I imagine we should have known better, but I haven't seen this type of thing in the forums.

Anyway, after nearly 2 months of not much happening on a new account we got bitten.....not sure how hard yet. We 'previously' offered temporary access to accounts (we use CPanel), but no longer after this mess.

The guy dawdled around with his account for a couple of months. Had a 'under construction' page and added/removed other pages. Then a couple of days ago we got a report from an ISP of spamming. Fortunately, it didn't last long. The account was terminated (with extreme prejudice) and a notice put up at his supposed return link. After checking, he had already set up an account elsewhere (checked whois) and info was pointing to the new account. I sent them an FYI, too.

I don't know if others have had this happen, but we won't use the temporary access function anymore and don't recommend it to others.

Its almost heart stop when you read the email from the data center that there is spam from your server. It happened to me 2 weeks ago. My brothers site I was hosting for him had an outdated version of phpnuke and and some jerk was using the phpnuke/webmail exploit to spam through the server.
I went into cpanel to find over 6000 messages in que to be sent. Thank God!!I deleted them real fast! I didnt try real hard to track the spammer as it would not do me any bit of good but I did my best to make sure it will not happen again. It was so very dumb of me to not turn off the "Send mail from nobody feature"
I learn best from my mistakes though.

-Dave

Sorry about your luck. Feel free to post the domain the spammer used so the rest of the hosting business owners can add this to their black list.

:beer:

Richard

The typical spammer problem in my case is this:

Spammer pays for a year with a stolen credit card. Then waits until it is night in your area. Then nails out 100.000 Emails as quickly as possible before you wake up. Then when you kick him he moves on and the payment is getting refunded to the real credit card owner.

I did limit the outgoing email account per user to 1000 so it doesn`t really do that much damage but if you are sleeping for 5 hours he will send 5000 emails... That might be enough to get you listed somewhere. Also last time I had 80.000 emails on the mailing queue... That caused some downtime (overload).

I'm unable to post the domain name as we are still researching the relationship between the whois owner and the account owner. We get many legitimate signups like this so we didn't pay much attention to it being different. I want to make sure the domain owner wasn't also taken for a ride by these guys.

The signup was from Texas and in that state it is illegal to use a domain name that you don't own in spam (even though spam itself is basically legal). The account holder had permission to use the temp login with our IP, but not with our domain name. In the meantime we no longer have the temp login feature activated and are checking on legal action that can be taken.

The user signed up using a credit card, and we know for sure it was the right person with the strictness of our CC authorizing. He is from Texas and the first name is Jim.

Yeah the temporary login feature will get you everytime just like the automatic account creation feature. You also might want to go one step further for future signups and utilize anti-fraud protection (ie: FraudGate) or just simply place a phone call yourself to verify all new orders.

Richard