Gaspez web post on US company
Moderator: TFF Mods
- Piousman
- Star Player
- Posts: 750
- Joined: Mon Nov 16, 2009 4:01 pm
- Location: Ohio, USA
Re: Gaspez web post on US company
It almost sounds like two separate incidents:
1) the note from Gaspez
2) the fake email from RJ pointing out the note from Gaspez
I think (2) has been addressed. (1) is still unanswered.
The sooner we put this whole incident behind us, the better.
- Piousman
1) the note from Gaspez
2) the fake email from RJ pointing out the note from Gaspez
I think (2) has been addressed. (1) is still unanswered.
The sooner we put this whole incident behind us, the better.
- Piousman
Reason: ''
- Anglachel
- Rookie
- Posts: 33
- Joined: Tue May 19, 2009 11:20 am
Re: Gaspez web post on US company
Has anyone taken the time to check the fake email headers to find the originating IP address??
Finding the source can be as easy as that.
Finding the source can be as easy as that.
Reason: ''
Blitz harder, blitz faster.
I'm Fnord in the Spanish forum, the nick was already taken here :)
I'm Fnord in the Spanish forum, the nick was already taken here :)
- GalakStarscraper
- Godfather of Blood Bowl
- Posts: 15882
- Joined: Tue Jun 26, 2001 12:00 am
- Location: Indiana, USA
- Contact:
Re: Gaspez web post on US company
I agree ... you have two seperate incidents now and your comment of their status.Piousman wrote:It almost sounds like two separate incidents:
1) the note from Gaspez
2) the fake email from RJ pointing out the note from Gaspez
I think (2) has been addressed. (1) is still unanswered.
The sooner we put this whole incident behind us, the better.
- Piousman
Gaspez posting the announcement on their website which is still there (and whose email to me this morning said nothing more than that they were willing to purchase our remaining stock ... but the notice is still up). I know that Fabio's English is not good (a lot better than my Italian though) ... but I was surprised to see no mention at all over the whole incident in his email reply to my asking him what was going on.
The second part of this is someone hacking into RJ's mailing list and sending out a broadcast email that was nothing more than the announcement on Gaspez's website. RJ sent Impact! a written apology that his happened and sent out a retraction so that part is a "nothing to see here folks ... please move along".
I know RJ's retraction says we were not named in the Gaspez post ... this is true. But I cannot find another US online seller of Gaspez figures (and trust me I've Googled a lot last night to try to see if this could be someone else) and we stopped ordering from the in July of this year when they changed their terms ... so I'm 99% sure its Impact! they are discussing on their website. The bigger deal to us was that our customers came to us thinking it was Impact! ... and that is enough to need to get this matter resolved.
Hopefully quickly and then this whole thread can get locked and everyone can go back to the stress of Christmas shopping.
Tom
Reason: ''
Impact! - Fantasy Football miniatures and supplies designed by gamers for gamers
- GalakStarscraper
- Godfather of Blood Bowl
- Posts: 15882
- Joined: Tue Jun 26, 2001 12:00 am
- Location: Indiana, USA
- Contact:
Re: Gaspez web post on US company
Working on it.Anglachel wrote:Has anyone taken the time to check the fake email headers to find the originating IP address??
Finding the source can be as easy as that.
Reason: ''
Impact! - Fantasy Football miniatures and supplies designed by gamers for gamers
- Thadrin
- Moaning Git
- Posts: 8080
- Joined: Mon Jul 30, 2001 12:00 am
- Location: Norsca
- Contact:
Re: Gaspez web post on US company
So, anyone got any idea what I can get my in-laws?GalakStarscraper wrote: everyone can go back to the stress of Christmas shopping.
(no, they don't play Fantasy Football)
Reason: ''
I know a bear that you don't know. * ICEPELT IS MY HERO.
Master bleater. * Not in the clique.
Member of the "3 digit" club.
Master bleater. * Not in the clique.
Member of the "3 digit" club.
-
- Super Star
- Posts: 898
- Joined: Fri Dec 31, 2004 3:23 pm
- Location: Deep in the heart of TEXAS
Re: Gaspez web post on US company
Thank you RJ for looking into this and your fast reply. I also think you note about contacting one another before something like this goes online is good. I think that any grievances should be delt with via email or pm, however, once this stuff hits the net it only makes good sense to try to resolve it quickly and sometimes publicly if someone feels defamed publicly.
There unfortunately have been too many inicences like this lately for all parties involved. Let us hope for more amicable relationships and sales for all so that our favorite hobby can stay strong without the support of an evil Grandmother somewhere in the UK who will remain nameless.
