homepage Welcome to WebmasterWorld Guest from 50.19.169.37
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / WebmasterWorld / Webmaster General
Forum Library, Charter, Moderators: phranque

Webmaster General Forum

    
Spam Is Being Sent From My Server!
What to do?
FTFlash




msg:357421
 2:28 am on Apr 4, 2006 (gmt 0)

Hi everybody.

I keep recieving "Delivery Status Notification (Failure)" messages every 10 minutes in my inbox. The content of the messages being sent from my servers is clearly spam. I have not sent any messages, nor given permission for anyone else to do so. I think someone has exploited some web application on my site and is using to send mass spam emails. The delivery notification failures I am getting is because some of the emails that are being sent are being rejected, and I am getting them.

I am running PHPlist, PHPadsnew, and phpBB. I have changed all my passwords. I have removed PHPlist because I was not using it. I just updated PHPadsnew to the latest version, and phpBB is up-to-date as well. I'll wait it out and see if I get anything more.

Is it possible that someone is using a script on my site to send mass spam emails? Or could it be my host's fault (because the site is hosted on shared hosting)?

I have sent and email out to my host as well notifying them of the problem, so they don't blame me for the spam. Yikes!

Is there anything else I should do? Anything I'm forgetting? Thanks.

 

Durham_e




msg:357422
 3:17 am on Apr 4, 2006 (gmt 0)

Hi FTFLASH,

It sounds like a nasty variant of the Joe Job.

Below is a link to some helpful advice.
[sitepoint.com...]

jomaxx




msg:357423
 3:33 am on Apr 4, 2006 (gmt 0)

Check the headers on the emails to make sure they're really coming from your server. Sometimes spammers just forge your email address as the originator and you get all the bounces.

Unfortunately not all bounces show the original headers.

P.S. the "Joe Job" sounds like basically the same thing, but in my experience spammers pick your address more or less at random. I got hit by this bad a couple of years ago, but it ended after a couple of weeks.

FTFlash




msg:357424
 4:09 am on Apr 4, 2006 (gmt 0)

Ahh...

This makes more sense. But, after reading that artice I feel so helpless against the attacker.

But, one thing to note is: Since I changed my passwords and updated phpAdsNew, no more bounced emails. Coincedence? I'll keep you posted.

FTFlash




msg:357425
 12:02 am on Apr 5, 2006 (gmt 0)

Well, after a thorough investigation, I have concluded that it was, indeed, a Joe Job. However, I can't explain why the bounced emails stopped when I updated phpAdsNew and deleted PHPlist. I guess it was just a coincidence.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / WebmasterWorld / Webmaster General
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved