Why the fascination with Kimmer? #16

[Sheridan]

Quote:

Originally Posted by cleochatra

The only way I could see a book being published about this (that anyone would actually buy) would be one of those "True Crime Stories" type books.

I think Ann Rule would be a good choice.

[Barbara B]

Quote:

Originally Posted by Nady

And it's not like you can hide your tracks on the Internet~ I think deliberately sending a virus in an email has penalities also~
~~~N

For anyone who got the email, can you read the headers to see where it originated from?

[LChottie07]

Quote:

Originally Posted by SydneyN

I think Jimmy's suspicions might be right. When I logged on this morning (when it was showing up as a drug forum ) it showed that Christin was online. She can tell us if that was her, but my guess is it might have been someone who had access to her password at another site. Just speculating.

Hey Sydney... and everyone what a day... ok... so #1 I tried to get on early this morning, however the site wanted me to re-register w/ a new username/password and I didn't think it was prudent to do that so I left... so NO I was never logged into the site. So far... the admins who's user names and profiles that have been used (that I know of) are Mary (Cartbabe), Jimmy, and now I guess myself... (What is the common denominator between all those people??? I wonder... ) This is just getting downright irritating and creepy.



On another note.... I need for anyone who is a member or former member of KK that lives in the San Diego COUNTY to please contact John at the email address listed in The Kimkins Lawsuit Blog (you do not have to even be a member of the lawsuit yet). This is important, so he needs to hear from you as quickly as possible. Thanks everyone for your hard work!!!

[MomToEli]

Quote:

Originally Posted by 2big4mysize

anybody else not able to open Jimmy's blog page?

It opens for me, just slowly.

[Barbara B]

Quote:

Originally Posted by MissMerize

The problem won't be Jimmy's computer - it will stem from his site which will be on a server. My computer does not recognize or open EXE files.

If he was using the same password for a lot of things, that could have got him in trouble.

I have a small composition notebook (the real mini size) where I have different passwords for everything.

If I lost this little book I'd be crying for months.

It is uncertain at this time why or who did the hacking. I do feel for him, I'd be really annoyed.

I have a great piece of software called RoboForm. You set up one password to access your logins and passwords. You can save many, many passwords and only need to know the main one to access the others.

[Barbara B]

Quote:

Originally Posted by MissMerize

The problem won't be Jimmy's computer - it will stem from his site which will be on a server. My computer does not recognize or open EXE files.

If he was using the same password for a lot of things, that could have got him in trouble.

I have a small composition notebook (the real mini size) where I have different passwords for everything.

If I lost this little book I'd be crying for months.

It is uncertain at this time why or who did the hacking. I do feel for him, I'd be really annoyed.

I feel awful for him. And they lost 6 months of posts!

[jeanessa]

Quote:

Originally Posted by LChottie07

Hey Sydney... and everyone what a day... ok... so #1 I tried to get on early this morning, however the site wanted me to re-register w/ a new username/password and I didn't think it was prudent to do that so I left... so NO I was never logged into the site. So far... the admins who's user names and profiles that have been used (that I know of) are Mary (Cartbabe), Jimmy, and now I guess myself... (What is the common denominator between all those people??? I wonder... ) This is just getting downright irritating and creepy.



On another note.... I need for anyone who is a member or former member of KK that lives in the San Diego COUNTY to please contact John at the email address listed in The Kimkins Lawsuit Blog (you do not have to even be a member of the lawsuit yet). This is important, so he needs to hear from you as quickly as possible. Thanks everyone for your hard work!!!

To second this, I made a Kimkinslawsuit post about it...

Calling San Diego County… Kimkinslawsuit’s Weblog

[Barbara B]

Quote:

Originally Posted by LChottie07

Hey Sydney... and everyone what a day... ok... so #1 I tried to get on early this morning, however the site wanted me to re-register w/ a new username/password and I didn't think it was prudent to do that so I left... so NO I was never logged into the site. So far... the admins who's user names and profiles that have been used (that I know of) are Mary (Cartbabe), Jimmy, and now I guess myself... (What is the common denominator between all those people??? I wonder... ) This is just getting downright irritating and creepy.



On another note.... I need for anyone who is a member or former member of KK that lives in the San Diego COUNTY to please contact John at the email address listed in The Kimkins Lawsuit Blog (you do not have to even be a member of the lawsuit yet). This is important, so he needs to hear from you as quickly as possible. Thanks everyone for your hard work!!!

