Gaspez web post on US company

[Piousman]

It almost sounds like two separate incidents:

1) the note from Gaspez
2) the fake email from RJ pointing out the note from Gaspez

I think (2) has been addressed. (1) is still unanswered.

The sooner we put this whole incident behind us, the better.
- Piousman

[Anglachel]

Has anyone taken the time to check the fake email headers to find the originating IP address??

Finding the source can be as easy as that.

[GalakStarscraper]

It almost sounds like two separate incidents:

1) the note from Gaspez
2) the fake email from RJ pointing out the note from Gaspez

I think (2) has been addressed. (1) is still unanswered.

The sooner we put this whole incident behind us, the better.
- Piousman

I agree ... you have two seperate incidents now and your comment of their status.

Gaspez posting the announcement on their website which is still there (and whose email to me this morning said nothing more than that they were willing to purchase our remaining stock ... but the notice is still up). I know that Fabio's English is not good (a lot better than my Italian though) ... but I was surprised to see no mention at all over the whole incident in his email reply to my asking him what was going on.

The second part of this is someone hacking into RJ's mailing list and sending out a broadcast email that was nothing more than the announcement on Gaspez's website. RJ sent Impact! a written apology that his happened and sent out a retraction so that part is a "nothing to see here folks ... please move along".

I know RJ's retraction says we were not named in the Gaspez post ... this is true. But I cannot find another US online seller of Gaspez figures (and trust me I've Googled a lot last night to try to see if this could be someone else) and we stopped ordering from the in July of this year when they changed their terms ... so I'm 99% sure its Impact! they are discussing on their website. The bigger deal to us was that our customers came to us thinking it was Impact! ... and that is enough to need to get this matter resolved.

Hopefully quickly and then this whole thread can get locked and everyone can go back to the stress of Christmas shopping.

Tom

[GalakStarscraper]

Has anyone taken the time to check the fake email headers to find the originating IP address??

Finding the source can be as easy as that.

Working on it.

[Thadrin]

everyone can go back to the stress of Christmas shopping.

So, anyone got any idea what I can get my in-laws?
(no, they don't play Fantasy Football)

[bouncergriim]

Thank you RJ for looking into this and your fast reply. I also think you note about contacting one another before something like this goes online is good. I think that any grievances should be delt with via email or pm, however, once this stuff hits the net it only makes good sense to try to resolve it quickly and sometimes publicly if someone feels defamed publicly.

There unfortunately have been too many inicences like this lately for all parties involved. Let us hope for more amicable relationships and sales for all so that our favorite hobby can stay strong without the support of an evil Grandmother somewhere in the UK who will remain nameless.

[rolljordan]

edit

[pixelgeek]

1) RJ mailing list was hacked and sent out a notice that was already pubblic on Gaspez website.

What makes you think it was hacked? And if it was hacked why is it that it was hacked to send this email and not spam like most mailing list hacks?

If it was hacked can you post some evidence to this effect and perhaps post the IP of the person that posted this hacked email message? Have you contacted the police about this? I am not sure of the laws in Italy but this sort of thing is illegal in most countries that I know of.

It just seems odd that someone would hack the mailing list of one Impact! competitor to send out an email from another Impact! competitor to accuse Impact! of recasting instead of say emails about fake Rolex watches.

Since the only people that appear to have any benefit from this message are Gaspez and RJ I think it really is imperative that RJ provide some proof that this was indeed a hack and not a friend or partner of RJ using the mailing list to send something that has turned out to be an embarrassment to RJ.

2) What is on Gaspez site doesn't say it is Impact so nothing we can start talking here either. I believe this matter should be solved between Gaspez and who feels this has hurted them.

What other US retailer does Gaspez have business with? And if it isn't Impact! then why haven't they said so? It would take seconds for them to clear this up and they aren't doing so. Quite clearly as well. I emailed him for more information and he said he couldn't comment.

3) The bad part here is what Gaspez wrote.... doesn't matter if it is Impact, RJ, Cominox or who ever. The problem is that cloning of figures from such small companies will probably force some of them to close. This is such a small market and revenues are so small that any unsold team will hurt.

Theft of IP is indeed a terrible thing and I am glad to see that RJ is talking publicly about this important issue. I look forward to further efforts by RJ to help eliminate the theft of IP in the industry.

And knowing Fabio if he wrote this he has collected evidence of the facts. So this is a reality not a supposition.

