|Spam Is Being Sent From My Server!|
What to do?
| 2:28 am on Apr 4, 2006 (gmt 0)|
I keep recieving "Delivery Status Notification (Failure)" messages every 10 minutes in my inbox. The content of the messages being sent from my servers is clearly spam. I have not sent any messages, nor given permission for anyone else to do so. I think someone has exploited some web application on my site and is using to send mass spam emails. The delivery notification failures I am getting is because some of the emails that are being sent are being rejected, and I am getting them.
I am running PHPlist, PHPadsnew, and phpBB. I have changed all my passwords. I have removed PHPlist because I was not using it. I just updated PHPadsnew to the latest version, and phpBB is up-to-date as well. I'll wait it out and see if I get anything more.
Is it possible that someone is using a script on my site to send mass spam emails? Or could it be my host's fault (because the site is hosted on shared hosting)?
I have sent and email out to my host as well notifying them of the problem, so they don't blame me for the spam. Yikes!
Is there anything else I should do? Anything I'm forgetting? Thanks.
| 3:17 am on Apr 4, 2006 (gmt 0)|
It sounds like a nasty variant of the Joe Job.
Below is a link to some helpful advice.
| 3:33 am on Apr 4, 2006 (gmt 0)|
Check the headers on the emails to make sure they're really coming from your server. Sometimes spammers just forge your email address as the originator and you get all the bounces.
Unfortunately not all bounces show the original headers.
P.S. the "Joe Job" sounds like basically the same thing, but in my experience spammers pick your address more or less at random. I got hit by this bad a couple of years ago, but it ended after a couple of weeks.
| 4:09 am on Apr 4, 2006 (gmt 0)|
This makes more sense. But, after reading that artice I feel so helpless against the attacker.
But, one thing to note is: Since I changed my passwords and updated phpAdsNew, no more bounced emails. Coincedence? I'll keep you posted.
| 12:02 am on Apr 5, 2006 (gmt 0)|
Well, after a thorough investigation, I have concluded that it was, indeed, a Joe Job. However, I can't explain why the bounced emails stopped when I updated phpAdsNew and deleted PHPlist. I guess it was just a coincidence.