And who else would know how to access Jimmy's PayPal account?

[Mayberryfan]

Christin!

Hope a former KK member from San Diego turns up soon. And, thanks for letting us know what John needs. You know we'll try our best to get it for him.

[Mayberryfan]

It might not be a bad idea to go ahead and change your passwords if you use the same one or a very similar one to your Kk login.

It can't hurt!

[Awakened]

I've already changed all of mine just in case!

[vernswifevickie]

Quote:

Originally Posted by Awakened

Jimmy has a Mac too as far as I know.

I'm one of the dumb ones who clicked on it, but instead of taking me to a page my security thing asked me if I wanted to run or save, so I clicked cancel. I"m running a scan now.. but do you all think I'm okay since I didn't open it all the way???

I did the same thing Deni. I'm also running a scan just to be sure.

[Mariasol]

Quote:

Originally Posted by 2big4mysize

I get just the URL a yellow warning triangle in the bottom corner saying done with errors and my screen locks up. can't even close it. Microsoft sent an error to itself about this twice now. since the email went to the spam file I never opened it anyways.

It takes forever to load as there are so many ads on there I have a high speed connection and still after 3 minutes the page is not fully loaded. Perhaps that's your problem.

[Mariasol]

Quote:

Originally Posted by Barbara B

For anyone who got the email, can you read the headers to see where it originated from?

IP address [?]: 64.15.129.25 [Whois]
IP address country: ip address flag Canada
IP address state: Quebec
IP address city: Montreal
IP postcode: h1w1g4
IP address latitude: 45.500000
IP address longitude: -73.583298
ISP of this IP [?]: Groupe iWeb Technologies
Organization: iWeb Dedicated HD
Host of this IP: [?]: ip-64-15-129-25.static.privatedns.com [Whois]
Local Time of this IP country: 2008-04-09 10:00

[Barbara B]

Quote:

Originally Posted by Mariasol

IP address [?]: 64.15.129.25 [Whois]
IP address country: ip address flag Canada
IP address state: Quebec
IP address city: Montreal
IP postcode: h1w1g4
IP address latitude: 45.500000
IP address longitude: -73.583298
ISP of this IP [?]: Groupe iWeb Technologies
Organization: iWeb Dedicated HD
Host of this IP: [?]: ip-64-15-129-25.static.privatedns.com [Whois]
Local Time of this IP country: 2008-04-09 10:00

Erh, this is over my head, apparently. But I do understand that it's not particularly difficult to mask where the email actually originates. I just don't know how in the world it's done.

[samredman]

I think the mechanism for attack was that he had an unprotected version of the open source phpbb board installed on his site, which had the feature enabled to allow files to be attached to a posting (early 2.2 versions of this mod and early betas of the 3.0 version had this vulnerability... although in subsequent issues of both it is resolved ). When I first went to his site (after seeing the alert here), I saw that there was a php exploit file attached in the post about marijuana. My virus alert mechanism (avira) warned me immediately that the php file attached there had a known exploit. I started to download it (just to see the code, but I decided against it... because I have seen enough of them to know how they work). Php files are programs which will run on your server (when addressed through any remote browser), unless there are protections inside of the file upload and display directories to prevent execution. I am sure his system admin has found all that now and knows the particulars of how to prevent it. Apparently, the hacker used the php file attachment feature in a post and then after it was attached, he simply clicked on the file name (with the php extension) running that program on the server. It more than likely is designed to ransack the database downloading (or maybe printing to the screen) all of the admin names and passwords, plus all the members' email addresses (hence the spam virus attack). Then the attacker could have simply signed in as an admin and deleted everything and did his emailing with other types of virus attachments to attempt to get information from your personal machines. .

So, my guess it that this is not based on a compromise of passwords provided to another site (like Kimkins), but a simple exploit, similar to what phpbb boards all over the world are experiencing (the evil doers search with robots to find phpbb boards with this vulnerability). So, I think you can put the "big conspiracy" theory to rest, but, of course, it was still a wicked act, just the same.

I have several private phpbb boards on my servers and have experienced many attacks over the years. I finally separated out all file attachment features on my boards to upload to separate locations, (because of this weakness) although from what I understand, the latest mods (available from the phpbb site) are totally secure and stop any future exploits.

[Awakened]

Sam, How does that explain how the hacker got into his private email and paypal???

[samredman]

Awakened --