But if he has collected evidence he isn't presenting it and when emailed directly all he will do is say that he can't comment further. You can't toss out a directed accusation like this and then not back it up.

Further, it appears from the post on his website that he doesn't actually have any evidence of this. If he did then why would he be soliciting for it from customers? And appearing to bribe them as well with the promise of Limited Edition figures.

I will chill down now on who is who, I know that Gaspez has more then one retailer in the US, not only Impact so before pointing fingers I will wait to see the outcome from Gaspez directly. I am sure that he will eventually post here to protect his products and inform the users of who is who.

I am really unsure what RJ is attempting to accomplish here. You seem to be wanting to try to distance yourself from the post that was sent via your email list but at the same time you seem to be saying that the accusations are correct and that you think that the people involved are recasting.

So what is it? If there is proof of this and an actual company involved then Gaspez needs to provide this proof and name the company. Until such time RJ needs to stop trying to play verbal games and seem as if they are being "good guys" while at the same time repeating the accusations. You can't have it both ways and trying to do so makes you look bad and at worst possibly complicit.

[Khail]

TGN is on the case!

Hope Gaspez can clear this up - I really like a lot of their miniatures, and was looking forward to ordering more. I KNOW Impact is a stand up organization though, and if this is truly an attack on Tom I would definitely stop supporting Gaspez.

[pixelgeek]

TGN is on the case!

Yes and no. Gaspez is refusing to talk so there isn't really much to investigate. There hasn't been any follow-up to my last email but from what I have read here and from what others have said to me he isn't releasing any details to anyone.

In lieu of actual evidence this has to be dismissed.

[Majortusk]

Pixelgeek has pretty much summed up my concerns,

a couple of things strike me as very fishy.

Sure a website could be hacked, sure a php workaround could use that web server as a SMTP host. Most web servers already have failsafes in place to prevent this type of issue. A php hack like that would more likely not have access directly to the email list. They would need direct access to the database where they were stored in and be able to coordinate the mass emailing. So we are then looking at someone who would have direct access to the mailing list program. if this is a custom script, that user/hacker would need some knowledge of that script to run that program. if it was not a custom script and just something that was php hacked, why would it be used to announce news from another obscure FF sales website?

Basically I look at our little nitch of the webworld, we are pretty exclusive, there are not many Fantasy football mini sites selling fantasy football minis. Someone who made that post would need the knowledge of RJ's password, knowledge of the FF community, knowledge of the mailing list, and know what kind of damage it could do by making a very specific post like that. With the hacking power that RJ claims someone has, I would be more concerned with the safety of my customers credit card information rather than just a simple apology for a 'errant' mass mailing. A security break is a serious issue, unless that security break was not one in the first place.

Additionally, if a keylogger had captured someones admin password for that site, why would they use the site to send out FF news? Of all the things that can be captured for a keylogger, how would someone who installed it know the community enough to be able to send out this type of damaging mass mailing? How would the hacker know to put that article from another relatively unknown FF site into that newsletter post. A keylogger would capture much more important information, like bank information, WOW passwords, email account information, something that could be used to make money by. A very specific obscure newsletter post by a hacker to an obscure market of people does not say time efficient in my book, let alone make the hacker money. To me, it sounds like an inside job not a hacker.

To me, the damage has been done, the accusation is out. The excuse of hacking seems to me a very flimsy one to stand by.

i apologize for my rambling, but things to me appear rotten.

upon further examination of the headers of the emails sent by RJ, Both emails appear to be legit and originating from the same source which is hosted by the same company that hosts rolljordans website.

Received: from unknown (HELO webs39.aruba.it) (62.149.130.49)
that is the web server rolljordan is hosted at aruba.it


This is the DNS records for rolljordan.com
http://network-tools.com/default.asp?pr ... jordan.com
A record points to

62.149.128.154
and

62.149.128.151

http://network-tools.com/default.asp?pr ... 49.128.154
http://network-tools.com/default.asp?pr ... 49.128.151

both point to aruba.it, the headers are stamped with running through its barracuda spam filter
X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on smtpsmart1.fe.aruba.it
X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on smtpsmart2.fe.aruba.it

Mailings appear to be approx 30-50 mins apart, with the damaging email being sent first. Time stamps reflect this in both areas, (received by mike and received by originating mail server)

Received: via dmail-2010.19 for +; Wed, 1 Dec 2010 17:52:52 -0600 (CST)

Received: from webs39 ([127.0.0.1]) by webs39.aruba.it with Microsoft
SMTPSVC(6.0.3790.4675); Thu, 2 Dec 2010 00:52:46 +0100
Date: Thu, 02 Dec 2010 00:52:46 +0100

Webs39 appears to be the webserver that this email is coming from, and appears to be on the same provider for the server cluster rolljordan is being hosted on.


