Whoever currently owns opencomposting.org is now having a spamfest and apparently got some user names from people who post on forums about compiz (maybe even from this forum.)

Someone posted one here:

http://pastebin.com/m478c33ce

I got the identical one, with my username.

Looking at the headers, under the subject, it says:

X-PHP-Script: www.opencompositing.org/contest_images/rigobot/sp/drug.php for 87.167.19.22, 87.167.19.22

See also this:

http://smspillaz.wordpress.com/2009/11/28/abandon-fail-boat/

I think it was the Compiz Community Forum that had the actual breach, not these Ubuntu forums. Just a heads up.

You should inform the administrators of that site. Whois reveals several interesting names.

It's funny - first of all I spelled it wrong opencomposITING.org, not composting.

That site just has a link to the Compiz and Compiz fusion sites.

But if you look at the page source there's a piece that's commented out, that refers to the blog

http://smspillaz.wordpress.com/

Which is the blog wherein the owner says his forums were breached.

Who knows if smspillaz still has a connection to opencompositing.org. Whois says that's owned by some French guys and apparently hosted by nuxit.net.

Domain ID:D142979839-LROR
Domain Name:OPENCOMPOSITING.ORG
Created On:05-Apr-2007 07:23:02 UTC
Last Updated On:03-Aug-2009 17:40:05 UTC
Expiration Date:05-Apr-2010 07:23:02 UTC
Sponsoring Registrar:Namebay (R54-LROR)
Status:CLIENT TRANSFER PROHIBITED
Registrant ID:GS83747-NBAY
Registrant Name:Guillaume Seguin
Registrant Street1:11 rue Gribeauval
Registrant Street2:
Registrant Street3:
Registrant City:Amiens
Registrant State/Province:
Registrant Postal Code:80000
Registrant Country:FR
Registrant Phone:+33.626900995
Registrant Phone Ext.:
Registrant FAX:
Registrant FAX Ext.:
Registrant Email:guillaume@segu.in
Admin ID:AZ36675-NBAY
Admin Name:Mathieu Chouteau
Admin Organization:NUXIT
Admin Street1:400 avenue Roumanille BP 60177
Admin Street2:
Admin Street3:
Admin City:Sophia Antipolis Cedex
Admin State/Province:
Admin Postal Code:06903
Admin Country:FR
Admin Phone:+33.899563600
Admin Phone Ext.:
Admin FAX:+33.492903472
Admin FAX Ext.:
Admin Email:domains@nuxit.net
Tech ID:AZ36675-NBAY
Tech Name:Mathieu Chouteau
Tech Organization:NUXIT
Tech Street1:400 avenue Roumanille BP 60177
Tech Street2:
Tech Street3:
Tech City:Sophia Antipolis Cedex
Tech State/Province:
Tech Postal Code:06903
Tech Country:FR
Tech Phone:+33.899563600
Tech Phone Ext.:
Tech FAX:+33.492903472
Tech FAX Ext.:
Tech Email:domains@nuxit.net
Name Server:DNS.ISPFR.NET
Name Server:DE35.ISPFR.NET
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:


I'll contact nuxit.

So that's where that spam came from. I got an identical one :|

Opencompositing.org is actually owned by someone named Guillaume who is apparently also affiliated with the wordpress blog if you read that post. So did they really have a breach or... ?

Yeah I have the same spam messages.

The www.opencompositing.org site itself has links to compiz.org and compiz-fusion.org. Both sites appear to do nothing right now.

Perhaps the site was hacked and someone has been using it to spam?

It certainly would APPEAR as if the guys from the Compiz Community forums sold out the nicknames and addresses of everybody on their forum to spammers - and participated in the spamming themselves by hosting the "drug.php" script.

Compiz Community Forums - Opencompositing.org - and the WordPress blog cited above - are all the same guys.

And then when people realized it seems to have come from them, it certainly would APPEAR as if they tried to blame it on the VBulletin software.

Very sad, IF that's the case.

:popcorn:

It certainly would APPEAR as if the guys from the Compiz Community forums sold out the nicknames and addresses of everybody on their forum to spammers - and participated in the spamming themselves by hosting the "drug.php" script.

Compiz Community Forums - Opencompositing.org - and the WordPress blog cited above - are all the same guys.

And then when people realized it seems to have come from them, it certainly would APPEAR as if they tried to blame it on the VBulletin software.

Very sad, IF that's the case.

:popcorn:


And why on earth would they do something like that? I very highly doubt that is the case. Let me go get my tinfoil hat http://stashbox.org/701473/tinfoil.gif

It certainly would APPEAR as if the guys from the Compiz Community forums sold out the nicknames and addresses of everybody on their forum to spammers - and participated in the spamming themselves by hosting the "drug.php" script.

Compiz Community Forums - Opencompositing.org - and the WordPress blog cited above - are all the same guys.

And then when people realized it seems to have come from them, it certainly would APPEAR as if they tried to blame it on the VBulletin software.

Very sad, IF that's the case.

:popcorn:

Much, much, more likely that they got hacked. Which doesn't say the greatest thing for their security, but I highly doubt that they are complicit in this.

Much, much, more likely that they got hacked. Which doesn't say the greatest thing for their security, but I highly doubt that they are complicit in this.

They would not be the only site using the vBulletin software who was hacked, and passwords compromised.

Needless to say, password changes are a good idea right now :)

They would not be the only site using the vBulletin software who was hacked, and passwords compromised.

Needless to say, password changes are a good idea right now :)

vBulletin!...and people were worried about Google! why fear Google?