-
Need Urgent Help
so two weeks ago my domain hosting company had a major DOS attack and I received spam email addressed to me from my own website url address. I used Sam Spade to trace the IP in the headers and discovered that they were compromised.
I reported the problem to the domain company and since they were working on it... except for today I recieved yet another spam email .. I am sooo tired of getting these emails and I can't even email the tech support people at hostsave, it gets intercepted from the spammers... anyone can help?
-
If you have their number call them and see whats up. if you don't have a number do a whois on them.
-
Try some anti-spam software and also change your settings to accept email from just addresses you tell it to. unless u need the email for public use too. Also...which domain did u call? Yours or the one where the spam was coming from? do a neotrace on the IP as well as the /whois mentioned above.
I'm sorry for the post, I saw the date only after I clicked submit. I hope it still helps her tho
-
sounds like their still owned and either dont know or dont really care lthough i fail to see how a DoS attack can lead to a compromised system so i better ask:
What exactly are you calling spam? to me and everyone else spammers mass mail ads for money. grabing your email is not really high on their agenda,
you say you traced the header IP addys and found them to be compromised, How? Sam Spade does not tell you that, unless your reading something into the term "bogus" that isn't there.
i guess i just dont understand what your saying
-
Tell your ISP (or whoever is hosting your mail) to disable SMTP relaying, or configure it correctly. This should resolve the problem
-
It may not be compromised at all. They could unknowingly have an open SMTP relay (very common) which the spammer could be sending email. And it sounds like an open SMTP relay was used in conjunction with a spam program, which is why you received mail from yourself seemingly.
-
thats what it sounds like except for this:
"I can't even email the tech support people at hostsave, it gets intercepted from the spammers... "
so i checked and looks like it is an open relay:
220 logs-xxxxxxx.com ESMTP Sendmail 8.12.9/8.12.9; Thu, 24 Jul 2003 00:01:05 GMT
HELO hostsave.com
250 logs-xxxxxxx.com Hello AC913548.ipt.aol.com [172.145.53.72], pleased to meet you
MAIL FROM:<<me>.com@hostsave.com>
250 2.1.0 <me.com@hostsave.com>... Sender ok
RCPT TO:<me.com>
250 2.1.5 <me.com>... Recipient ok
DATA
354 Enter mail, end with "." on a line by itself
To: me.com
From: me.com (Spade relay check)
Subject: hostsave.com relay check
.
250 2.0.0 h6O0157u228395 Message accepted for delivery
QUIT
221 2.0.0 me.com closing connection
wouldn't it be ironic if hostsave subscribes to a black-hole service and thats why she can't reach tech support?