Both emails appear to be legit and sent from the same source.

[Darkson]

I got two emails last night (UK time) - "NEWS from ROLLJORDAN and big discounts for Xmas‏" and "ROLLJORDAN discount update" (which had the following wording - "We have now applied 20% discount to all our products. So no need for refunds or 20% products by email as stated in previous email. Sorry for the confusion.")

I have not received any other email today (and I know I'm on the RJ mailing list). I'm not saying RJ haven't sent it, I'm just saying I haven't received it.

[Majortusk]

I wanted to post my proof, i removed the recipients address for privacy sake. Everyone who got these letters can compare the headers and see that they match.

What RJ is trying to say is that someone hacked his newsletter, sent out the notification Gaspez made, then RJ logged in themselves 20 -30 mins later and sent out a legit newsletter. Lots of things in my opinion do not add up. If my site was hacked, I would be more concerned with the safety of my customers information than a fake newsletter that they didnt 'send' but agrees with everything thats said in it.

Received: via dmail-2010.19 for +; Wed, 1 Dec 2010 17:52:52 -0600 (CST)
Return-Path: <me@localhost.com>
Delivered-To: XXXX-- REMOVED --XXXX
Received: (qmail 29244 invoked from network); 1 Dec 2010 17:52:52 -0600
Received: from bcuda-east.data.cc.uic.edu (HELO barracuda.uic.edu)
(192.168.103.32)
by mstore-15.data.cc.uic.edu with SMTP; 1 Dec 2010 17:52:52 -0600
X-ASG-Debug-ID: 1291247571-5277c9780001-22hcAy
Received: from smtpsmart1.aruba.it (smtpweb132.aruba.it [62.149.158.132])
by barracuda.uic.edu with SMTP id frFFzdzeybH05zGR for <XXXX-- REMOVED --XXXX>;
Wed, 01 Dec 2010 17:52:52 -0600 (CST)
X-Barracuda-Envelope-From: me@localhost.com
X-Barracuda-Apparent-Source-IP: 62.149.158.132
Received: (qmail 31004 invoked by uid 89); 1 Dec 2010 23:52:47 -0000
Received: by simscan 1.2.0 ppid: 30881, pid: 30898, t: 1.2216s
scanners: clamav: 0.88.4/m:40/d:1945 spam: 3.1.4
X-Barracuda-BBL-IP: nil
X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on
smtpsmart1.fe.aruba.it
X-Spam-Level:
X-Spam-Status: No, score=0.5 required=5.0
tests=BAYES_00,FORGED_HOTMAIL_RCVD2,
RDNS_NONE,SPF_SOFTFAIL autolearn=disabled version=3.2.5
Received: from unknown (HELO webs39.aruba.it) (62.149.130.49)
by smtpsmart1.fe.aruba.it with SMTP; 1 Dec 2010 23:52:45 -0000
Received: from webs39 ([127.0.0.1]) by webs39.aruba.it with Microsoft
SMTPSVC(6.0.3790.4675);
Thu, 2 Dec 2010 00:52:46 +0100
Date: Thu, 02 Dec 2010 00:52:46 +0100
Subject: ROLLJORDAN discount update
To: XXXX-- REMOVED --XXXX
X-ASG-Orig-Subj: ROLLJORDAN discount update
From: Admin <rolljordan@hotmail.com>
Reply-To: Admin <rolljordan@hotmail.com>
X-Mailer: PHP/5.2.12
X-Priority: 1
Message-ID: <WEBS39h05YFRcmVFOh10000264a@webs39.aruba.it>
X-OriginalArrivalTime: 01 Dec 2010 23:52:46.0812 (UTC)
FILETIME=[DA9D01C0:01CB91B2]
X-Barracuda-Connect: smtpweb132.aruba.it[62.149.158.132]
X-Barracuda-Start-Time: 1291247571
X-Barracuda-URL: http://128.248.155.6:8000/cgi-mod/mark.cgi
X-Virus-Scanned: by bsmtpd at uic.edu
X-Barracuda-Spam-Score: 1.12
X-Barracuda-Spam-Status: No, SCORE=1.12 using per-user scores of
TAG_LEVEL=3.5 QUARANTINE_LEVEL=1000.0 KILL_LEVEL=6.0
tests=FORGED_HOTMAIL_RCVD2
X-Barracuda-Spam-Report: Code version 3.2, rules version 3.2.2.48211
Rule breakdown below
pts rule name description
---- ----------------------
--------------------------------------------------
1.12 FORGED_HOTMAIL_RCVD2 hotmail.com 'From' address, but no 'Received:'