There unfortunately have been too many inicences like this lately for all parties involved. Let us hope for more amicable relationships and sales for all so that our favorite hobby can stay strong without the support of an evil Grandmother somewhere in the UK who will remain nameless.
Reason: ''
-
- Father of TTGN
- Posts: 53
- Joined: Tue Jul 28, 2009 4:05 am
Re: Gaspez web post on US company
What makes you think it was hacked? And if it was hacked why is it that it was hacked to send this email and not spam like most mailing list hacks?rolljordan wrote:1) RJ mailing list was hacked and sent out a notice that was already pubblic on Gaspez website.
If it was hacked can you post some evidence to this effect and perhaps post the IP of the person that posted this hacked email message? Have you contacted the police about this? I am not sure of the laws in Italy but this sort of thing is illegal in most countries that I know of.
It just seems odd that someone would hack the mailing list of one Impact! competitor to send out an email from another Impact! competitor to accuse Impact! of recasting instead of say emails about fake Rolex watches.
Since the only people that appear to have any benefit from this message are Gaspez and RJ I think it really is imperative that RJ provide some proof that this was indeed a hack and not a friend or partner of RJ using the mailing list to send something that has turned out to be an embarrassment to RJ.
What other US retailer does Gaspez have business with? And if it isn't Impact! then why haven't they said so? It would take seconds for them to clear this up and they aren't doing so. Quite clearly as well. I emailed him for more information and he said he couldn't comment.rolljordan wrote:2) What is on Gaspez site doesn't say it is Impact so nothing we can start talking here either. I believe this matter should be solved between Gaspez and who feels this has hurted them.
Theft of IP is indeed a terrible thing and I am glad to see that RJ is talking publicly about this important issue. I look forward to further efforts by RJ to help eliminate the theft of IP in the industry.rolljordan wrote:3) The bad part here is what Gaspez wrote.... doesn't matter if it is Impact, RJ, Cominox or who ever. The problem is that cloning of figures from such small companies will probably force some of them to close. This is such a small market and revenues are so small that any unsold team will hurt.
But if he has collected evidence he isn't presenting it and when emailed directly all he will do is say that he can't comment further. You can't toss out a directed accusation like this and then not back it up.rolljordan wrote:And knowing Fabio if he wrote this he has collected evidence of the facts. So this is a reality not a supposition.
Further, it appears from the post on his website that he doesn't actually have any evidence of this. If he did then why would he be soliciting for it from customers? And appearing to bribe them as well with the promise of Limited Edition figures.
I am really unsure what RJ is attempting to accomplish here. You seem to be wanting to try to distance yourself from the post that was sent via your email list but at the same time you seem to be saying that the accusations are correct and that you think that the people involved are recasting.rolljordan wrote:I will chill down now on who is who, I know that Gaspez has more then one retailer in the US, not only Impact so before pointing fingers I will wait to see the outcome from Gaspez directly. I am sure that he will eventually post here to protect his products and inform the users of who is who.
So what is it? If there is proof of this and an actual company involved then Gaspez needs to provide this proof and name the company. Until such time RJ needs to stop trying to play verbal games and seem as if they are being "good guys" while at the same time repeating the accusations. You can't have it both ways and trying to do so makes you look bad and at worst possibly complicit.
Reason: ''
- Khail
- Emerging Star
- Posts: 462
- Joined: Mon Sep 09, 2002 12:24 am
- Location: Bellingham, WA
- Contact:
Re: Gaspez web post on US company
TGN is on the case!
Hope Gaspez can clear this up - I really like a lot of their miniatures, and was looking forward to ordering more. I KNOW Impact is a stand up organization though, and if this is truly an attack on Tom I would definitely stop supporting Gaspez.
Hope Gaspez can clear this up - I really like a lot of their miniatures, and was looking forward to ordering more. I KNOW Impact is a stand up organization though, and if this is truly an attack on Tom I would definitely stop supporting Gaspez.
Reason: ''
-
- Father of TTGN
- Posts: 53
- Joined: Tue Jul 28, 2009 4:05 am
Re: Gaspez web post on US company
Yes and no. Gaspez is refusing to talk so there isn't really much to investigate. There hasn't been any follow-up to my last email but from what I have read here and from what others have said to me he isn't releasing any details to anyone.Khail wrote:TGN is on the case!
In lieu of actual evidence this has to be dismissed.
Reason: ''
- Majortusk
- Star Player
- Posts: 581
- Joined: Fri Jan 17, 2003 6:58 pm
- Location: Madison, WI
- Contact:
Re: Gaspez web post on US company
Pixelgeek has pretty much summed up my concerns,
majortusk from IMPACT! Forum wrote:a couple of things strike me as very fishy.
