Results 1 to 14 of 14
  1. #1
    Join Date
    Apr 2003
    Posts
    49

    Angry Help ... What To Do ???

    Hi Guys

    Can someone please shed some light on what to do in this situation , we have a reseller account and contacted our reseller account host tech support which have done nothing to this point , we contacted them on yesterday 5/15/05 early A.M and we got a note saying they were looking into it , then late last nite 5/15/05 P.M. we got another response which provided NO help , the response actually looked canned or scripted ... very general and didnot even address the actual specific problem , just very general , now they dont respond at all .


    Below is A copy of the email to our host support techs, for privacy reasons , specific names ( names , addresses from our end and our host ) have been removed .


    SUMMARY : Problem : Receiving a high level of combination of spam bounced emails and spam regular email ,
    everytime we use the filters to block them , they increase in number and more come faster , email filters provided
    in the cpanel are not working ...
    We need your help in stopping this large quantity of spam from coming in ... full details below .

    We have been monitoring one of our hosted accounts email box for the past few days after receiving a concern / complaint ,
    we see something suspicious going on here and need you guys to step in now as we have basically lost control with this .
    Started about 3 days ago with ___ receiving 2 emails in their box which looked to be in german language , those two emails were added to the blacklist , then block with email filters in the cpanel .
    Then the next day more of the same type emails came thru and also delivery failure notices which appear as tho something
    had been sent from the email box that had bounced back undeliverable , However, they had not sent any emails to the addresses that bounce mail was coming back from .
    Then late last nite a few more of the same emails came thru again and once again were added to the blacklist and email filtered .
    NOW this morning ( we will attempt to add the email headings below ) , ...
    we see in the box that even more at a time are coming in .
    Please See What Is Going On Here , We dont know how to control this at this point and need The Pro's to tackle this thing .

    BELOW IS A COPY OF THE EMAIL HEADINGS IN THE BOX WHICH JUST RECENTLY CAME THRU ...
    Every time we block them , they increase in number and more come , the provided filters in cpanel are not blocking this !!!
    Our concern is how to stop this , and has this email box been hacked ???

    718 08:35:36 AM Mail Delivery System Undelivered Mail Returned to Sender 4 KB
    717 08:26:49 AM [email protected] Paranoider Deutschenmoerder kommt in Psychiatrie 758
    716 07:54:00 AM [email protected] 60 Jahre Befreiung: Wer feiert mit? 978
    715 07:12:05 AM System Administrator Undeliverable: Paranoider Deutschenmoerder kommt in Psychiatrie 2 KB
    714 06:58:29 AM Mail Delivery System Undelivered Mail Returned to Sender 4 KB
    713 06:41:51 AM System Administrator Undeliverable: Du wirst ausspioniert ....! 2 KB
    712 06:33:32 AM Mail Delivery System Undelivered Mail Returned to Sender 4 KB
    711 03:58:50 AM [email protected] Blutige Selbstjustiz 859
    710 03:56:08 AM System Administrator Undeliverable: The Whore Lived Like a German 2 KB
    709 03:43:57 AM [email protected] Graeberschaendung auf bundesdeutsche Anordnung 788
    708 03:46:05 AM Mail Delivery System Undelivered Mail Returned to Sender 4 KB
    707 03:25:48 AM [email protected] S.O.S. Kiez! Polizei schlaegt Alarm 762
    706 01:30:31 AM [email protected] Du wirst ausspioniert ....! 904
    705 12:26:02 AM [email protected] Dresden 1945 714
    704 12:10:03 AM System Administrator Undeliverable: Vorbildliche Aktion 2 KB
    703 05/15/2005 Mail Delivery System Undelivered Mail Returned to Sender 4 KB
    700 05/15/2005 System Administrator Undeliverable: Dresden 1945 2 KB
    699 05/15/2005 Mail Delivery System Undelivered Mail Returned to Sender 4 KB
    698 05/15/2005 [email protected] failure delivery 2 KB
    697 05/15/2005 [email protected] failure delivery 3 KB
    696 05/15/2005 System Administrator Undeliverable: Dresden 1945 2 KB
    695 05/15/2005 Mail Delivery System Undelivered Mail Returned to Sender 4 KB
    694 05/15/2005 PCSOffice Re: Gegen das Vergessen 4 KB
    693 05/15/2005 System Administrator Undeliverable: Armenian Genocide Plagues Ankara 90 Years On 2 KB
    692 05/15/2005 Mail Delivery System Undelivered Mail Returned to Sender 4 KB
    691 05/15/2005 System Administrator Undeliverable: Armenian Genocide Plagues Ankara 90 Years On 2 KB
    690 05/15/2005 Mail Delivery System Undelivered Mail Returned to Sender 4 KB
    689 05/15/2005 System Administrator Undeliverable: Tuerkei in die EU 3 KB
    688 05/15/2005 Mail Delivery System Undelivered Mail Returned to Sender 5 KB
    687 05/15/2005 [email protected] Delivery Status Notification (Failure) 3 KB
    686 05/15/2005 [email protected] Volk wird nur zum zahlen gebraucht! 1 KB
    685 05/15/2005 [email protected] Graeberschaendung auf bundesdeutsche Anordnung 774
    683 05/15/2005 [email protected] S.O.S. Kiez! Polizei schlaegt Alarm 769
    682 05/15/2005 [email protected] Dresden 1945 727
    681 05/15/2005 [email protected] Dresden Bombing Is To Be Regretted Enormously 783
    680 05/15/2005 [email protected] Delivery Status Notification (Failure) 3 KB
    679 05/15/2005 System Administrator Undeliverable: 4,8 Mill. Osteuropaeer durch Fischer-Volmer Erlass 3 KB
    678 05/15/2005 Mail Delivery System Undelivered Mail Returned to Sender 5 KB
    677 05/15/2005 [email protected] Paranoider Deutschenmoerder kommt in Psychiatrie 752
    676 05/15/2005 [email protected] Paranoider Deutschenmoerder kommt in Psychiatrie

  2. #2
    Join Date
    May 2004
    Location
    Lansing, MI, USA
    Posts
    1,548
    I would pay a third party email company who specializes in this sort of trouble to manage your MX for the next while. Your server's going to have issues as long as your mail is being routed to it.
    Jacob - WebOnce Technologies - 30 Day 100% Satisfaction Guarantee - Over 5 Years Going Strong!
    Website Hosting, PHP4&5, RoR, MySQL 5.0, Reseller Hosting, Development, and Designs
    Powered By JAM - Professional Website Development - PHP, MySQL, JavaScript, AJAX - Projects Small & Large

  3. #3
    Join Date
    Apr 2003
    Posts
    49
    To add ... These emails are coming in at a rate of about 2 - 3 every 20 - 30 mins or so .

  4. #4
    Join Date
    May 2004
    Location
    Lansing, MI, USA
    Posts
    1,548
    Only 2-3 every 20-30 mintues? That's all? A) Stop using a default inbox and set default to :fail:, and B) ... err... 2-3 every 20-30 minutes isn't bad
    Jacob - WebOnce Technologies - 30 Day 100% Satisfaction Guarantee - Over 5 Years Going Strong!
    Website Hosting, PHP4&5, RoR, MySQL 5.0, Reseller Hosting, Development, and Designs
    Powered By JAM - Professional Website Development - PHP, MySQL, JavaScript, AJAX - Projects Small & Large

  5. #5
    Join Date
    Apr 2003
    Posts
    49
    Its not a default inbox and is already set to to :fail:,

  6. #6
    Join Date
    Sep 2000
    Location
    Alberta, Canada
    Posts
    3,109
    If you have the catch-all turned off (by using :fail: instead) then you can only be receiving eMails to addresses you have setup. In that case you can use the Boxtrapper feature of Cpanel which is a challenge/response situation.

    Also, make sure that any sub-domains and/or addon domains for the account in question, are also using the above.
    PotentProducts.com - for all your Hosting needs
    Helping people Host, Create and Maintain their Web Site
    ServerAdmin Services also available

  7. #7
    Join Date
    Apr 2003
    Posts
    49
    Hmmm ....
    Very good point Website Rob and this is something that is throwing us off a bit ...
    The catch all is turned off and we use the :fail: , However, a lot ... most of these emails are not even directed to any of the email boxes that are set up specifically , they are sent to like :mail-user5318 @ thedomain.com , XXCCEERRT@@ thedomain.com, etc ...

    When we saw that our first question is well , why are these even getting thru ??? , shouldn't the :fail: , have bounced them back without getting thru .

    Oh and by the way , that incoming spam rate up there should be about 2 - 3 every 2 - 3 mins not 20-30 mins .

  8. #8
    Join Date
    Mar 2005
    Location
    NY USA
    Posts
    839

  9. #9
    Join Date
    Apr 2003
    Posts
    49
    In that case you can use the Boxtrapper feature of Cpanel which is a challenge/response situation.
    Box trapper has been considered , However, the email boxes are customer service boxes for potential sales and many potential customers may not want to go thru that reply process and just go else where .

  10. #10
    Join Date
    Dec 2001
    Posts
    160
    Holy cow. I have the same problem too. The e-mail address to my main domain name has been hit and flooded this these stupid german language spam. Half of it is spam while the other half is return e-mail error from the spam.

  11. #11
    Join Date
    Apr 2003
    Posts
    49
    C.P

    Who is your host ???

  12. #12
    Join Date
    Apr 2003
    Posts
    49
    LOOKS LIKE I WAS NOT THE ONLY ONE ..... FOUND THIS , ... APPARENTLY SOMETHING HIT HARD OVER THE WEEKEND .
    ____________________________________________________

    http://www.pcworld.com/news/article/0,aid,120846,00.asp

    Sober Worm Spawns German Spam

    Worm variant sends political propaganda messages in both English and German.

    Scarlet Pruitt, IDG News Service
    Monday, May 16, 2005
    E-mail users perplexed by the barrage of German-language spam waiting in their inboxes Monday morning can point the finger of blame at the latest version of the Sober mass mailing worm which began rapidly spreading over the weekend.


    Sober.q uses both German and English-language messages to direct recipients to Web sites with right-wing German nationalistic content, according to an advisory from e-mail security company MX Logic. One of the URLs points to the Web site of the right-wing German NPD party, it says.

    The security firm says that it had seen over 125,000 instances of Sober.q overnight Saturday and into Sunday, and labeled it as a high severity threat. The variant is downloaded by computers already infected by the Sober.p worm, which began circulating earlier this month, MX Logic says. The virus writers appear to have remote control over the Sober.p infected machines, giving them a network from which to launch future spam and denial of service attacks, it adds.

  13. #13

    iPowerWeb

    We got hit hard. iPowerWeb decided the easiest solution to the problem was to suspend our account. We were over our send quota because we were obviously so foolish as to use the forwarding feature to forward to personal accounts. 7 1/2 hours without email and a website that states in bold "Account Suspended" makes for a fun day, glad they suspended it again tonight, who needs sleep?(end sarcasm) So, I seem to read that Micfo is pretty good?

  14. #14
    Join Date
    Dec 2001
    Posts
    160
    The question is what to do?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •