Results 1 to 15 of 15
  1. #1

    Should I look at spamming issue now, or wait for it to happen again?

    We have a site that's under development, so only 4 of us have access to it. We've been with this host about three months.

    Two days ago, out of nowhere, I begin receiving tons of emails to a test account I have. I look at the Outlook status bar, and it says there are 2,000 emails being downloaded. When I check the email account on the server, I notice that this email account has grown to over 5K emails. Apparently, this went up to 100K emails today.

    The web host deleted all the emails and things are working properly, but I would like to know what caused this.

    Should I just wait for this to happen again? I have absolutely no clue why this happened.

    Thanks.

  2. #2
    Join Date
    Mar 2009
    Posts
    3,807
    What exact emails? What full headers? Is it actual spam or is your development site going into an endless loop or something?

  3. #3
    Join Date
    Apr 2007
    Posts
    3,513
    What's the content of the eMails? should give you some idea where they came from...
    - Buying up websites, side-projects and companies - PM Me! -

  4. #4
    Sorry about that. I thought I had posted the screenshot.
    http://dl.dropbox.com/u/10067449/spam.gif

    This is from right now, after the 100K emails had been erased.
    http://dl.dropbox.com/u/10067449/mailenable_queue.gif

    They are all "delivery failure emails". I do not recognize any of the emails addresses. And I have a dedicated server just for our site, so those there is no way that they came from me.

    Our development teams consists of two people. Three other people do the testing. That's it.

    Thanks.

  5. #5
    Join Date
    Mar 2009
    Posts
    3,807
    Can you post the full content/headers of the emails, sanitizing your own addresses if wanted?

  6. #6
    so someone is using your server to send out emails? And your getting many reply's from email providers?..

    Quote Originally Posted by quantumphysics View Post
    Can you post the full content/headers of the emails, sanitizing your own addresses if wanted?
    Yes, this will be a little more helpful..

  7. #7

  8. #8
    Yeah it looks like your server has been compromised. Try changing your email password, you might also want to hire an administrator to help secure the other parts of your server.

  9. #9
    The host provider for my server just confirmed that.

    Since those 100K messages were emails that bounced, how many emails were actually sent and received by email addresses?

    Is it possible that this can ruin the domain's reputation with email providers?

  10. #10
    Join Date
    Mar 2009
    Posts
    3,807
    Quote Originally Posted by vmhatup View Post
    The host provider for my server just confirmed that.

    Since those 100K messages were emails that bounced, how many emails were actually sent and received by email addresses?

    Is it possible that this can ruin the domain's reputation with email providers?
    IP's reputation, probably. Not sure about domain.

  11. #11
    Join Date
    Mar 2011
    Location
    Graz, Austria
    Posts
    298
    It does not necessary mean that your server has been compromised, someone could fake the sending email to yours and bounced emails come to you even though he sent the emails from somewhere else or from a botnet.

    we see that quiet often here, and we were never the issue.

  12. #12
    Join Date
    Oct 2002
    Location
    State of Disbelief
    Posts
    22,951
    Quote Originally Posted by EDIS View Post
    someone could fake the sending email to yours and bounced emails come to you even though he sent the emails from somewhere else
    Being a dictionary word, "test@" would be a target for guessing a valid email account. I'd look to see if the mail was actually outbound from your server first, rather than judging by the received bounces. Look in the mail logs for outbound sendings.
    Quote Originally Posted by vmhatup View Post
    The host provider for my server just confirmed that.
    They confirmed the account had sent all those messages, or that it kind of looks that way based on the received bounces only?
    Having problems, or maybe questions about WHT? Head over to the help desk!

  13. #13
    Join Date
    Oct 2006
    Posts
    371
    You should definitely take care of this now, especially since it is possible your server was compromised. This can ruin your IP's reputation.
    Fully customized hosting to your specific needs, no general plans found here!
    'Read before you click I agree' - J

  14. #14
    Apparently, the "test@" account had a very easy password. So they cracked the password and used my account and server settings to send spam. But I don't believe the server was compromised; it's just a very poor choice for a password.

    Is is possible to know how many emails were sent using that account? I have mailenable.

    Thanks.

  15. #15
    Join Date
    Mar 2009
    Posts
    3,807
    grep your logs for test@ and wc -l?

Similar Threads

  1. Spamming Issue "Wann Date?"
    By Tushar_Ambekar in forum Hosting Security and Technology
    Replies: 25
    Last Post: 02-01-2011, 02:29 PM
  2. DirectSpace....Wait....Wait....Wait...wait......
    By pingchun78 in forum VPS Hosting
    Replies: 18
    Last Post: 06-23-2010, 09:27 AM
  3. spamming issue please need urgent help
    By tonja in forum Hosting Security and Technology
    Replies: 22
    Last Post: 08-03-2004, 01:35 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •