10-11-2013, 05:54 AM #1WHT Addict
- Join Date
- Jan 2007
Greece-Trading.com spam mail messages
Greetings. Yesterday I moved to a new provider recently and since I gave the passwords to the web hosting admin, spam messages started coming out of my mail server from a site called greece-trading.com
Those email message are being sent from emails that we have and some that we don't have (eiter used in the past or combinations of usernames). They are coming to both @Gameworld.gr and yahoo accounts as you can see.
Those same emails started coming yesterday at the same hour, to my company's email (ie. to the company that I work) and they were shown as sent from my company's website (not Gameworld.gr). Today those emails stopped, but on my site they continue every minute as you can see in the pics!
While I asked AdminGeekz to secure the mail server 10 days ago, raise firewall and clear all scripts that were sending spam emails, now with that thing I don't know who's fault is it. AdminGeekz? My old web hosting company? (I'm moving right now to a new one) or the new Web Hosting company?
And how can I correct this? Please give me some info on what to do through WHM or SSH to check or even fix the issue.
Last edited by Kotsolis; 10-11-2013 at 06:08 AM.
10-11-2013, 06:17 AM #2Engineer
- Join Date
- Jan 2005
- Scotland, UK
The person to blame is yourself however it appears your unwilling to listen despite being repeatedly told the same thing. Your primary issue you contacted us about was you where unable to send outbound which was because your provider (redstation) enforces specific email policies, specifically you must route through their SMTP server and you are also limited by the number of emails you can send in 24 hours, which you where exceeding.
You had a PHP backdoor that was sending mass spam from your system which we identified, stopped and cleaned up. Which then permitted your email to be sent and this was working after the 24 hour period and you where informed to upgrade the web scripts inside your directory to prevent this reoccurring.
So I assume what has happened since this time last week is that this issue has reoccurred and your website has been compromised again because you have failed to listen to the advice being given, despite it being mentioned over and over and over again. I will paste one of the responses from September where we explicitly told you this exact same thing again. Where you where wanting to provide reviews in exchange for us doing tasks that are your responsibility.
The bottom line is, you came to us because you where unable to send email. We identified the source of the problem, corrected it, cleaned your system and you in turn where able to send email. If you fail to follow our advice and are compromised again I fail to see how this can be anyones fault but your own.
Posted on: 29 Sep 2013 05:27 PM
We are not interested in exchange for reviews, we are willing to assist you and will help you resolve the problem but you have to take your part of responsibility. If -> YOU <- do not secure your scripts there is little we can do to limit outbound spam being readded to the system. Let me re-emphasize it is -> YOUR <- job to handle your web applications, not the job of a system administrator. A system administrators job is to handle the system, while there are some overlaps and we will assist you where we can, when it comes to tasks relating to the web app/programming it's down to you to address this or to find a programmer who will maintain this. As while us cleaning the system/mail queue/etc are one time deals, you need to keep ontop of scripts/cms/forums/blogs/etc you use and ensure they are up to date.
As I said we removed the directory "old" outside of public_html which contained the script that was sending spam (eM.php) what we are advising you to do is to clean up the remaining ones you don't use and upgrade the ones you do use to prevent these backdoors from being readded.
You are not sending spam at the minute all the mails stuck in your queue are waiting because of the send limit from your provider (since you need to route through their SMTP server) so we can do very little about this. You can either ask redstation to increase the limit or you can move to another provider - there is virtually NOTHING we can do server-side about this as we have no control over their SMTP server and their firewalls prevent you from routing mail yourself.
From the logs I can see you've send only around 80 emails since we made the changes to remove the spam so after the 24 hour period your provider (redstation) should start allowing you to send emails up to the limit. All the emails currently come from "phpmailer.php" inside your home directory and are from your application so are legitimate. While I don't speak your language they look like registrations and update emails to users.
The emails you've sent from manos@ are still queued and will be delivered once redstation allows you to send emails.Server Management - AdminGeekZ.com
Infrastructure Management, Web Application Performance, mySQL DBA. System Automation.
WordPress/Magento Performance, Apache to Nginx Conversion, Varnish Implimentation, DDoS Protection, Custom Nginx Modules
Check our wordpress varnish plugin. Contact us for quote: [email protected]
10-16-2013, 04:49 AM #3
You should investigate the message source to see if it came from your server or not. If it came from your server then -as Scott.Mc said- you should investigate for any site compromise.
If it didn't came from your server, then you might consider enabling SPF for your domain, so others can't spoof your domain name.
10-21-2013, 08:35 AM #4WHT Addict
- Join Date
- Jan 2007
They were only posted for 2 days and then stopped.
How do I enable SPF by the way? And I guess there is a risk to lose serious emails from non-spammers, right?
10-22-2013, 01:14 AM #5Aspiring Evangelist
- Join Date
- Dec 2011
- Tulsa, OK
10-22-2013, 09:32 AM #6WHT Addict
- Join Date
- Mar 2007
- Agios Dimitrios,Attiki,GR
I am really confused about you honestly.
You have here fill complains for various DC providers, you report someone as the best provider.. They made to much for you (http://www.webhostingtalk.com/showth...1058547&page=3) and after 2-3 months now you ask help for SPF when you advertise another provider at your signature
At the same time you fill complain for respected members here, why happening all that , why so many posts without value that is something I really cant understand
You ask help to enable the SPF and you dont tell us where you install SPF in which platform,windows linux, you use control panel ... tell more details to receive more help
Last edited by rotame; 10-22-2013 at 09:36 AM.Company : rotame.com Complete Internet Solutions
Location : Greece, Athens
Datacenter: DE, UK | OS: Centos | WebServer: Apache | CP: CPanel
10-29-2013, 07:32 PM #7WHT Addict
- Join Date
- Jan 2007
Let me guess, your signature shows you are greek, I have complained about Greek-Trading.com and...the thread is a couple of weeks old. I think we found the one responsible for all those spam and that is you.
My signature shows a Web Hosting company with which we have a deal which is not your business obviously. Are you here to judge somebody elses signatures? Are you a forum moderator? I don't think so.
I can fill complain with as many companies as I like. Unfortunately, I have a heavy site which many web hosting companies couldn't handle well even on a dedicated server. Fortunately, I have helped many others with my reviews to avoid some abuse departments going crazy, slow technical support, broken hard disks on servers and many other stuff. If you want an explanation about my signature let me hear your explanation first for those that you work for. Because I don't work in any web hosting company.
And finally, on-topic, I stopped receiving spam from this company so I didn't make any actions because I don't have time.
10-30-2013, 01:59 AM #8
here if you prefer.There's no such thing as an unmanaged server - It's actually self-managed. Worth remembering next time you're looking for someone to complain to.
DATA VALUATION SERVICE: Your data's value is linked directly to your backup strategy. If YOU don't have your own backups then YOU value your data at ZERO. So why should anyone else care when you lose it?
By basketmen in forum Hosting Security and TechnologyReplies: 5Last Post: 03-19-2011, 07:28 AM
By mylinear in forum Hosting Security and TechnologyReplies: 5Last Post: 09-15-2010, 02:29 PM
By _mediapig_ in forum Hosting Security and TechnologyReplies: 12Last Post: 05-25-2010, 04:30 PM
By alycad in forum Hosting Security and TechnologyReplies: 7Last Post: 05-27-2008, 09:03 PM