paper contains 100 characters - A GB is all the characters in the building. An MP3 song is about 4MB, the same song in wav format is about 40MB, a full length movie can be 800MB to 1000MB (1000MB = 1GB).
5)If you were to transfer this MP3 song from a web site to your computer, you would create 4MB of traffic between the web site you are downloading from and your computer. Depending upon the network connection between the web site and the internet, the transfer may occur very quickly, or it could take time if other people are also downloading files at the same time. If, for example, the web site you download from has a 10MB connection to the internet, and you are the only person accessing that web site to download your MP3, your 4MB file will be the only traffic on that web site. However, if three people are all downloading that same MP at the same time, 12MB (3 x 4MB) of traffic has been created. Because in this example, the host only has 10MB of bandwidth, someone will have to wait. The network equipment at the hosting company will cycle through each person downloading the file and transfer a small portion at a time so each person's file transfer can take place, but the transfer for everyone downloading the file will be slower. If 100 people all came to the site and downloaded the MP3 at the same time, the transfers would be extremely slow. If the host wanted to decrease the time it took to download files simultaneously, it could increase the bandwidth of their internet connection (at a cost due to upgrading equipment).
π¦Hosting Bandwidth
In the example above, we discussed traffic in terms of downloading an MP3 file. However, each time you visit a web site, you are creating traffic, because in order to view that web page on your computer, the web page is first downloaded to your computer (between the web site and you) which is then displayed using your browser software (Internet Explorer, Netscape, etc.) . The page itself is simply a file that creates traffic just like the MP3 file in the example above (however, a web page is usually much smaller than a music file).
> A web page may be very small or large depending upon the amount of text and the number and quality of images integrated within the web page. For example, the home page for CNN.com is about 200KB (200 Kilobytes = 200,000 bytes = 1,600,000 bits). This is typically large for a web page. In comparison, Yahoo's home page is about 70KB.
π¦How Much Bandwidth Is Enough?
It depends (don't you hate that answer). But in truth, it does. Since bandwidth is a significant determinant of hosting plan prices, you should take time to determine just how much is right for you. Almost all hosting plans have bandwidth requirements measured in months, so you need to estimate the amount of bandwidth that will be required by your site on a monthly basis
If you do not intend to provide file download capability from your site, the formula for calculating bandwidth is fairly straightforward:
Average Daily Visitors x Average Page Views x Average Page Size x 31 x Fudge Factor
If you intend to allow people to download files from your site, your bandwidth calculation should be:
[(Average Daily Visitors x Average Page Views x Average Page Size) +
(Average Daily File Downloads x Average File Size)] x 31 x Fudge Factor
Let us examine each item in the formula:
Average Daily Visitors - The number of people you expect to visit your site, on average, each day. Depending upon how you market your site, this number could be from 1 to 1,000,000.
Average Page Views - On average, the number of web pages you expect a person to view. If you have 50 web pages in your web site, an average person may only view 5 of those pages each time they visit.
Average Page Size - The average size of your web pages, in Kilobytes (KB). If you have already designed your site, you can calculate this directly.
Average Daily File Downloads - The number of downloads you expect to occur on your site. This is a function of the numbers of visitors and how many times a visitor downloads a file, on average, each day.
Average File Size - Average file size of files that are downloadable from your site. Similar to your web pages, if you already know which files can be downloaded, you can calculate this directly.
Fudge Factor - A number greater than 1. Using 1.5 would be safe, which assumes that your estimate is off by 50%. However, if you were very unsure, you could use 2 or 3 to ensure that your bandwidth requirements are more than met.
Usually, hosting plans offer bandwidth in terms of Gigabytes (GB) per month. This is why our formula takes daily averages and multiplies them by 31.
@undercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
In the example above, we discussed traffic in terms of downloading an MP3 file. However, each time you visit a web site, you are creating traffic, because in order to view that web page on your computer, the web page is first downloaded to your computer (between the web site and you) which is then displayed using your browser software (Internet Explorer, Netscape, etc.) . The page itself is simply a file that creates traffic just like the MP3 file in the example above (however, a web page is usually much smaller than a music file).
> A web page may be very small or large depending upon the amount of text and the number and quality of images integrated within the web page. For example, the home page for CNN.com is about 200KB (200 Kilobytes = 200,000 bytes = 1,600,000 bits). This is typically large for a web page. In comparison, Yahoo's home page is about 70KB.
π¦How Much Bandwidth Is Enough?
It depends (don't you hate that answer). But in truth, it does. Since bandwidth is a significant determinant of hosting plan prices, you should take time to determine just how much is right for you. Almost all hosting plans have bandwidth requirements measured in months, so you need to estimate the amount of bandwidth that will be required by your site on a monthly basis
If you do not intend to provide file download capability from your site, the formula for calculating bandwidth is fairly straightforward:
Average Daily Visitors x Average Page Views x Average Page Size x 31 x Fudge Factor
If you intend to allow people to download files from your site, your bandwidth calculation should be:
[(Average Daily Visitors x Average Page Views x Average Page Size) +
(Average Daily File Downloads x Average File Size)] x 31 x Fudge Factor
Let us examine each item in the formula:
Average Daily Visitors - The number of people you expect to visit your site, on average, each day. Depending upon how you market your site, this number could be from 1 to 1,000,000.
Average Page Views - On average, the number of web pages you expect a person to view. If you have 50 web pages in your web site, an average person may only view 5 of those pages each time they visit.
Average Page Size - The average size of your web pages, in Kilobytes (KB). If you have already designed your site, you can calculate this directly.
Average Daily File Downloads - The number of downloads you expect to occur on your site. This is a function of the numbers of visitors and how many times a visitor downloads a file, on average, each day.
Average File Size - Average file size of files that are downloadable from your site. Similar to your web pages, if you already know which files can be downloaded, you can calculate this directly.
Fudge Factor - A number greater than 1. Using 1.5 would be safe, which assumes that your estimate is off by 50%. However, if you were very unsure, you could use 2 or 3 to ensure that your bandwidth requirements are more than met.
Usually, hosting plans offer bandwidth in terms of Gigabytes (GB) per month. This is why our formula takes daily averages and multiplies them by 31.
@undercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦This is well written explanation about bandwidth, very useful info.