Develop Bugs

virus from [email protected]

at 21:00 this night i received an email from : [email protected]
With an virus in it.
has anybody else also got this virus mail ?
this was in the attachment:
Video_part.mim Email-Worm.Win32.Nyxem.e Removed
This is the header of the mail:
Delivered-To: GMX delivery to [email protected] (my address)
Received: (qmail invoked by alias); 02 Feb 2006 19:51:54 -0000
Received: from 84-235-63-127.saudi.net.sa (HELO user-a152f4b1dd) [84.235.63.127]
by mx0.gmx.net (mx024) with SMTP; 02 Feb 2006 20:51:54 +0100
From: "xda" <[email protected]>
To: <[email protected]>
Subject: MDaemon Warning - virus found: Fw: Funny
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----=_NextPart_0.024623829126358"
Date: Thu, 2 Feb 2006 20:53:06 +0100
Message-ID: <[email protected]>
X-GMX-Antivirus: -1 (not scanned, may not use virus scanner)
X-GMX-Antispam: 0 (Mail was not recognized as spam)
X-GMX-UID: dQaQY1M5eSEkaqmjfHQhaXN1IGRvb4DS
X-MDMultiPOP: [email protected]@pop.gmx.net
Really Sick people did it i think.
Glad i have a email virus scanner who killed it.

Dude, I'm assuming this means you don't run your own domain! I sometimes get viruses from myself!
Sure freaked me out the first time it happened though... It just means that someone who has that email address stored in a vulnerable application (I'm thinking MS, sorry please don't sue me - I have kids!) was infected with one of the many virii that glean addresses from such applications.
Shame on them, whoever it was! <insert standard plug for GOOD anti-virus here>

That's a Jacked address.
Look carefully at the header and see where it's really coming from. The first email listed already implies it came from Saudi Arabia. I don't think the xda dev server is there...
I've seen similar techniques often, and this is rather weak compared to the ones I've got, where the trail leads back to Pacific Internet (ISP in my own country) and stops right there. Only with Sysinternals Whois and a little sleuthing did I manage to find out it was some arsehole in Vietnam who's trying to hock goods using the name of my company (a computer school).
(And even then it could be just a relay.)
Email is dead thanks to advent of spam, I swear...

Re: That's a Jacked address.
Ultimate Chicken said:
Look carefully at the header and see where it's really coming from. The first email listed already implies it came from Saudi Arabia. I don't think the xda dev server is there...
I've seen similar techniques often, and this is rather weak compared to the ones I've got, where the trail leads back to Pacific Internet (ISP in my own country) and stops right there. Only with Sysinternals Whois and a little sleuthing did I manage to find out it was some arsehole in Vietnam who's trying to hock goods using the name of my company (a computer school).
(And even then it could be just a relay.)
Email is dead thanks to advent of spam, I swear...
Click to expand...
Click to collapse
Thanks! for the info...

WP7 and SQL Azure

Hi guys,
I'm looking forward to building apps with WP7 using SQL Azure database
I can build apps with WP7 and have my SQL Azure database ready, but I don't know how to query data from Azure to my WP7 client
So far I don't find any tutorial on this topic yet
Any help would be greatly appreciated
Thanks

huy302 said:
Hi guys,
I'm looking forward to building apps with WP7 using SQL Azure database
I can build apps with WP7 and have my SQL Azure database ready, but I don't know how to query data from Azure to my WP7 client
So far I don't find any tutorial on this topic yet
Any help would be greatly appreciated
Thanks
Click to expand...
Click to collapse
I don't have an Azure account to test, but don't you just connect to an Azure SQL server the same way you do a regular one?
Code:
string _connectionString = "Server=tcp:[serverName].database.windows.net;Database=myDataBase;User ID=[LoginForDb]@[serverName];Password=myPassword;Trusted_Connection=False;Encrypt=True;";
using(SqlConnection conn = new SqlConnection(_connectionString)) {
conn.Open();
...
}
Replacing the information in _connectionString for your Azure account obviously. You can find all necessary connection strings here:
http://www.connectionstrings.com/sql-azure

