Results 1 to 9 of 9
  1. #1
    Join Date
    Jun 2004
    Posts
    41

    Spam help...it's coming from me...

    Well, I'm not much of a webmasater, but I'm willing to learn...

    I'm having some email troubles. Basically, I'm recieving spam from myself. It's a little more than just my email address in the From: line, the return headers are the server itself and my account name (like [email protected]).

    Everything is managed by CPanel as best as I can tell (at least from my end of things).

    My two guesses are:

    1) somebody has my email account login/password info...but this would not explain why the return header is the server would it?

    2) somebody has my FTP account login/password info...and they login and run things straight from the server - or worse, they let a virus do the work...

    I don't want to say who my webhost is so as not to tarnish any names or reputations because all in all they have been really great.

    Any ideas or thoughts about what I might do (on my end) to prevent the spamming?

    v

  2. #2
    Join Date
    Apr 2003
    Location
    London, UK
    Posts
    4,695
    Do you know if PHP is running as an apache module or as a CGI on your host?

    If the first, then i don't think it's an exploited script else the mail would be from [email protected]

    Can you post the headers here?

    Things to do:

    1: change your password

    2: tell your host about this (otherwise, if it is coming from your account and they get an abuse report they might just terminate your account with no notice)

  3. #3
    Join Date
    Jul 2002
    Location
    Kuwait
    Posts
    10,573

  4. #4
    Join Date
    Jun 2004
    Posts
    41
    I'm going to mark this up so that you can get a gist of what is happening, but I don't want to reveal the real details...

    Note that myaccountname is my hosting account login and email account is the email account that is currently be used by them...

    I just changed the password to my email account, but I worry that they have my account login...

    Thanks...v

    From: [email protected]
    Subject: r%x living with 434 but
    Date: Thu 3 Jun 2004 10:57:46 CEST
    To: [email protected]

    Some headers...

    Return-Path: <[email protected]>
    Envelope-To: [email protected]
    Delivery-Date: Mon, 31 May 2004 04:54:56 -0400
    Received: from myaccountname by server14.hosting.com with local-bsmtp (Exim 4.34) id 1BUiZL-0000oL-12 for [email protected]; Mon, 31 May 2004 04:54:56 -0400
    Received: from localhost by server14.hosting.com with SpamAssassin (2.63 2004-01-11); Mon, 31 May 2004 04:54:56 -0400
    Message-Id: <[email protected]@mysite.com>

  5. #5
    Join Date
    Jul 2002
    Location
    Kuwait
    Posts
    10,573
    hosting.com is your hosting company in this example?
    Bashar Al-Abdulhadi - KuwaitNET Internet Services Serving customers since 1997
    Kuwait's First Webhosting and Domain Registration provider - an ICANN Accredited Registrar

    Twitter: Bashar Al-Abdulhadi

  6. #6
    Join Date
    Jun 2004
    Posts
    41
    yes...perhaps not the best example, but it's the example i used...

  7. #7
    Join Date
    May 2004
    Posts
    197
    This may be because of a virus, which uses your system as an SMTP server to relay the mails to your accounts. Do a virus check with a latest anti virus software, which may heal your issue.
    Waxdoll
    Quite, Cool & Adjustable, But Dangerous
    I Love Microsoft

  8. #8
    Join Date
    Jun 2004
    Posts
    41
    Yep...I'm about to name names of the webhost but I'll be nice for now...

    Well, a little bit of sleuthing and I discover that 11 days before I ever recieved one of these spams which appeared to be from myself to myself except with another name in the To: line...

    Ummm...I started recieving emails from their tech support with the EXACT same To: name...

    I think it's tech support that has a virus in their system...not good...

    Glad I basically live in Unix and OSX...v

  9. #9
    You can try taking a look at the maillog and see when and how it the message is sent to sendmail. Finding it shouldn't be a problem if you have the message id.
    ::. www.diginode.net : Dedicated Servers : Virtual Machine Servers .::
    ::. Industry-Leading Remote Server Management .::
    ::. Automatic OS Re-image : Instant Server Reboot : Remote Serial Console .::
    ::. Over 20 OSes to choose from : Install a new OS every day .::

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •