PDA

View Full Version : Possibly hacked mail sever


wallness
11-03-2009, 08:09 AM
My pc was infected with some kind of trojan (now I'm running on a different, perfectly clean PC), and I'm starting to receive tons of spam, and some of them appear to be using my email address as the sender. I looked into the header, but -novice alert- I can't really understand it.

Below is one of the spam's header: (brick@brick.com is a substitute for my real email address). This looks suspiciously like it was sent directly from my account. Is there a mail log in the cpanel that I can verify this? Any suggestions? (I've changed all the email accounts' passwords.)


Return-path: <brick@brick.com>
Envelope-to: brick@brick.com
Delivery-date: Mon, 02 Nov 2009 16:17:47 -0700
Received: from [124.43.62.156]
by box485.bluehost.com with esmtps (TLSv1:RC4-MD5:128)
(Exim 4.69)
(envelope-from <brick@brick.com>)
id 1N569h-0007cF-RF
for brick@brick.com; Mon, 02 Nov 2009 16:17:47 -0700
Content-Type: multipart/alternative; boundary=----------27973o7613Qku8148433C2
To: "brick@brick.com" <brick@brick.com>
Subject: Acts are brighter with it
Date: Tue, 3 Nov 2009 04:47:43 +05-30
MIME-Version: 1.0
From: Bliese <brick@brick.com>
Organization: Uuleo
Message-ID: <op.57s2150lv49z00@kbsoftcompany>
User-Agent: Opera Mail/10.01 (Win32)
justwonderin2
11-03-2009, 09:07 AM
This has become really commonplace. But I do not think it's a trojan.

To see if this is a phishing mail do the following:

You can copy the content of the header then go to the URL:
http://www.geobytes.com

Click the Spam Locator button on the top right of the screen then paste the text into the box.

It'll identify where exactly this originated (particularly the country). If I receive an email that I'm not sure about I run this measure.

I think the bluehost's new spam guard protections are doing alot better job than they used to. Just wish there was an internal check for the ip address against registered bluehost email addresses was in place.

REMEMBER: Never open attachments in an email from someone you do not know. You even have to be careful now if it "appears to be" someone you know...

Hope this helps!
redsox9
11-03-2009, 09:10 AM
The most likely scenario is that the spammer has modified the header so that any undeliverable mail doesn't bounce back to them.
wallness
11-07-2009, 08:05 AM
Thanks for all the replies. It's kinda scary no matter what...:(