Blade0rz said:
I don't have an Azure account to test, but don't you just connect to an Azure SQL server the same way you do a regular one?
Replacing the information in _connectionString for your Azure account obviously. You can find all necessary connection strings here:
http://www.connectionstrings.com/sql-azure
Click to expand...
Click to collapse
Yep.
Oh an NO EXCUSES for not having an Azure account!
For all of you independent software developers out there, you can get a full Azure instance for FREE.
Just sign up for BizSpark:
http://www.microsoft.com/bizspark/default.aspx
Yes, it is legal and if you are developing software, you you qualify. Basically, BizSpark gets you a full MSDN account, including Azure for free.
Not bad...
BTW, get started on SQL Azure here: http://www.microsoft.com/en-us/sqlazure/whitepapers.aspx

Hi,
I'm currently registered as an individual software developer in germany.
Do I have to use my own name as "Startup Name"? How is the general
process with BizSpark? What do I fill in for "Date/Month founded"? The
date when I registered as developer in germany? I read about the
sponsorship network partner you need to approval. What about this?
I contacted one of the partners OCC Bangalore for more info.

toolsche said:
Hi,
I'm currently registered as an individual software developer in germany.
Do I have to use my own name as "Startup Name"? How is the general
process with BizSpark? What do I fill in for "Date/Month founded"? The
date when I registered as developer in germany? I read about the
sponsorship network partner you need to approval. What about this?
I contacted one of the partners OCC Bangalore for more info.
Click to expand...
Click to collapse
PM Sent on BizSpark

I would like to know the same about the process of the BizSpark. I'm interested in using SQL Azure.

Probably not a good idea. Unless you don't mind giving access to anyone with Reflector your connection string. (A read-only account with V. limited priv's for example).
Might be better to host a webservice and make requests to that webservice using one of the many Client - Server frameworks (WCF, JSON, etc) available.
That way the client calls a method on the webservice which queries the Azure data and then returns it to the client. The client then know's nothing about the database.
nTier might seem a bit much, but a hacker with your database login could be worse .

Email Compromise? (Diablo Spam)

Hi there,
I have my own domain name. When signing up to websites, such as xda-developers, I use that site name as the to address for my domain name ie, [email protected]
This morning, I've received a spam email with subject "Subject [EN]Diablo III Account Locked - Action Required" to my xdadevelopers address at my domain.
Has there been a database compromise perchance? I've had a search through the forums here and don't see anyone else that has mentioned it as yet. The spam arrived about 3 hours ago from now.
It'd be a shame to have to close my account and devnull this email address, as I really love these forums and the great users herein.
Regards.
Update 1: It's certainly not a dictionary attack that I can see, as I haven't received any others of this nature to my catchall mailbox.
If it's any help at all, the headers show this as the sender host;
Received: from WWW-9763E06E580.net (unknown [110.103.67.128])
(very likely unrelated to any alleged compromise attempts, if indeed a compromise even occured).

I have seen this reported a couple times before but no resolution as I recall. I have passed this on to one of the admins, hopefully he can take a look and let us know if this is a problem to be concerned about.

I'm not aware of any compromise of the database. What I can say is that we treat our members data with the utmost respect and this would certainly be a concern of ours, but I don't see any evidence of any kind of intrusion like that.

bitpushr said:
I'm not aware of any compromise of the database. What I can say is that we treat our members data with the utmost respect and this would certainly be a concern of ours, but I don't see any evidence of any kind of intrusion like that.
Click to expand...
Click to collapse
Thank you for checking that sir. I believe that in the other threads, it was suggested that someone might have posted their email and a screen-scraper harvested it, or perhaps their email was grabbed some other way, but nothing definitive ever came of it.

bitpushr said:
I'm not aware of any compromise of the database. What I can say is that we treat our members data with the utmost respect and this would certainly be a concern of ours, but I don't see any evidence of any kind of intrusion like that.
Click to expand...
Click to collapse
Thanks for that, and I respect that data is treated with complete secrecy. I've not used this address or posted it anywhere else. It's used solely to login with, so i'm still a bit confused. I'll leave it for now, as it's only one example.
Regards.

Hi,
I'm in the exact same case, I use per site email on my domain , no dictionary attacks too (I got catchall so I see them) and same mail received
Same mail same kind of sender:
Thu, 16 Aug 2012 08:22:23 +0200 (CEST)
Received: from WWW-9763E06E580.org (unknown [110.103.67.40])
I can assure that this email is not used in any screen-shot or anything else than logging here.
This is quite annoying and since I don't use the same header as the other one (me it's [email protected]) it really seems that the mails data are compromised.
Regards,
Tolriq.