Received: via dmail-2010.19 for +; Wed, 1 Dec 2010 17:06:32 -0600 (CST)
Return-Path: <me@localhost.com>
Delivered-To: XXXX-- REMOVED --XXXX@mailin94-mailserv.data.cc.uic.edu
Received: (qmail 20925 invoked from network); 1 Dec 2010 17:06:32 -0600
Received: from bcuda-west.data.cc.uic.edu (HELO barracuda.uic.edu)
(192.168.100.222)
by mstore-15.data.cc.uic.edu with SMTP; 1 Dec 2010 17:06:32 -0600
X-ASG-Debug-ID: 1291244791-646a122e0001-22hcAy
Received: from smtpsmart2.aruba.it (smtpweb107.aruba.it [62.149.158.107])
by barracuda.uic.edu with SMTP id SzFCU7aWlA0es1Ae for <XXXX-- REMOVED --XXXX>;
Wed, 01 Dec 2010 17:06:31 -0600 (CST)
X-Barracuda-Envelope-From: me@localhost.com
X-Barracuda-Apparent-Source-IP: 62.149.158.107
Received: (qmail 24390 invoked by uid 89); 1 Dec 2010 23:06:29 -0000
Received: by simscan 1.2.0 ppid: 24169, pid: 24189, t: 1.2501s
scanners: clamav: 0.88.4/m:40/d:1945 spam: 3.1.4
X-Barracuda-BBL-IP: nil
X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on
smtpsmart2.fe.aruba.it
X-Spam-Level:
X-Spam-Status: No, score=0.5 required=5.0
tests=BAYES_00,FORGED_HOTMAIL_RCVD2,
RDNS_NONE,SPF_SOFTFAIL autolearn=disabled version=3.2.5
Received: from unknown (HELO webs39.aruba.it) (62.149.130.49)
by smtpsmart2.fe.aruba.it with SMTP; 1 Dec 2010 23:06:27 -0000
Received: from webs39 ([127.0.0.1]) by webs39.aruba.it with Microsoft
SMTPSVC(6.0.3790.4675);
Thu, 2 Dec 2010 00:06:24 +0100
Date: Thu, 02 Dec 2010 00:06:24 +0100
Subject: NEWS from ROLLJORDAN and big discounts for Xmas&#8207;
To: XXXX-- REMOVED --XXXX
X-ASG-Orig-Subj: NEWS from ROLLJORDAN and big discounts for Xmas&#8207;
From: Admin <rolljordan@hotmail.com>
Reply-To: Admin <rolljordan@hotmail.com>
X-Mailer: PHP/5.2.12
X-Priority: 1
Message-ID: <WEBS39ClmpcQABZTW5k000022d3@webs39.aruba.it>
X-OriginalArrivalTime: 01 Dec 2010 23:06:24.0841 (UTC)
FILETIME=[606DEB90:01CB91AC]
X-Barracuda-Connect: smtpweb107.aruba.it[62.149.158.107]
X-Barracuda-Start-Time: 1291244791
X-Barracuda-URL: http://barracuda.uic.edu:8000/cgi-mod/mark.cgi
X-Virus-Scanned: by bsmtpd at uic.edu
X-Barracuda-Spam-Score: 1.12
X-Barracuda-Spam-Status: No, SCORE=1.12 using per-user scores of
TAG_LEVEL=3.5 QUARANTINE_LEVEL=1000.0 KILL_LEVEL=6.0
tests=FORGED_HOTMAIL_RCVD2
X-Barracuda-Spam-Report: Code version 3.2, rules version 3.2.2.48207
Rule breakdown below
pts rule name description
---- ----------------------
--------------------------------------------------
1.12 FORGED_HOTMAIL_RCVD2 hotmail.com 'From' address, but no 'Received:'

[Darkson]

Has anyone else that received the original email received the retraction?

[howlinggriffon]

I got the retraction email at 12:50 this afternoon (GMT) - I got the other emails too.