Site Been Hacked By Email Spammers...

14 replies
Any suggestions on anything I can do to protect the site from any further use?

I noticed a few emails being bounced back to me from fake/non-existant email accounts including my domain name (ie. finance@mydomainname.com which 'finance' doesn't exist) a month or 2 ago but didn't take much notice of it (I know, I should have ). I use this particular site/domain solely for email communication...there's no web pages on it...& I noticed this morning that just a little over halfway through the month, it was showing a bandwidth usage of 1.3G!!!

In the past, as it's only used for email, it's used no more than about 20MB for the whole month! I double checked the AWStats for it, & there have only been 23 people who've gone to the site (which doesn't exist anyway) this month, so the only reason I can think of for the high bandwidth usage is spammers .

I've changed all the passwords for the site this morning, but is there anything else I should be looking for or doing to stop this?

Thanks

Rachel
#email #hacked #site #spammers
  • I have a business email acount with Yahoo that has about 20,000 returned emails sitting in my inbox.
    Yahoo said they didnt hack my site, and were not sending emails from my account, but redirecting them or something. Yaho pretty much sux and offered no help.

    Even with filters blocking all those returned emails they still get through. That account is now dead to me.

    Stupid spammers!!!!!
    {{ DiscussionBoard.errors[527974].message }}
    • Profile picture of the author radhika
      1. Set up catch-all to :fail: no user here in your cpanel.

      2. Ask your host to set up SPF record for your site.

      3. Use different emails to different purposes. Ex; if you are using 2checkout.com, use an email address like '2checout@yoursite.com' SPECIFICALLY for it. Use one to each pupose. Forward them to one secret address. Nobody should know this. If you are receiving spam just go to that one place where you are using it > change it ...

      4. Ask your host to 'disable the scripts to send email as user nobody ...'

      5. Don't put any folders to 777 permission.

      6. Don't enable attachments on forums. They need 777 permission which is not advisable.

      7. Set up a abuse policy on your site and ask the receiver of the email to forward the email to you if anybody receives spam from your servers.

      After all these, still you are vulnerable for spammer attacks and email spoofing. Just have to deal with it

      .
      Signature
      Follow up Autoresponder PRO :: 33% Discount!!
      FREE Upgrades! IMPROVED Email Deliverability!!
      {{ DiscussionBoard.errors[528004].message }}
  • Profile picture of the author Dan C. Rinnert
    That doesn't necessarily mean you've been hacked. The addresses can be easily forged. They don't have to use your mail server to make it look like the eMail is coming from you. There isn't anything you can do to prevent it either.

    Check your mailserver for unsual activity, or ask your webhost or eMail provider if there's been any unusual sending activity on your domain. If not, the spammers probably just forged your address.

    The headers of the eMails might also give some indication as to their true source. There may be an IP address of an originating server, which likely won't match the IP address of your actual mail server.
    Signature

    Dan's content is irregularly read by handfuls of people. Join the elite few by reading his blog: dcrBlogs.com, following him on Twitter: dcrTweets.com or reading his fiction: dcrWrites.com but NOT by Clicking Here!

    Dan also writes content for hire, but you can't afford him anyway.
    {{ DiscussionBoard.errors[527983].message }}
  • Profile picture of the author GB2008
    I quite regularly get a bout of bounced emails, sent from non-existent accounts on my domain. I find it lasts a couple of days, then stops - I guess someone, somewhere has harvested my domain and they're spoofing email addresses in spam they're sending out. There's no sign of any unusual activity on my website or in my email system at the time this happens.

    Bottom line - just one of those things! Not much you can do to stop it, but at least it's not actually hitting your server.
    Signature
    {{ DiscussionBoard.errors[528022].message }}
    • Profile picture of the author sylviad
      Your bandwidth seems excessive, considering that you do not have a site up. How many spam emails have you been receiving?

      Would it be feasible to change your email address and then make sure only the appropriate people can access it? In other words, don't post it as a clickable link anywhere except in the emails you send out or where you put it in forms.

      I've been receiving these fake email bounces, too. My host says they are just faking my email address and that it really isn't coming through my account. They are just sending from their server.

      Recently, I've been getting spam through my auto responder email address. No one has that email address. They can only access it by signing up from my opt-in form. Very irritating. One day, I had to delete 50+ subscribers because they were all spammers sending me various marketing offers.

      Also around the same time, I was getting emails addressed to the email my host gave me that ends with the hosting account name, ie: accountname@myhost.ca. I never use this account - ever. In that round of fake emails, the idiots did cc: (copies to) and added about 10 other names ...@myhost.ca. I contacted my host and he told me the same as before. They are not hacking my account or anyone elses on their server.

      At least I made my host aware of the situation and they did look into it to make sure there wasn't a problem going on behind the scenes.

      Hope this helps.

      Sylvia
      Signature
      :: Got a dog? Visit my blog. Dog Talk Weekly
      :: Writing, Audio Transcription Services? - Award-winning Journalist is taking new projects. Warrior Discounts!
      {{ DiscussionBoard.errors[528051].message }}
  • Profile picture of the author Rachel Incoll
    Thanks for the suggestions...much appreciated.