As above, exactly the same spam email, although the email address I used to sign up here is more complex than just [email protected]
I'll keep the email around, in case anyone wants to follow up on it.
Could this perhaps be the result of the new theme showing user email addresses on member pages (Eg. somewhere on http://forum.xda-developers.com/member.php?u=3492510)? Even if it's corrected now, if it did at any point, spammers may have scraped the member list during that time.

I've also just gotten an email directed at my one-time use address used for registering at XDA. Something's up, check your logs you've been compromised. I highly recommend a notice and forced password reset.
Return-path: <[email protected]>
Envelope-to: xda@MYDOMAIN.COM
Received: from [110.103.66.127] (port=57501 helo=WWW-9763E06E580.org)
by [REDACTED] with esmtp (Exim 4.63)
(envelope-from <[email protected]>)
id 1T6h7P-000354-NH
for xda@MYDOMAIN.COM; Wed, 29 Aug 2012 08:11:36 -0400
From: "Diablo III" <[email protected]>
To: <xda@MYDOMAIN.COM>
Content-Transfer-Encoding: base64
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.5512
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5512
X-Spam-Level: *****
X-Spam-Report: score=5.0 tests=CMAE_1, SHORTCIRCUIT version=3.3.1 cmae=v=1.1
cv=02sxpKrcaeIklPG9ikjtw9+Ix2dV+yAR3ckHHBRjlIA= c=0 sm=0 p=eKWGPzfAF9w9RlBXnosA:9
a=rfP7uN3eH0UA:10 a=SpdMY5nFWogA:10 a=IkcTkHD0fZMA:10 a=L-ISu7bKYZgA:10
a=jWLQlvoj7db9vSsTWhEWiQ==:17 a=blzCNhbTAAAA:8 a=3J15CkO5AAAA:8
a=xrJga5KMAAAA:8 a=HpAAvcLHHh0Zw7uRqdWCyQ==:117
X-Spam-Score: 5
Subject: [EN]Diablo III Account Locked - Action Required

I'll add a +1 to this (got phish with subject "[EN]Diablo III Account Locked - Action Required" trying to get me to visit a url on host us.diablo.net.zh-fot.in) . The unique address I used to register here in early 2008, while not super cryptic, is not as simple as [email protected] and likely would not be the left-hand part of anyone else's email addr, so likely would not have been derived from the phisher mixing-and-matching from different lists. It appears that they've successfully harvested xda member email addresses.

I can confirm that I've just got the phishing e-mail mentioned by other users here, on an e-mail account created and given exclusively to xda forum.
Code:
Received: from WWW-9763E06E580.org (unknown [110.103.67.201])
From: "Diablo III" <[email protected]>
To: <sax_[B][COLOR="Red"]xda-developers[/COLOR][/B]@xxxxxxxxxx.xxx>
Subject: [EN]Diablo III Account Locked - Action Required
Now I am in the process of making the current e-mail invalid and I creating a new unique one.
We will see how it goes...

I can confirm this. I use [email protected] and haven't had any unusual mail to any other address on my domain.
SMTP From: [email protected]
---
Message-ID: <[email protected]>
From: "Diablo III" <[email protected]>
To: <[email protected][Redacted]>
Subject: [EN]Diablo III Account Locked - Action Required
Date: Wed, 29 Aug 2012 17:00:34 +0800
MIME-Version: 1.0
Content-Type: text/html;
charset="utf-8"
Content-Transfer-Encoding: base64
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.5512
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5512
[Base64 Message Body Redacted]

+1 for me
Mail address used here is site specific, never used for anything else, cannot be dictionary generated.

We have received several reports from users receiving spam and/or phishing emails to email accounts which were unique to their profile on our community. We feel that there are enough of these to indicate that at some point in the past there was some sort of information disclosure which exposed these email accounts. We are not aware of any particular information disclosure or what exact information may have been exposed.
That being said, we take our community members' information security seriously and continuously review our code and configurations for security vulnerabilities. We do, however, run 3rd party forum software and plugins which occasionally have public security vulnerabilities. We apply all patches as soon as they are available to ensure the security of our data and therefore of our community. Even so, there is always the chance that someone is using an unpublished security vulnerability to try to attack our forum and gain personal information.
Our forum, as with many others running similar software, is a target for hackers attempting to harvest personal data (email addresses, passwords, etc). We highly recommend that you use a unique password for each website you are signed up with, and change that password on a regular basis. For services that support two-factor authentication, enable this option for even more security and peace of mind.
If anyone has information relating to any sort of information disclosure or compromise, we encourage them to report them to the technical contact at http://www.xda-developers.com/contact/#technical
Thank you and as always, questions and comments are welcome.

