Results 1 to 8 of 8
  1. #1
    Join Date
    Jul 2003

    Webserver Hacked?

    Okay, I do not know the most about security in all honesty. However, on my server I do have an APF firewall and my root password is as complicated as the following:


    However, I am noticing that I am getting e-mails sent to [random] FROM [email protected].

    So, I login to webhost manager and I look under the E-mail -> Mail Queue Manager.

    And, well, There is 126 messages in the queue to addresses such as:

    utskirtsbag AT
    sqvngxcrm AT
    fagwsikeysitesupi AT


    Btw, I DO NOT host other people's web sites. I am the only one with access to the server (as far as I know).

    Is it possible that my server is compromised? How do I find out for sure?

  2. #2

    Open Relay

    Sounds like you are a open relay. you can go to

    and test to see if your mail server is an open relay.

  3. #3
    I think some virus is using your mail server. check for open relay and don't give the root password like this

    Get a antivirus and then run a full scan on the machine.
    - Albert

  4. #4
    Join Date
    Jul 2003
    Hmmm, I do not know exactly what open relay is however I went to that Web ste and all the tests failed except test number 12 timed out.

    Btw, the above is NOT my root password. That was just an example to show that a broot force attack would be almost impossible.

  5. #5
    Join Date
    Oct 2002
    State of Disbelief
    This sounds like it may be a different sort of attack. The spammer sends messages to undeliverable addresses on your server/domain, with a return address of the victim. If you're not failing messages that aren't to specific users on your system, they get happily bounced to the actual victim, with the contents intact.

    Are you accepting mail to all addresses on this domain (catchall)?
    How are you handling bounces?

  6. #6
    Join Date
    Jul 2003

    I think that is EXACTLY what is happening. They are sending mail to random addresses on my server with a real address (random too, but real) to someone else. Most of the e-mail is penny stock advertisements such as:

    Wild Brush Energy
    Symbol: WBRS

    Current Price: Around $0.05
    Short Term Target: $0.12
    Long Term Target: $0.40

    The energy sector is THE place to be, with some energy companies seeing
    appreciation of 400% or more this year alone! WBRS is involved in some
    of the most exciting gas plays in North America. It's a proven winner in a
    red hot market.

    But that's just the beginning. Rumor has it that there may soon be a
    merger between WBRS and another major energy player with close ties to
    the company. In fact this major player's stock was up 50% Friday on
    strong volume as insiders took positions.

    We believe that WBRS is looking at the same rapid appreciation. Once
    the merger is announced there will be a scramble to get in. Play it smart.
    Take a position BEFORE the announcement and ride this one all the way
    to the bank!
    Tell to everyone about this message.Post it on the forum.

    According to WebHost Manager (sorry, this is all I am capable of using).... These are my settings:

    Description: Default catch-all/default address behavior for new accounts. fail will generally save the most CPU time.

    Value: Blackhole


    On the domain that seems to be the one that is getting used the mail setting (according to cpanel) is as follows:

    Description: All unrouted mail will be sent to

    Value: :fail:

    I have changed this to blackhole.

    Will that solve the problem and stop the spammers?

  7. #7
    Join Date
    Oct 2002
    State of Disbelief
    Fail is the bettter choice, as blackhole will accept the entire message before deleting it. Fail will look at the headers, decide if it should accept and then reject "bad" mail outright.
    What are the mail settings on "myOtherdomain"?

  8. #8
    Join Date
    Jul 2003
    The mail settings on the other domain are set to blackhole. If it is set to fail or blackhole does that mean it will not bounce the message? Therefore the spammed people won't get the message?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts