Words can not depict how pissed off I am right now. Someone reported PackersHome.com as a SPAM website, that sends spam.

If I can not find the malicious script, PackersHome.com will be deleted, permanently and I can't do anything about it. Arvixe was nice enough to allow me this time to search for the issue and resolve it.

I'm doing another full site backup as we speak.


This is the email that could end PH.com

MIME element (message/feedback-report)
Encapsulated message (message/rfc822)
Headers of embedded message (message/rfc822)
Delivered-To: x
Received: by 10.90.132.18 with SMTP id f18cs52994agd;
Thu, 13 Jan 2011 18:14:35 -0800 (PST)
Received: by 10.91.8.20 with SMTP id l20mr467016agi.147.1294971275657;
Thu, 13 Jan 2011 18:14:35 -0800 (PST)
Return-Path:
Received: from rhino.arvixe.com (stats.rhino.arvixe.com [74.86.163.xxx])
by mx.google.com with ESMTPS id 1si1480406ano.176.2011.01.13.18.14.35
(version=TLSv1/SSLv3 cipher=RC4-MD5);
Thu, 13 Jan 2011 18:14:35 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of doogie@rhino.arvixe.com designates 74.86.163.xxx as permitted sender) client-ip=74.86.163.xxx;
Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of doogie@rhino.arvixe.com designates 74.86.163.xxx as permitted sender) smtp.mail=xxx@rhino.arvixe.com
Received: from xxxby rhino.arvixe.com with local (Exim 4.69)
(envelope-from )
id 1PdZBT-0004of-PC
for x; Thu, 13 Jan 2011 18:14:35 -0800
To: x
Subject: I've come across an interesting download
X-PHP-Script: www.packershome.com/index.php for 112.201.206.16
Date: Thu, 13 Jan 2011 18:14:35 -0800
From: jotam
Message-ID:
X-Priority: 3
X-Mailer: PHPMailer [version 1.73]
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="b1_211ffbc2d5b41ba727c216efb6a5ec07"
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - rhino.arvixe.com
X-AntiAbuse: Original Domain - gmail.com
X-AntiAbuse: Originator/Caller UID/GID - [881 878] / [47 12]
X-AntiAbuse: Sender Address Domain - rhino.arvixe.com

Anything that we can do to help?

"Pack93z"Anything that we can do to help?

I don't know, man. I'm so pissed off and discouraged right now, its just not good.

I hate spam and hate script kiddies even more.


I don't know what to do. I'm deleting the other software's that I had running and hoping that it was one of them that was the culprit and doing a few other things to prevent a shut down.

I've done several things behind the scenes to prevent this issue occurring again and one that directly effects each of you. Unfortunately, you will need to enter a numerical security code when you log in to help ensure you're not a robot.

I'm still digging through options and files to see what else I can do.

fuuuuuuuuuuuuuck.
sorry man.
good luck.

Just cuz someone reported you as spam the host takes their word for it?

The jig is up, the news is out, they've finally found me.. ;)



Now.. seriously.. can you block the bots from hitting the pages?

Man that is terrible.
MUST HAVE BEEN A BEARS FAN.

How did it not occur to the host that your domain and IP address may have been (probably were) spoofed?
Back up your database onto a thumb drive just in case the worst happens.

I have unlimited web space and bandwidth that I'd be happy to donate if it came to that, though I doubt it will.

"Pack93z"Now.. seriously.. can you block the bots from hitting the pages?

Yes, the flood control does that, but if you click a few links too fast, it'll ban you for 60 seconds or something like that, maybe 10 minutes? I had it on the site for awhile, which seemed to speed things up, but Wade got lost, lol.

"longtimefan"Just cuz someone reported you as spam the host takes their word for it?

Yes, one person, sent one email and BYE BYE PH.com
pretty disturbing huh?