Mobile app version of vmapp.org
Login or Join
Alves908

: My shared hosting account is sending spam emails My webhost has deactivated my shared hosting account, since it was sending spam emails through my domain. I have all unrouted mail such as mailto:aasdasd@domain.com

@Alves908

Posted in: #Email #Security #Spam #SpamPrevention #WebHosting

My webhost has deactivated my shared hosting account, since it was sending spam emails through my domain.

I have all unrouted mail such as mailto:aasdasd@domain.com set to be forwarded to a specific email account, and in that account I did found thousands of returned email in this form (my domain appears as "mydomain.com"):

This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:

john.peterson40@verizon.net
Domain mydomain.com has exceeded the max emails per hour (125/100 (125%)) allowed. Message discarded.
stephengirten@live.com
Domain mydomain.com has exceeded the max emails per hour (125/100 (125%)) allowed. Message discarded.
noely.29@homaiel.com
Domain mydomain.com has exceeded the max emails per hour (125/100 (125%)) allowed. Message discarded.
tpm@nc.rr.com
Domain mydomain.com has exceeded the max emails per hour (125/100 (125%)) allowed. Message discarded.
wes.titus@gmail.com
Domain mydomain.com has exceeded the max emails per hour (125/100 (125%)) allowed. Message discarded.

------ This is a copy of the message, including all the headers. ------

Return-path: <di@mydomain.com>
Received: from [37.99.92.80] (port=53818 helo=[192.168.1.01])
by sw2.scarabweb.com with esmtpa (Exim 4.82)
(envelope-from <di@mydomain.com>)
id 1XGu1e-000JKY-Qy; Mon, 11 Aug 2014 14:08:55 -0400
X-AntiVirus: Checked by Dr.Web [version: 8.0.0.11070, engine: 8.0.0.10160, virus records: 3408234, updated: 26.11.2012]
Subject:
From: Di <di@mydomain.com>
Content-Type: text/plain;
charset=utf-8
X-Mailer: iPhone Mail (10A403)
Message-Id: <47A5FF9D-20F1-8A4A-BCC4-24625FA7655F@mydomain.com>
Date: Mon, 11 Aug 2014 09:55:01 -0700
To: "john.peterson40@verizon.net" <john.peterson40@verizon.net>
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (1.0)
saflex.ca/best_worldwide_drugtore.htm Sent from my iPhone=


The first time it happened, my webhost didn't provide any useful help, and I've just ended up changing my password (such as ftp password), and got my account re-instated.
but now, a day after, this is happening once again, and the account was deactivated again.

I do not run any scripts on my website such as wordpress, everything is simple .php as far as i know.

10.01% popularity Vote Up Vote Down


Login to follow query

More posts by @Alves908

1 Comments

Sorted by latest first Latest Oldest Best

 

@Jamie184

There is not enough information for anyone to really know what is going on here. But here is what you may be missing.

Any system has several services installed along with applications; FTP, HTTP, SSH, DNS, and PHP and Java are fairly common. You will have more. Each service and application can be vulnerable. PHP and Java are environments/languages that can offer vulnerabilities without having to have PHP or Java code installed/available. As well FTP and DNS are often compromised.

You will need to use a anti-virus and scan all of your hard-drives including rootkit to try and remove any virus or Trojan that may have been installed. Please understand that not all viruses or Trojans are known or can be detected. You may have to format and re-install everything from scratch. DO NOT USE an online web based anti-virus! There are plenty of very good free anti-virus software out there. You can even use a trial version.

Make sure that you are running the latest version of all software. This is not a guarantee that you will not have any problems, but reduces the likelihood of an issue. Make sure that you are vigilant and keep your software up to date checking for vulnerabilities that may have been discovered.

You will also need to make sure that no services are running except for those that are necessary. If at all possible, use a hardware or software firewall. Which software firewall is best depends upon your operating system. Do port scans against your system to see what ports are open. There are plenty of websites available for this.

Last, get familiar with security. Please. This is a huge subject, but the basics are well within your reach and the basics are often enough to get you started.

10% popularity Vote Up Vote Down


Back to top | Use Dark Theme