My guess is that Jimmy did what a lot of people do... used the same login and password for his private email and paypal, as he did for his admin access. When I first looked at his site and glanced at his post... it showed (sort of like a signature) all the info for all the admins right there for anyone to see, which is a pretty good indication that this was probably done with the mechanism I described. Everyone on that admin list... which I still have probably somewhere in my cache (as does everyone who peeked at the site before it was closed off) should change all usernames and passwords on anything with personal information.

[Mariasol]

Quote:

Originally Posted by Awakened

Sam, How does that explain how the hacker got into his private email and paypal???

Same user name and password perhaps

[MaryN]

Quote:

Originally Posted by LChottie07

Hey Sydney... and everyone what a day... ok... so #1 I tried to get on early this morning, however the site wanted me to re-register w/ a new username/password and I didn't think it was prudent to do that so I left... so NO I was never logged into the site. So far... the admins who's user names and profiles that have been used (that I know of) are Mary (Cartbabe), Jimmy, and now I guess myself... (What is the common denominator between all those people??? I wonder... ) This is just getting downright irritating and creepy.



On another note.... I need for anyone who is a member or former member of KK that lives in the San Diego COUNTY to please contact John at the email address listed in The Kimkins Lawsuit Blog (you do not have to even be a member of the lawsuit yet). This is important, so he needs to hear from you as quickly as possible. Thanks everyone for your hard work!!!

I mostly lurk on here and on Jimmy's site. I had the same experience as Christin. Scary.

Keep up the good works, ducks. I am in awe of all the work you have done.

Mary

[Awakened]

Well, since I'm a moderator there, I'm really glad I went and changed all my passwords.. allthough... I dont' use the same ones as I did there.


Has anyone passed along this theory to Jimmy and his admin?

[samredman]

Quote:

Originally Posted by Awakened

Has anyone passed along this theory to Jimmy and his admin?

Any qualified system administrator (guy or gal certified on server management) would figure this out in literally less than 30 seconds. They don't need advice (I can assure you). This is what guys like me talk about on tech boards.

[Magicsmom]

Quote:

Originally Posted by Barbara B

Seems Heidi is on the warpath again. I guess her rage got the better of her. Jimmy's troubles started on Monday and on Tues., CrispyBread made her appearance.

I wonder if there's a trail of empty Cap'n Morgan bottles somewhere.

Quote:

Originally Posted by samredman

I have identified that underlying sentiment in much of the posting motivation on many boards (about many topics). A lot of people just don't want to see anyone else making any money (how they justify earning their own living expense money remains a mystery). If that philosophy was followed, we just wouldn't see any media coverage or books written on any distasteful subject (some people actually respectably pay their bills by creating interesting compositions on controversial topics). Of course, even this board (lowcarbfriends) is "making money" off of this without shame, as is every anti-kimkins blog with google ads and, of course, I am certain the law firm hopes to make money "off" of it, unless you are telling me that the altruistic attorney on the case has agreed to waive his fees. Not very likely.

I cannot speak for others, but there is no money being made at my blog whatsoever.

Quote:

Originally Posted by cleochatra

There is nothing wrong with making money through honesty and integrity. To tell people you're a size 4 and to follow your lead (and to give you money) when you're really closer to a 34 is obviously in bad form. As a writer, I am paid for my work. What if I stole the work of others and was paid?

People make money all of the time, but when money is changing hands under false pretenses... no no no.

[BamaGal]

Quote:

Originally Posted by Barbara B

For anyone who got the email, can you read the headers to see where it originated from?

here's some more to add to what was already posted---for those who know how to read this gibberish

Return-Path: <lcc@hd-t3246cl.privatedns.com>
Received: from hd-t3246cl.privatedns.com (ip-64-15-129-25.static.privatedns.com [64.15.129.25])
by mx.google.com with ESMTP id e17si103632qbe.1.2008.04.09.05.30.25;
Wed, 09 Apr 2008 05:30:29 -0700 (PDT)
Received-SPF: pass (google.com: domain of lcc @ hd-t3246cl.privatedns.com designates 64.15.129.25 as permitted sender) client-ip=64.15.129.25;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of lcc @ hd-t3246cl.privatedns.com designates 64.15.129.25 as permitted sender) smtp.mail=lcc @ hd-t3246cl.privatedns.com
Received: from lcc by hd-t3246cl.privatedns.com with local (Exim 4.63)
(envelope-from <lcc @ hd-t3246cl.privatedns.com>)
id 1JjZRF-0007I6-P2; Wed, 09 Apr 2008 08:30:05 -0400


what I gather is the hacker used JM's own system to send these so they will be traced back to him...