    Dan, the reason I know the site has been hacked is that it has used 1.3G of bandwidth in 17 days. Up until now it's used no more than about 20MB in a month as it's only used for emails - this suggests to me something is seriously wrong!

    I'll get onto my host today and see what they can tell me but I think changing the passwords this morning might have done the trick. No more bandwidth has been used since then so hopefully that's stopped them .

    Cheers

    Rachel
    Signature
    Sick Of Spending Hour After Hour Searching For Australian Wholesalers?
    Discover Over 1,000 Genuine Australian Wholesalers In Just A Few Minutes At www.AussieWholesaleSuppliers.net.au
    {{ DiscussionBoard.errors[528509].message }}
    • Profile picture of the author JohnMcCabe
      Originally Posted by Rachel Incoll View Post

      Thanks for the suggestions...much appreciated.

      Dan, the reason I know the site has been hacked is that it has used 1.3G of bandwidth in 17 days. Up until now it's used no more than about 20MB in a month as it's only used for emails - this suggests to me something is seriously wrong!

      I'll get onto my host today and see what they can tell me but I think changing the passwords this morning might have done the trick. No more bandwidth has been used since then so hopefully that's stopped them .

      Cheers

      Rachel
      Rachel, since you've already been a successful target once, they're likely to try again. So you might want to make sure your password is tough to crack - both upper and lower case letters, numbers and the odd symbol, and 8-12 characters long.

      Many corporate types change passwords monthly, too.
      {{ DiscussionBoard.errors[528822].message }}
  • Profile picture of the author hotlanta
    Most important ... Set your email catch-all to :fail:
    This will send all unrouted mail back to the sender

    I learned the hard way to make this change as soon as a site is live

    I found out that I had about 3 GIGS of emails sitting on my server
    for a 7 year old domain that had never been set to :Fail:
    all of the unrouted mail sent to that domain was just sitting on the server for YEARS

    I found out when i tried to transfer the site to a new server and the auto transfer kept failing because of the size of the unrouted mail folder

    you can manage this setting (:fail from WHM so that all new sites automatically are set to :fail:

    But changing the setting in WHM will not effect sites that are already created those have to be changed manually.
    Signature

    None

    {{ DiscussionBoard.errors[528878].message }}
  • Profile picture of the author Catalin Ionescu
    hotlanta, you might want to be a bit more careful when bouncing emails back to the sender, especially spam.

    More often than not, the sender information in spam emails is fake. And in cases like the OP described, bouncing the emails back will create a loop since the sender is at your domain so you'll bounce the email back to yourself -- for 25 times typically for each email.

    Bouncing them back adds more to the bandwidth usage, more strain to every server involved, and could potentially cause other problems down the road -- i.e. label you wrongly as spammer.

    I know it's pretty easy for any tech type to look this information up and figure out what's going on, but most users don't care or are unable to dig deeper. Their "this is spam" button is one click away.

    For these reasons, and more, this is probably not the route you want to take.

    What I'd recommend instead is to set up the catch-all as a black hole. What goes in is silently discarded. No harm done, no bounces.

    To achieve this, simply set the catch-all to /dev/null.

    - Catalin
    {{ DiscussionBoard.errors[529114].message }}
    • Profile picture of the author hotlanta
      You are right, its been so long i forgot that i used :blackhole: instead of :fail: for the exact reasons you mentioned.

      blackhole discards the email, fail bounces it back to the sender

      BTW this is easily done from the mail settings in cpanel. If anyone is considering doing it.
      Signature

      None

      {{ DiscussionBoard.errors[529578].message }}
      • Profile picture of the author Nigel Greaves
        Hi Hotlanta,

        Originally Posted by hotlanta View Post

        BTW this is easily done from the mail settings in cpanel. If anyone is considering doing it.
        I don't want to appear dim but having had a look around in the mail settings I can't see where you set the blackhole. Would you mind being specific as to where I can find the right place please?

        Thanks,

        Nigel
        {{ DiscussionBoard.errors[529986].message }}
  • Profile picture of the author Neil Morgan
    Would you mind being specific as to where I can find the right place please?
    1. Log into CPanel.

    2. In the "Mail" section, click on "default address".

    3(a). Choose "Discard with error to sender" for the :fail: option

    or

    3(b). Click "advanced" and choose "discard" for the :blackhole: option.

    Cheers,

    Neil
    Signature

    Easy email marketing automation without moving your lists.

    {{ DiscussionBoard.errors[530004].message }}
    • Profile picture of the author Nigel Greaves
      Hi Neil,

      Thanks very much I appreciate your help.

      Nigel


      Originally Posted by Neil Morgan View Post

      1. Log into CPanel.

      2. In the "Mail" section, click on "default address".

      3(a). Choose "Discard with error to sender" for the :fail: option

      or

      3(b). Click "advanced" and choose "discard" for the :blackhole: option.

      Cheers,

      Neil
      {{ DiscussionBoard.errors[530095].message }}
  • Profile picture of the author Mokey
    We're never really safe are we? Thanks for posting this Rachel. I'm off to set up my email differently. Fail, fail, fail...Makes sense. Never thought of it!
    Signature

    {{ DiscussionBoard.errors[530024].message }}

Trending Topics