waltersj Posted December 15, 2015 Share Posted December 15, 2015 waltersjjohnnykkdjcomputersolutions.heliohost.org I believe this was suspended for spam email via my heliohost email address - my home computer apparently had a bug. I have fixed the issue and removed my heliohost email addresses (deleted them). I have moved my email to a different server. This should resolve any issues current or in the future as I am no longer using the email service provided. Sorry that this happened but just as soon as I saw the issue had happened I immediately deleted the heliohost emails. Link to comment Share on other sites More sharing options...
wolstech Posted December 15, 2015 Share Posted December 15, 2015 You were indeed suspended for spam. Abuse report is shown below. Please be completely sure the issue is fixed. If it is not, and we receive any more complaints for spam, you will be resuspended permanently. Your account has been unsuspended. We have received a complaint about your account. Please investigate and fix within 24 hours. Hurricane Electric Abuse Department support@he.net From scomp@aol.net Mon Dec 14 14:46:41 2015 Return-Path: X-Original-To: report@abuse.he.net Delivered-To: report@abuse.he.net Received: from smr-a01e.mx.aol.com (smr-a01e.mx.aol.com [204.29.186.241]) by abuse.he.net (Postfix) with ESMTPS id CBBED540209 for ; Mon, 14 Dec 2015 14:46:40 -0800 (PST) Received: from scmp-m009.mail.aol.com (scmp-m009.mail.aol.com [172.26.180.17]) by smr-a01e.mx.aol.com (AOL Mail Bouncer) with ESMTP id 1AF7B3800217 for ; Mon, 14 Dec 2015 17:46:40 -0500 (EST) Received: from scomp@aol.net by scmp-m009.mail.aol.com; Mon, 14 Dec 2015 17:46:39 EST To: report@abuse.he.net From: scomp@aol.net Date: Mon, 14 Dec 2015 17:46:39 EST Subject: Email Feedback Report for IP 64.62.211.131 MIME-Version: 1.0 Content-Type: multipart/report; report-type=feedback-report; boundary="boundary-1138-29572-2659438-7667" X-AOL-INRLY: johnny.heliohost.org [64.62.211.131] scmp-m009 X-Loop: scomp --boundary-1138-29572-2659438-7667 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit This is an email abuse report for an email message with the message-id of 4BJANRI.0104858@kkdjcomputersolutions.heliohost.org received from IP address 64.62.211.131 on Mon, 14 Dec 2015 12:33:53 -0500 (EST) For information, please review the top portion of the following page: http://postmaster.aol.com/Postmaster.FeedbackLoop.php For information about AOL E-mail guidelines, please see http://postmaster.aol.com/Postmaster.Guidelines.php If you would like to cancel or change the configuration for your FBL please use the tool located at: http://postmaster.aol.com/SupportRequest.FBL.php --boundary-1138-29572-2659438-7667 Content-Disposition: inline Content-Type: message/feedback-report Feedback-Type: abuse User-Agent: AOL SComp Version: 0.1 Received-Date: Mon, 14 Dec 2015 12:33:53 -0500 (EST) Source-IP: 64.62.211.131 Reported-Domain: johnny.heliohost.org Redacted-Address: redacted Redacted-Address: redacted@ --boundary-1138-29572-2659438-7667 Content-Type: message/rfc822 Content-Disposition: inline Return-Path: Received: from johnny.heliohost.org (johnny.heliohost.org [64.62.211.131]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mtaig-aad03.mx.aol.com (Internet Inbound) with ESMTPS id 75AE87000009B for ; Mon, 14 Dec 2015 12:33:53 -0500 (EST) Received: from [5.165.192.11] (port=29465 helo=[10.50.133.82]) by johnny.heliohost.org with esmtpa (Exim 4.82) (envelope-from ) id 1a8X0L-0006Vc-2k; Mon, 14 Dec 2015 09:33:45 -0800 Content-Type: text/plain; charset=windows-1251; format=flowed; delsp=yes Subject: MISHEAR CANADICED DURGS Cc: redacted@aol.com, redacted@web.de, redacted@hotmail.com, redacted@bellsouth.net, redacted@juno.com, redacted@gmail.com, redacted@bellsouth.net, redacted@gtv-mbh.de, redacted@gmail.com From: "support" Date: Mon, 14 Dec 2015 20:33:45 +0300 MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Message-ID: User-Agent: Opera Mail/1.0 (Win32) X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - johnny.heliohost.org X-AntiAbuse: Original Domain - aol.com X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - kkdjcomputersolutions.heliohost.org X-Get-Message-Sender-Via: johnny.heliohost.org: authenticated_id: support@kkdjcomputersolutions.heliohost.org X-Source: X-Source-Args: X-Source-Dir: x-aol-global-disposition: G X-AOL-SCOLL-DMARC: mtaig-aad03.mx.aol.com ; domain : kkdjcomputersolutions.heliohost.org ; policy : none\"" ; result : F Authentication-Results: mx.aol.com; spf=none (aol.com: the domain kkdjcomputersolutions.heliohost.org appears to have no SPF Record.) smtp.mailfrom=kkdjcomputersolutions.heliohost.org; dmarc=fail (aol.com: the domain kkdjcomputersolutions.heliohost.org reports that Neither SPF nor DKIM align.) header.from=kkdjcomputersolutions.heliohost.org; x-aol-sid: 3039ac1a7fd7566efd817629 X-AOL-IP: 64.62.211.131 X-AOL-SPF: domain : kkdjcomputersolutions.heliohost.org SPF : none chuckled cocky viagiris others noprecriptiongrugs CLATTER noprecriptiongrugs REARED http://bamssa.org.au/webdirect.php?link=cBmWEt --boundary-1138-29572-2659438-7667-- Link to comment Share on other sites More sharing options...