I posted in the other thread about this but figured I'd chime in here as well. I also use my own [email protected] address just for this site. I've never posted the address publicly and I always make up new passwords for each site. Those are at minimum 8 random characters/numbers/symbols.
In the other thread it was proposed that an admin/moderators system may of been compromised and a screen scraper had seen our emails. I find this pretty unlikely since my last post before the ones about this was in March. Are you sure all the moderators/admins can be trusted not to of sold our information themselves?
I think enough people have reported this problem that you should acknowledge it on the homepage and ask if people receiving these emails can post back so you can get a real idea of how many peoples accounts have been compromised.
Until you have found the source of the leak what is the point of changing our emails/passwords, they could just pull the new info again, besides, it's a PIA to keep changing my email address. Is anything being done about this or are you just waiting for some good willed hacker to email you at the address you posted?

Tann San,
I have a zero-tolerance policy about spam and getting the information I trust to a site, leaked all over the place,
but the only reason I've posted about it, is to confirm that indeed happened, after seeing bitpushr's post,
so the sysadmin(s) can look into it.
After said that, please keep in mind that even if they find out what caused the leak this time and patch it,
that doesn't mean that it won't happen again in the future. So the least we (the members) can do,
is to follow svetius advice and keep different passwords for each service we subscribe to and different e-mail accounts
whenever possible, although most of the disposable e-mail services, sadly are banned in this site -- obviously to fight spam accounts.
I hope that this can answer your question about why to change email/passwords this time (and every time after that).
I understand your frustration, it is indeed PITA, but one can hope that whatever backdoor was open to our data, it is closed for now...

You misunderstood me, I do use different email addresses for all my logins, that's the benefit of having my own email server. I also use different random passwords for each account. What I meant was that it's a annoying to change my email address here more than once since the leak hasn't been identified. For example, I can change it right now to another one but then whoever got our addresses already could go back and get my new email address, so then I have to change it again.
I don't really use my account here very often but I do read the RSS feeds/articles every day. I'm just saying that it seems a bit irresponsible to not let people know that their email accounts and who knows what other information has been stolen. That is also part of the reason I asked what was being done about this besides waiting for whoever it was to tell them how they did it.
Unfortunately "hoping" that the leak has been sealed is not a solution.

I wrote the screen scraper suggestion, and that's a pretty unlikely scenario since those are usually used against high value targets for banking info/logins. Most harvesters use the outlook address book or mine the browser cache of victim machines. The most likely explanation is that this was a sql injection attack on the forum software and probably took place "many moons" ago.

Ditto
Not sure if you want more confirmation, but I too have received Diablo III related fishing messages - to an address specific to this board.
My best bet is that someone sold a list of email address on...
Not a big issue for me as I'll just change my email address if the messages gets too much. Going to change my password just in case, but I haven't noticed anything strange.
Good luck!

Rinkink said:
Not sure if you want more confirmation, but I too have received Diablo III related fishing messages - to an address specific to this board.
My best bet is that someone sold a list of email address on...
Not a big issue for me as I'll just change my email address if the messages gets too much. Going to change my password just in case, but I haven't noticed anything strange.
Good luck!
Click to expand...
Click to collapse
XDA will never, ever ever ever sell E-mail adreses!
Sent from my MB525 using xda app-developers app

Rinkink said:
Not sure if you want more confirmation, but I too have received Diablo III related fishing messages - to an address specific to this board.
My best bet is that someone sold a list of email address on...
Not a big issue for me as I'll just change my email address if the messages gets too much. Going to change my password just in case, but I haven't noticed anything strange.
Good luck!
Click to expand...
Click to collapse
We have looked for any suspicious activity carried out by authorised users, and have found nothing so far.
I'm currently working backwards through years of vBulletin emails to see if there's anything from the past that could be an issue.
Your actual password isn't stored on, or transmitted to, XDA. It's stored in a hashed and salted form, which is more than can be said for many high profile sites unfortunately that were in the news recently...
Still, we'll not be happy until we can work out what's happened, no matter how long ago or recently it may have been.

