Here is the email header from the original message, on the one I
received; it shows the IP address that it was sent from, and you may
want to send it to the fraud division at AOL, or whatever they call it
there. They can trace it back to the originating machine. If it was
done from a public PC, though, I don't know what can be done to find the
hacker.

Return-path:
<sentto-1030235-2297-1074511157-marta=steveandmarta.com@...
ahoo.com>
Envelope-to: marta@...
Delivery-date: Mon, 19 Jan 2004 05:11:01 -0700
Received: from [66.218.66.101] (helo=n33.grp.scd.yahoo.com)
by valley.vosn.net with smtp (Exim 4.24)
id 1AiYFB-0000J4-N4
for marta@...; Mon, 19 Jan 2004 05:11:01 -0700
X-eGroups-Return:
sentto-1030235-2297-1074511157-marta=steveandmarta.com@...
hoo.com
Received: from [66.218.67.192] by n33.grp.scd.yahoo.com with NNFMP; 19
Jan 2004 11:19:18 -0000
X-Sender: dghprobe3@...
X-Apparently-To: probe_control@yahoogroups.com
Received: (qmail 94617 invoked from network); 19 Jan 2004 11:19:16 -0000
Received: from unknown (66.218.66.167)
by m10.grp.scd.yahoo.com with QMQP; 19 Jan 2004 11:19:16 -0000
Received: from unknown (HELO oemcomputer) (172.189.95.148)
by mta6.grp.scd.yahoo.com with SMTP; 19 Jan 2004 11:19:15 -0000
To: probe_control@yahoogroups.com
Message-ID: <jdbokshixkwgnoixyyl@...>
X-eGroups-Remote-IP: 172.189.95.148
From: dghprobe3@...
X-Yahoo-Profile: dghprobe3
MIME-Version: 1.0
Mailing-List: list probe_control@yahoogroups.com; contact
probe_control-owner@yahoogroups.com
Delivered-To: mailing list probe_control@yahoogroups.com
Precedence: bulk
List-Unsubscribe: <mailto:probe_control-unsubscribe@yahoogroups.com>
Date: Mon, 19 Jan 2004 11:21:54 +0000
Subject: [probe_control] Hi
Reply-To: probe_control@yahoogroups.com
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit




Marta

http://www.steveandmarta.com

Home of "The Graveyards of Omaha" and

"The New Twilight Zone" websites (Alan Brennert's new book is featured
on the site!)

"Experience should teach us to be on our guard to protect liberty when
government's purpose are beneficent. Men born to freedom are naturally
alert to repel invasion of their liberty by evil-minded rulers. The
greatest dangers to liberty lurk in insidious encroachment of men of
zeal, well meaning but without understanding."

Supreme Court Justice Louis Brandeis's great statement from Olmstead v.
United States
<http://caselaw.lp.findlaw.com/scripts/getcase.pl?court=us&vol=277&invol
=438>:

-----Original Message-----
From: dghprobe3 [mailto:dghprobe3@...]
Sent: Monday, January 19, 2004 6:07 PM
To: probe_control@yahoogroups.com
Subject: [probe_control] Re: Hi

--- In probe_control, dghprobe3@a... wrote:
> Test =)
> ciaxxrprpgyxj
> --
> Test, yep.
>
> [Non-text portions of this message have been removed]
----------------------------

Thanks to Jim Alexander for alerting me to the above. I did not send
this to the list. Apparently someone hacked into my AOL and/or Yahoo
accounts. I've changed my passwords, but if they have ways of
getting passwords, that may not work for long.

One of the problems Jim pointed out to me is that my email address
officially starts with a capital "D" whereas it appears as a lower
case "d" in the email that was sent out to the list.

Next, I never use a bogus "Hi" as a subject line. Usually I tell
what the post is about with a phrase, or use a tongue in cheek line
to catch people's attention. And I never make smileys like that.

They included "cia" in their gibberish above, which is wierd. And I
rarely use the word "yep" unless it's in an informal instant message
context.

The line, "[Non-text portions of this message have been removed],"
indicates that someone tried to send an attachment to the list,
probably a virus.

I checked all my other Yahoo groups, and so far the ONLY list this
person bothered with was the SEARCH list. Why they didn't do any
further damage is a mystery, but they apparently wanted to try to
give everyone on the SEARCH list a virus. They could have done more
damage here, and to other lists, but they were content do try
something ONLY on the SEARCH list. (At least, as far as I know. We
may need to check the Files and Links sections for anything else
bogus posted for 1-19-04.)

Back during Thanksgiving last year, we had some severe trouble with a
member of this list who has since been banned. I suspect that the
same person is behind this current trouble. But I'd like a little
more evidence before I name names once again. If it is the same
person, I'm surprised he missed the opportunity to post extreme
vulgarities.

Does anyone know what else I should check, change, or look out for
with regard to trying to keep these things from happening again? Is
there any way to track which computer sent this fake "Hi" post?

--Don H.




Yahoo! Groups Links

To visit your group on the web, go to:
http://groups.yahoo.com/group/probe_control/

To unsubscribe from this group, send an email to:
probe_control-unsubscribe@yahoogroups.com

Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/