Sure a website could be hacked, sure a php workaround could use that web server as a SMTP host. Most web servers already have failsafes in place to prevent this type of issue. A php hack like that would more likely not have access directly to the email list. They would need direct access to the database where they were stored in and be able to coordinate the mass emailing. So we are then looking at someone who would have direct access to the mailing list program. if this is a custom script, that user/hacker would need some knowledge of that script to run that program. if it was not a custom script and just something that was php hacked, why would it be used to announce news from another obscure FF sales website?
Basically I look at our little nitch of the webworld, we are pretty exclusive, there are not many Fantasy football mini sites selling fantasy football minis. Someone who made that post would need the knowledge of RJ's password, knowledge of the FF community, knowledge of the mailing list, and know what kind of damage it could do by making a very specific post like that. With the hacking power that RJ claims someone has, I would be more concerned with the safety of my customers credit card information rather than just a simple apology for a 'errant' mass mailing. A security break is a serious issue, unless that security break was not one in the first place.
Additionally, if a keylogger had captured someones admin password for that site, why would they use the site to send out FF news? Of all the things that can be captured for a keylogger, how would someone who installed it know the community enough to be able to send out this type of damaging mass mailing? How would the hacker know to put that article from another relatively unknown FF site into that newsletter post. A keylogger would capture much more important information, like bank information, WOW passwords, email account information, something that could be used to make money by. A very specific obscure newsletter post by a hacker to an obscure market of people does not say time efficient in my book, let alone make the hacker money. To me, it sounds like an inside job not a hacker.
To me, the damage has been done, the accusation is out. The excuse of hacking seems to me a very flimsy one to stand by.
i apologize for my rambling, but things to me appear rotten.
majortusk from IMPACT! Forum wrote:upon further examination of the headers of the emails sent by RJ, Both emails appear to be legit and originating from the same source which is hosted by the same company that hosts rolljordans website.
Received: from unknown (HELO webs39.aruba.it) (62.149.130.49)
that is the web server rolljordan is hosted at aruba.it
This is the DNS records for rolljordan.com
http://network-tools.com/default.asp?pr ... jordan.com
A record points to
62.149.128.154
and
62.149.128.151
http://network-tools.com/default.asp?pr ... 49.128.154
http://network-tools.com/default.asp?pr ... 49.128.151
both point to aruba.it, the headers are stamped with running through its barracuda spam filter
X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on smtpsmart1.fe.aruba.it
X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on smtpsmart2.fe.aruba.it
Mailings appear to be approx 30-50 mins apart, with the damaging email being sent first. Time stamps reflect this in both areas, (received by mike and received by originating mail server)
Received: via dmail-2010.19 for +; Wed, 1 Dec 2010 17:52:52 -0600 (CST)
Received: from webs39 ([127.0.0.1]) by webs39.aruba.it with Microsoft
SMTPSVC(6.0.3790.4675); Thu, 2 Dec 2010 00:52:46 +0100
Date: Thu, 02 Dec 2010 00:52:46 +0100
Webs39 appears to be the webserver that this email is coming from, and appears to be on the same provider for the server cluster rolljordan is being hosted on.
Both emails appear to be legit and sent from the same source.
Reason: ''
Andy Welton
[url=http://www.bloodbowlcentral.com]Blood Bowl Central[/url]
[url=http://www.bloodbowlcentral.com]Blood Bowl Central[/url]
- Darkson
- Da Spammer
- Posts: 24047
- Joined: Mon Aug 12, 2002 9:04 pm
- Location: The frozen ruins of Felstad
- Contact:
Re: Gaspez web post on US company
I got two emails last night (UK time) - "NEWS from ROLLJORDAN and big discounts for Xmas‏" and "ROLLJORDAN discount update" (which had the following wording - "We have now applied 20% discount to all our products. So no need for refunds or 20% products by email as stated in previous email. Sorry for the confusion.")
I have not received any other email today (and I know I'm on the RJ mailing list). I'm not saying RJ haven't sent it, I'm just saying I haven't received it.
I have not received any other email today (and I know I'm on the RJ mailing list). I'm not saying RJ haven't sent it, I'm just saying I haven't received it.
Reason: ''
Currently an ex-Blood Bowl coach, most likely to be found dying to Armoured Skeletons in the frozen ruins of Felstad, or bleeding into the arena sands of Rome or burning rubber for Mars' entertainment.
- Majortusk
- Star Player
- Posts: 581
- Joined: Fri Jan 17, 2003 6:58 pm
- Location: Madison, WI
- Contact:
Re: Gaspez web post on US company
I wanted to post my proof, i removed the recipients address for privacy sake. Everyone who got these letters can compare the headers and see that they match.