[HOW TO] Report & remove your stolen work from blogging site by Sameer Ali

As you are aware - our work is being stolen by Sameer Ali (or at least thats his alias real name may be below)
He is changing our update scripts to his name and then passing off the work as his own to make money
I have reported his site
He uploads his modded files to datafilehost - If you want to get your work removed from there just send an email to [email protected] with all the details - if we all get the work he stole removed his site wont last long
If he starts uploading elsewhere just use the report feature on site to request a dcma abuse
His domain is registered to bigrock.in - but they say it's Googles problem but you can still complain http://www.bigrock.in/support/contact-us.php
The site is being hosted by Google - you can report it here - https://support.google.com/legal/contact/lr_dmca?product=blogger
I have also done some digging into his full details and this is what I have found so if you want to report it you can
Main Site
IP Address: 216.239.32.21
Registration Service Provided By: BIGROCK
Domain Name: GALAXY4GAMING.NET
Registration Date: 11-Nov-2013
Expiration Date: 11-Nov-2014
Redirect Site
IP Address: 173.193.106.14
Domain ID6365877-AFIN
Domain Name:GALAXY4GAMING.IN
Created On:17-May-2012 10:54:20 UTC
Last Updated On:07-May-2013 18:20:21 UTC
Expiration Date:17-May-2018 10:54:20 UTC
Sponsoring Registrar:BigRock Solutions Ltd (R144-AFIN)
Status:CLIENT TRANSFER PROHIBITED
Registrant IDI_22438133
Registrant Name:safder ali
Registrant Organization:N/A
Registrant Street1:natun bazar , Basistha road,house no-7
Registrant Street2pp tiwari hotel, milijuli path
Registrant Street3:
Registrant City:guwahati
Registrant State/Province:Assam
Registrant Postal Code:781029
Registrant Country:IN
Registrant Phone:+91.9435401923
Registrant Phone Ext.:
Registrant FAX:
Registrant FAX Ext.:
Registrant Email:[email protected]
Admin IDI_22438133
Admin Name:safder ali
Admin Organization:N/A
Admin Street1:natun bazar , Basistha road,house no-7
Admin Street2pp tiwari hotel, milijuli path
Admin Street3:
Admin City:guwahati
Admin State/Province:Assam
Admin Postal Code:781029
Admin Country:IN
Admin Phone:+91.9435401923
Admin Phone Ext.:
Admin FAX:
Admin FAX Ext.:
Admin Email:[email protected]
Tech IDI_22438133
Tech Name:safder ali
Tech Organization:N/A
Tech Street1:natun bazar , Basistha road,house no-7
Tech Street2pp tiwari hotel, milijuli path
Tech Street3:
Tech City:guwahati
Tech State/Province:Assam
Tech Postal Code:781029
Tech Country:IN
Tech Phone:+91.9435401923
Tech Phone Ext.:
Tech FAX:
Tech FAX Ext.:
Tech Email:[email protected]
Name ServerNS1.BIGROCK.IN
Name ServerNS2.BIGROCK.IN
Name ServerNS3.BIGROCK.IN
Name ServerNS4.BIGROCK.IN
DNSSEC:Unsigned
Mirror Site
Registration Service Provided By: BIGROCK
Domain Name: TECHWEEN.COM
Registration Date: 29-Nov-2012
Expiration Date: 29-Nov-2013
Status:LOCKED
Name Servers:
dns1.bigrock.in
dns2.bigrock.in
dns3.bigrock.in
dns4.bigrock.in

What you also could do is to report him to Paypal aswell so Paypal blocks his account.
Sent from my GT-S5360 using xda app-developers app

have submit and a friend of mine too. :laugh:

Let's face it, if you post your work there's always a big chance people will abuse it and use it as their own. That's one of the consequences of open-source.
I'd say just leave the person be. He's probably a lonely attention seeking, loveless child looking for recognition in cyberspace.
I honestly don't care how many blogs post my work. I've done my work for the community and served them well.

Ya @marcussmith2626 , you are right i can prove it here are the link . he have a facebook page and a website for sharing his copy work ~ facebook :https://www.facebook.com/groups/261992937217038/?bookmark_t=group . -- website : http://www.galaxy4gaming.in/ .
---------- Post added at 05:18 AM ---------- Previous post was at 05:18 AM ----------

Totally agree with dn01
There are numerous blogs which post files which is in XDA.
XDA also faced this issue when some directly KANGED some work and post as their own. But we have strong mods to kick them out. But this is internet not XDA. Still I'll help you to kick those basterds.
Sent from my GT-S5360

I have no problems with open sourced software being shared
I have no problems with my work being shared with appropriate credits
What I do have a problem with is when my work is copied and the owners name is changed and passed off as their own to make money - that is against the whole ethics of open source

marcussmith2626 said:
I have no problems with open sourced software being shared
I have no problems with my work being shared with appropriate credits
What I do have a problem with is when my work is copied and the owners name is changed and passed off as their own to make money - that is against the whole ethics of open source
Click to expand...
Click to collapse
Yes, same thing happened in xda
Sent from my GT-S5360

Guess what! This guy is the official reference of drippler (a popular android app that gives apps to users with their specified smartphone.) Such a shame....