waltersj Posted December 16, 2015 Author Share Posted December 16, 2015 appreciate you un-suspending my account - as stated there should be no way for it to happen again as I have deleted the heliohost email addresses I was using. No way for any email to be sent out under my account now. Link to comment Share on other sites More sharing options...
wolstech Posted December 16, 2015 Share Posted December 16, 2015 Your issue is not resolved. We got another abuse report this morning for this account. At this point, I'd guess your website is probably hacked. If you want, I can escalate this and perhaps Krydos could tell you more about the email. We have received a complaint about your account. Please investigate and fix within 24 hours. Hurricane Electric Abuse Department support@he.net From scomp@aol.net Wed Dec 16 05:29:21 2015 Return-Path: <scomp@aol.net> X-Original-To: report@abuse.he.net Delivered-To: report@abuse.he.net Received: from smr-m05e.mx.aol.com (smr-m05e.mx.aol.com [204.29.186.194]) by abuse.he.net (Postfix) with ESMTPS id D168C540209 for <report@abuse.he.net>; Wed, 16 Dec 2015 05:29:20 -0800 (PST) Received: from scmp-m006.mail.aol.com (scmp-m006.mail.aol.com [172.29.110.248]) by smr-m05e.mx.aol.com (AOL Mail Bouncer) with ESMTP id 364F6380005F for <report@abuse.he.net>; Wed, 16 Dec 2015 08:29:20 -0500 (EST) Received: from scomp@aol.net by scmp-m006.mail.aol.com; Wed, 16 Dec 2015 08:29:15 EST To: report@abuse.he.net From: scomp@aol.net Date: Wed, 16 Dec 2015 08:29:15 EST Subject: Email Feedback Report for IP 64.62.211.131 MIME-Version: 1.0 Content-Type: multipart/report; report-type=feedback-report; boundary="boundary-1138-29572-2659438-22318" X-AOL-INRLY: johnny.heliohost.org [64.62.211.131] scmp-m006 X-Loop: scomp --boundary-1138-29572-2659438-22318 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit This is an email abuse report for an email message with the message-id of M9636G0.8820209@kkdjcomputersolutions.heliohost.org received from IP address 64.62.211.131 on Wed, 16 Dec 2015 07:00:30 -0500 (EST) For information, please review the top portion of the following page: http://postmaster.aol.com/Postmaster.FeedbackLoop.php For information about AOL E-mail guidelines, please see http://postmaster.aol.com/Postmaster.Guidelines.php If you would like to cancel or change the configuration for your FBL please use the tool located at: http://postmaster.aol.com/SupportRequest.FBL.php --boundary-1138-29572-2659438-22318 Content-Disposition: inline Content-Type: message/feedback-report Feedback-Type: abuse User-Agent: AOL SComp Version: 0.1 Received-Date: Wed, 16 Dec 2015 07:00:30 -0500 (EST) Source-IP: 64.62.211.131 Reported-Domain: johnny.heliohost.org Redacted-Address: redacted Redacted-Address: redacted@ --boundary-1138-29572-2659438-22318 Content-Type: message/rfc822 Content-Disposition: inline Return-Path: <support@kkdjcomputersolutions.heliohost.org> Received: from johnny.heliohost.org (johnny.heliohost.org [64.62.211.131]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mtaig-aan02.mx.aol.com (Internet Inbound) with ESMTPS id 3F4E4700000A8 for <redacted>; Wed, 16 Dec 2015 07:00:30 -0500 (EST) Received: from [176.100.82.59] (port=62337) by johnny.heliohost.org with esmtpa (Exim 4.82) (envelope-from <support@kkdjcomputersolutions.heliohost.org>) id 1a8XLd-0002qd-PO; Mon, 14 Dec 2015 09:55:47 -0800 Content-Type: text/plain; charset=windows-1251; format=flowed; delsp=yes Subject: BEST OF MEXICAN PHARMA second Cc: redacted@yahoo.com, redacted@tds.net, redacted@sdfs.net, redacted@aol.com From: "support" <support@kkdjcomputersolutions.heliohost.org> Date: Mon, 14 Dec 2015 20:55:26 +0300 MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Message-ID: <M9636G0.8820209@kkdjcomputersolutions.heliohost.org> User-Agent: Opera Mail/1.0 (Win32) X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - johnny.heliohost.org X-AntiAbuse: Original Domain - aol.com X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - kkdjcomputersolutions.heliohost.org X-Get-Message-Sender-Via: johnny.heliohost.org: authenticated_id: support@kkdjcomputersolutions.heliohost.org X-Source: X-Source-Args: X-Source-Dir: x-aol-global-disposition: G X-AOL-SCOLL-DMARC: mtaig-aan02.mx.aol.com ; domain : kkdjcomputersolutions.heliohost.org ; policy : none\"" ; result : F Authentication-Results: mx.aol.com; spf=none (aol.com: the domain kkdjcomputersolutions.heliohost.org appears to have no SPF Record.) smtp.mailfrom=kkdjcomputersolutions.heliohost.org; dmarc=fail (aol.com: the domain kkdjcomputersolutions.heliohost.org reports that Neither SPF nor DKIM align.) header.from=kkdjcomputersolutions.heliohost.org; x-aol-sid: 3039ac1b13425671525d4bb7 X-AOL-IP: 64.62.211.131 X-AOL-SPF: domain : kkdjcomputersolutions.heliohost.org SPF : none wanted get rid of that shit painkillers and mens health stupid father el phamazie du kanada MATTER matter http://addressbangladesh.com/components/com_content/helpers/webdirect.php?link=0Uw8qm --boundary-1138-29572-2659438-22318-- Link to comment Share on other sites More sharing options...
waltersj Posted December 17, 2015 Author Share Posted December 17, 2015 That would be good as I don't see how anything can be sent via my heliohost account now as there is no such email address (support@kkdjcomputersolutions.heliohost.org) on my account anymore. I deleted that one and the webmaster email address also. As well there has been no more email sent via my computer as those email accounts have been removed from my email program as well. With the email address not in existence I don't see how this can be sent from my account anymore. Link to comment Share on other sites More sharing options...
wolstech Posted December 17, 2015 Share Posted December 17, 2015 Php mail function can do it, doesn't require any mail account to exist. Pretty common, especially if you use Wordpress (where infected themes and extensions often get used to send spam). Since I posted this morning, we actually got a bunch more reports as well. In fact, i think every report we received today was for your account... I'll escalate this and see what krydos wants to do. Link to comment Share on other sites More sharing options...
Krydos Posted December 17, 2015 Share Posted December 17, 2015 Your issue is not resolved. We got another abuse report this morning for this account. Date: Mon, 14 Dec 2015 20:55:26 +0300 We get the abuse reports when someone reports it as spam, but the number that matters is the date that the spam was sent. In this case all of the emails (so far) were sent on the 14th. Sometimes these spam reports continue trickling in for up to a month after the spam was actually sent. These particular emails look like they were sent via remote email client: X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] If it was sent via a hacked script it will usually have something that looks like X-PHP-Script: hackedwebsite.heliohost.org/wp-content/spamscript.php for 123.234.123.234 Anyways, the account waltersj has been unsuspended. Thank you for taking care of it so quickly. Link to comment Share on other sites More sharing options...
waltersj Posted December 17, 2015 Author Share Posted December 17, 2015 If I remove my form that gathers info and emails it to me would that also help stop this from happening in the future - I don't like having this happen with my name attached and want to make sure it doesn't return. I can find a different way to get info from clients. Link to comment Share on other sites More sharing options...
Krydos Posted December 17, 2015 Share Posted December 17, 2015 How you gather your users info probably doesn't have a lot to do with this hack. How you *store* that contact information is more important. If you store it all as contacts online in your email account then if someone hacks that account they have access to all that information. If you store it all in a database then the hacker would have to gain access to that database to send spam to your customers. Let us know if you'd like some ideas on more secure ways to store your customers information. Link to comment Share on other sites More sharing options...
Recommended Posts