What RJ is trying to say is that someone hacked his newsletter, sent out the notification Gaspez made, then RJ logged in themselves 20 -30 mins later and sent out a legit newsletter. Lots of things in my opinion do not add up. If my site was hacked, I would be more concerned with the safety of my customers information than a fake newsletter that they didnt 'send' but agrees with everything thats said in it.
What RJ is trying to say is that someone hacked his newsletter, sent out the notification Gaspez made, then RJ logged in themselves 20 -30 mins later and sent out a legit newsletter. Lots of things in my opinion do not add up. If my site was hacked, I would be more concerned with the safety of my customers information than a fake newsletter that they didnt 'send' but agrees with everything thats said in it.
Header from RJ email that they say is legit wrote: Received: via dmail-2010.19 for +; Wed, 1 Dec 2010 17:52:52 -0600 (CST)
Return-Path: <me@localhost.com>
Delivered-To: XXXX-- REMOVED --XXXX
Received: (qmail 29244 invoked from network); 1 Dec 2010 17:52:52 -0600
Received: from bcuda-east.data.cc.uic.edu (HELO barracuda.uic.edu)
(192.168.103.32)
by mstore-15.data.cc.uic.edu with SMTP; 1 Dec 2010 17:52:52 -0600
X-ASG-Debug-ID: 1291247571-5277c9780001-22hcAy
Received: from smtpsmart1.aruba.it (smtpweb132.aruba.it [62.149.158.132])
by barracuda.uic.edu with SMTP id frFFzdzeybH05zGR for <XXXX-- REMOVED --XXXX>;
Wed, 01 Dec 2010 17:52:52 -0600 (CST)
X-Barracuda-Envelope-From: me@localhost.com
X-Barracuda-Apparent-Source-IP: 62.149.158.132
Received: (qmail 31004 invoked by uid 89); 1 Dec 2010 23:52:47 -0000
Received: by simscan 1.2.0 ppid: 30881, pid: 30898, t: 1.2216s
scanners: clamav: 0.88.4/m:40/d:1945 spam: 3.1.4
X-Barracuda-BBL-IP: nil
X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on
smtpsmart1.fe.aruba.it
X-Spam-Level:
X-Spam-Status: No, score=0.5 required=5.0
tests=BAYES_00,FORGED_HOTMAIL_RCVD2,
RDNS_NONE,SPF_SOFTFAIL autolearn=disabled version=3.2.5
Received: from unknown (HELO webs39.aruba.it) (62.149.130.49)
by smtpsmart1.fe.aruba.it with SMTP; 1 Dec 2010 23:52:45 -0000
Received: from webs39 ([127.0.0.1]) by webs39.aruba.it with Microsoft
SMTPSVC(6.0.3790.4675);
Thu, 2 Dec 2010 00:52:46 +0100
Date: Thu, 02 Dec 2010 00:52:46 +0100
Subject: ROLLJORDAN discount update
To: XXXX-- REMOVED --XXXX
X-ASG-Orig-Subj: ROLLJORDAN discount update
From: Admin <rolljordan@hotmail.com>
Reply-To: Admin <rolljordan@hotmail.com>
X-Mailer: PHP/5.2.12
X-Priority: 1
Message-ID: <WEBS39h05YFRcmVFOh10000264a@webs39.aruba.it>
X-OriginalArrivalTime: 01 Dec 2010 23:52:46.0812 (UTC)
FILETIME=[DA9D01C0:01CB91B2]
X-Barracuda-Connect: smtpweb132.aruba.it[62.149.158.132]
X-Barracuda-Start-Time: 1291247571
X-Barracuda-URL: http://128.248.155.6:8000/cgi-mod/mark.cgi
X-Virus-Scanned: by bsmtpd at uic.edu
X-Barracuda-Spam-Score: 1.12
X-Barracuda-Spam-Status: No, SCORE=1.12 using per-user scores of
TAG_LEVEL=3.5 QUARANTINE_LEVEL=1000.0 KILL_LEVEL=6.0
tests=FORGED_HOTMAIL_RCVD2
X-Barracuda-Spam-Report: Code version 3.2, rules version 3.2.2.48211
Rule breakdown below
pts rule name description
---- ----------------------
--------------------------------------------------
1.12 FORGED_HOTMAIL_RCVD2 hotmail.com 'From' address, but no 'Received:'
