Our friends over at NMRC reply to another link exchange moron. Oh look, another legitimate link to another site without mails begging for it!
From: Simple Nomad (thegnome[at]nmrc.org) To: Annie Simanski (firstname.lastname@example.org) Date: Tue, 07 Jul 2009 10:37:36 -0500 Subject: Re: Link exchange with nmrc.org On Mon, 2009-07-06 at 19:42 -0500, Annie Simanski wrote: : Hello, : : I just wanted to make sure you got my last e-mail about the link : exchange between my site and yours. Exchanging quality links is : undeniably the easiest way to improve your website link popularity, : to achieve better search engine positioning and increase your website : traffic. I deleted your last email. I assumed it was spam. : Let's help each other out and gain popularity and prosperity on the : web!! What is in this for us? Do you assume that just because we have a web site we want to be popular? And prosperous? Did you even look at the site? Does it look like we are trying to prosper? : I have faith that you and I will benefit immensely from this proposed : link exchange. And what pray tell is the religion that gives you such faith? I seriously doubt there is anything you have that will benefit us. : I look forward to your positive reply. You are looking in the wrong place, lady. : All the best, Seriously? Ok, listen. You have sent the "link exchange" request to a hacker site. This is a hobby site, and since during the dot com boom we all managed to get high paying jobs we don't update the website very often. Now you had no idea of this, but seriously you considered a link exchange with a hacker site? First off, let's discuss www.peakdirectory.com. What the fuck is with all the open ports? # nmap -O -sV -sS www.peakdirectory.com PORT STATE SERVICE VERSION 1/tcp open tcpwrapped 21/tcp open ftp PureFTPd 22/tcp open ssh OpenSSH 5.1p1 (protocol 2.0) 25/tcp open smtp Exim smtpd 4.69 26/tcp open smtp Exim smtpd 4.69 80/tcp open http Apache httpd 2.2.11 110/tcp open pop3 Courier pop3d 111/tcp open tcpwrapped 143/tcp open imap Courier Imapd (released 2008) 443/tcp open http Apache httpd 2.2.11 465/tcp open ssl/smtp Exim smtpd 4.69 993/tcp open ssl/imap Courier Imapd (released 2008) 995/tcp open ssl/pop3 Courier pop3d 1720/tcp filtered H.323/Q.931 3306/tcp open mysql MySQL 5.0.81-community 8009/tcp open ajp13? 8080/tcp open http Apache Tomcat/Coyote JSP engine 1.1 Device type: general purpose Running: Linux 2.6.X OS details: Linux 2.6.5 - 2.6.11 Uptime 27.196 days (since Wed Jun 10 05:30:24 2009) Patch this shit up immediately. Some of those services really need updating, and some have no business being exposed to the entire planet. : Annie Simanski : Link Manager of Peak Directory : email@example.com Annie (or the guy going by "Annie" since a chick name sounds more inviting and less threatening, yes we practically invented social engineering you bastards), I know that as Spammaster Deluxe, err sorry Link Manager of Peak Directory you are probably not responsible for patching the website. But if you are going to be sending out spam to strangers, and this IS what your messages are, then expect some pushback. We didn't even look at your various webforms for SQL injection, XSS, etc. We assumed that with this underlying mess of a website the web app situation to be a minefield. Payment for your free security assessment (our rating of your website is Fairly Fucked) is the removal of all nmrc.org email addresses from your spammer database/mailing lists. BTW we will not help you patch or fix your website, nor will we recommend anyone, lest we be accused of some weird blackmail or something. Consider this a gift -- fix your shit. Or delete the entire website and go into something less degrading for income. We recommend the online porn industry -- but remember, they take web security a bit more seriously, ok? Never email us again under any circumstances. Ever.