Ya, you guys should download drippler you will see all his 'work' is there and the download link .See SS below
Sent from my GT-S5360 using xda app-developers app

I guess there are many more sities fixing up the links of all popular mods of the forum with ******* etc to make money...
||""Playing Asphalt™ 8 Airborne on my sgy. LoLz.
Joke of the year. Gameloft devs will die if they hear this. ""||

LOL Somebody's Router is about to get flooded

Leave him.... Sometimes he is even usefull when links die here... His links are always up
However it isn't ok what he is doing.
Sent from my GT-S5360 using Tapatalk 2

alemad said:
Leave him.... Sometimes he is even usefull when links die here... His links are always up
However it isn't ok what he is doing.
Sent from my GT-S5360 using Tapatalk 2
Click to expand...
Click to collapse
I could leave him,
Or i can flood his router for atleast 72 hours per week. Now he won't have internet access to steal others work

seems his giving credits now ....
http://www.galaxy4gaming.in/2013/10...eed:+galaxy4gaming+(Galaxy+Y+Gaming+Club)&m=1

You're right, but why need to put his name at all the work ( I means he should mention that this work is developed by who )
Sent from my GT-P5100 using xda app-developers app

If i am not wrong he is most probably a member of our forum.
||""Playing Asphalt™ 8 Airborne on my sgy. LoLz.
Joke of the year. Gameloft devs will die if they hear this. ""||

Yes he is , if not how he know all the latest work ?
Sent from my GT-P5100 using xda app-developers app

Ya!! I found my flashable fonts on galaxy4gaming.in but he give me proper credit!! That's ok!!
Or!! May be!! He gives me proper credit because there was my signature in all that flashable zips!!
Sharing others works is not bad if proper credit is given with original post's link, which is visible for all!!
It may possible that he is reading all these post & erase his mistakes!!

thewarlord said:
Ya!! I found my flashable fonts on galaxy4gaming.in but he give me proper credit!! That's ok!!
Or!! May be!! He gives me proper credit because there was my signature in all that flashable zips!!
Sharing others works is not bad if proper credit is given with original post's link, which is visible for all!!
It may possible that he is reading all these post & erase his mistakes!!
Click to expand...
Click to collapse
My signature was in all my zips but he changed them to his name & gave me no credit & added ads to my download links which is against my rules of sharing my work
This is why all my work was removed from that site by company he uses to host files
I have always said people are free to use & share my work on the condition that credit is given & no ads are added to any links to my work (eg adfly) - he broke both these rules
If he does read this - feel free to apologise

malicious impersonator of xda

I just stumbled on this malacious impersonator/mirror of xda, maybe you can take steps against it with the hosting provider. I have replaced the tt in http with xx to make the link non clickable as the site contains malware: hxxp://forum.datadevelopement.com/

@bitpushr

Thanks guys, another proxy site. They are blocked.

bitpushr said:
Thanks guys, another proxy site. They are blocked.
Click to expand...
Click to collapse
they are not a proxy, they impersonate XDA to spread malware. They copy all our posts and articles (or intellectual property), some of which have our real names attached to them, to spread malware (in our names) you should contact the authorities and at least the hosting provider and domain registrar

godutch said:
they are not a proxy, they impersonate XDA to spread malware. They copy all our posts and articles (or intellectual property), some of which have our real names attached to them, to spread malware (in our names) you should contact the authorities and at least the hosting provider and domain registrar
Click to expand...
Click to collapse
I would love to have the authorities go after them, but from experience they are not very interested in people like this. They use multiple hosting providers and multiple IPs to essentially fetch our site and automatically inject their own ads (and malware). It's a proxy and we are able to track which IPs they connect from, and block those IPs.
There are a few pages thay they cache and are still serving but typically they will shut down the site in a few hours.

Came across this thread when searching the above website. I am also seeing that the website is now showing up on xda aswell. If you do a search for the site name there are 193 results. Luckily my firewall blocked the website but, others may not be so lucky. Just wanted to give a heads up so the links can be removed or somehow sanitized.