Header from RJ claimed fake email wrote:Received: via dmail-2010.19 for +; Wed, 1 Dec 2010 17:06:32 -0600 (CST)
Return-Path: <me@localhost.com>
Delivered-To: XXXX-- REMOVED --XXXX@mailin94-mailserv.data.cc.uic.edu
Received: (qmail 20925 invoked from network); 1 Dec 2010 17:06:32 -0600
Received: from bcuda-west.data.cc.uic.edu (HELO barracuda.uic.edu)
(192.168.100.222)
by mstore-15.data.cc.uic.edu with SMTP; 1 Dec 2010 17:06:32 -0600
X-ASG-Debug-ID: 1291244791-646a122e0001-22hcAy
Received: from smtpsmart2.aruba.it (smtpweb107.aruba.it [62.149.158.107])
by barracuda.uic.edu with SMTP id SzFCU7aWlA0es1Ae for <XXXX-- REMOVED --XXXX>;
Wed, 01 Dec 2010 17:06:31 -0600 (CST)
X-Barracuda-Envelope-From: me@localhost.com
X-Barracuda-Apparent-Source-IP: 62.149.158.107
Received: (qmail 24390 invoked by uid 89); 1 Dec 2010 23:06:29 -0000
Received: by simscan 1.2.0 ppid: 24169, pid: 24189, t: 1.2501s
scanners: clamav: 0.88.4/m:40/d:1945 spam: 3.1.4
X-Barracuda-BBL-IP: nil
X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on
smtpsmart2.fe.aruba.it
X-Spam-Level:
X-Spam-Status: No, score=0.5 required=5.0
tests=BAYES_00,FORGED_HOTMAIL_RCVD2,
RDNS_NONE,SPF_SOFTFAIL autolearn=disabled version=3.2.5
Received: from unknown (HELO webs39.aruba.it) (62.149.130.49)
by smtpsmart2.fe.aruba.it with SMTP; 1 Dec 2010 23:06:27 -0000
Received: from webs39 ([127.0.0.1]) by webs39.aruba.it with Microsoft
SMTPSVC(6.0.3790.4675);
Thu, 2 Dec 2010 00:06:24 +0100
Date: Thu, 02 Dec 2010 00:06:24 +0100
Subject: NEWS from ROLLJORDAN and big discounts for Xmas‏
To: XXXX-- REMOVED --XXXX
X-ASG-Orig-Subj: NEWS from ROLLJORDAN and big discounts for Xmas‏
From: Admin <rolljordan@hotmail.com>
Reply-To: Admin <rolljordan@hotmail.com>
X-Mailer: PHP/5.2.12
X-Priority: 1
Message-ID: <WEBS39ClmpcQABZTW5k000022d3@webs39.aruba.it>
X-OriginalArrivalTime: 01 Dec 2010 23:06:24.0841 (UTC)
FILETIME=[606DEB90:01CB91AC]
X-Barracuda-Connect: smtpweb107.aruba.it[62.149.158.107]
X-Barracuda-Start-Time: 1291244791
X-Barracuda-URL: http://barracuda.uic.edu:8000/cgi-mod/mark.cgi
X-Virus-Scanned: by bsmtpd at uic.edu
X-Barracuda-Spam-Score: 1.12
X-Barracuda-Spam-Status: No, SCORE=1.12 using per-user scores of
TAG_LEVEL=3.5 QUARANTINE_LEVEL=1000.0 KILL_LEVEL=6.0
tests=FORGED_HOTMAIL_RCVD2
X-Barracuda-Spam-Report: Code version 3.2, rules version 3.2.2.48207
Rule breakdown below
pts rule name description
---- ----------------------
--------------------------------------------------
1.12 FORGED_HOTMAIL_RCVD2 hotmail.com 'From' address, but no 'Received:'
Reason: ''
Andy Welton
[url=http://www.bloodbowlcentral.com]Blood Bowl Central[/url]
[url=http://www.bloodbowlcentral.com]Blood Bowl Central[/url]
- Darkson
- Da Spammer
- Posts: 24047
- Joined: Mon Aug 12, 2002 9:04 pm
- Location: The frozen ruins of Felstad
- Contact:
Re: Gaspez web post on US company
Has anyone else that received the original email received the retraction?
Reason: ''
Currently an ex-Blood Bowl coach, most likely to be found dying to Armoured Skeletons in the frozen ruins of Felstad, or bleeding into the arena sands of Rome or burning rubber for Mars' entertainment.
- howlinggriffon
- Ex-Mega Star, now just a Super Star
- Posts: 1460
- Joined: Wed Dec 03, 2003 7:25 pm
- Location: Chelmsford, Essex (UK)
Re: Gaspez web post on US company
I got the retraction email at 12:50 this afternoon (GMT) - I got the other emails too.
Reason: ''