John,
We received this for IP 64.57.210.240 (Hawk) and mentions user "tabletpc"
As part of your service, I logged in, located the bad scripts and removed them.
You should should consider removing any unnecessary plugins as I am sure that is the source of the insecurity.
[ SpamCop V4.6.1.006 ]
This message is brief for your comfort. Please use links below for details.
Email from 64.57.210.240 / Thu, 16 Sep 2010 06:55:14 -0500
http://www.spamcop.net/w3m?i=z520833...29433a50ed72fz
[ Offending message ]
X-Apparently-To: x via 69.147.92.113; Thu, 16 Sep 2010 04:55:14 -0700
Return-Path: <tabletpc@hawk.urljet.com>
X-YahooFilteredBulk: 64.57.210.240
Received-SPF: none (mta1039.sbc.mail.mud.yahoo.com: domain of
tabletpc@hawk.urljet.com does not designate permitted sender hosts)
X-YMailISG: jmKpiXEcZApfspM0eY9WuOqSiWD6IZFLEtbtwHGs2Wo1AZg.
5Oqn5m22FFhkp7R1apgE6pgXRAIyGS3GYcE.OtalV8XMnXn4xrS.74Grd iDj
U9THagngVkrUW3TLuPbnE1q8iOBYmjgwasnBL56Tg9z7xLbwQ_iBjBtxd cFR
1iKNrwqLMiO3Mid.emxlBWtAf_0uWFvHAqHRxW9UcJSjJ0MpNLH1ntx0S 10f
YDSfPkCuEGSGM4KjDU9swEpo3wgAS7L0Fhnfk5NT.EjXJ6w4G83A8ODs9 7ZA
1zpZZBML2nJ4uRIDWS0Ft0J7ukjwespUly77BTL_iLZcl3Uyh67hBLopd TUO
scL3Utk1Yn2j3pKN3sDn9gt1shmqaXzl4jQrBMJYr2zCM2ui0JwQ.kkdF 5s3
.41Dze4m0svY3nMZbqKu9qsUGNBhPWfNUHYAN.M4p09USCkLMdURuxwcM itp
1F5j81rqz30ebfhM8Il6GzpngsXn3C8WHDLU6nCkh9t00q4_yPQ-
X-Originating-IP: [64.57.210.240]
Authentication-Results: mta1039.sbc.mail.mud.yahoo.com from=bbvacompass.com; domainkeys=neutral (no sig); from=bbvacompass.com; dkim=neutral (no sig)
Received: from 207.115.36.125 (EHLO nlpi111.prodigy.net) (207.115.36.125)
by mta1039.sbc.mail.mud.yahoo.com with SMTP; Thu, 16 Sep 2010 04:55:14 -0700
X-Originating-IP: [64.57.210.240]
Received: from hawk.urljet.com (hawk.urljet.com [64.57.210.240])
by nlpi111.prodigy.net (8.14.4 IN/8.14.4) with ESMTP id o8GBtE6h007093
for <x>; Thu, 16 Sep 2010 06:55:14 -0500
Received: from tabletpc by hawk.urljet.com with local (Exim 4.69)
(envelope-from <tabletpc@hawk.urljet.com>)
id 1OwD3Y-0002mo-1o
for x; Thu, 16 Sep 2010 06:55:12 -0500
To: x
Subject: BBVA Compass Bank Warning Notification
X-PHP-Script:
www.tabletpcbuzz.com/vault/images/icon/kam.php for 99.33.34.65
From: BBVA Compass Bank <email.alert@bbvacompass.com>
Reply-To:
MIME-Version: 1.0
X-Content-Type: text/html
X-Content-Transfer-Encoding: 8bit
Message-Id: <E1Ow_________o-1o@hawk.urljet.com>
Date: Thu, 16 Sep 2010 06:55:12 -0500
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - hawk.urljet.com
X-AntiAbuse: Original Domain - sbcglobal.net
X-AntiAbuse: Originator/Caller UID/GID - [539 32007] / [47 12]
X-AntiAbuse: Sender Address Domain - hawk.urljet.com
X-Source: /usr/local/lsws/fcgi-bin/lsphp-5.2.14
X-Source-Args: lsphp5:abletpc/public_html/vault/images/icon/kam.php
X-Source-Dir: tabletpcbuzz.com:/public_html/vault/images/icon
Content-Length: 1460
Content-Type: text/plain
X-SpamCop-note: Converted to text/plain by SpamCop (outlook/eudora hack)