mrobo Posted December 24, 2015 Posted December 24, 2015 username: mroboserver: johnny.heliohost.orgdomain: titan-ras.sk
mrobo Posted December 29, 2015 Author Posted December 29, 2015 I need help with my account mrobo, I get this message: Your account has been suspended.....I created this post on 24.dec.2015, but nothings is done yet.How long it takes to unsuspended my account?
wolstech Posted December 29, 2015 Posted December 29, 2015 You were suspended for spam. Krydos will have more info on it, escalating.
mrobo Posted December 29, 2015 Author Posted December 29, 2015 you mean for sending spam trough my account? or receiving to much spam on my account?should I contact Krydos or wait if he contacts me?
wolstech Posted December 29, 2015 Posted December 29, 2015 Sending it. Krydos will post here when he sees the topic.
Krydos Posted December 31, 2015 Posted December 31, 2015 Here are the two spam reports we've received so far about your account: We have received a complaint about your account. Please investigate and fix within 24 hours. Hurricane Electric Abuse Department support@he.net From scomp@aol.net Wed Dec 23 07:26:11 2015 Return-Path: <scomp@aol.net> X-Original-To: report@abuse.he.net Delivered-To: report@abuse.he.net Received: from smr-a02e.mx.aol.com (smr-a02e.mx.aol.com [204.29.186.244]) by abuse.he.net (Postfix) with ESMTPS id 318725401CF for <report@abuse.he.net>; Wed, 23 Dec 2015 07:26:11 -0800 (PST) Received: from scmp-m006.mail.aol.com (scmp-m006.mail.aol.com [172.29.110.248]) by smr-a02e.mx.aol.com (AOL Mail Bouncer) with ESMTP id 7A6693800BD4 for <report@abuse.he.net>; Wed, 23 Dec 2015 10:26:10 -0500 (EST) Received: from scomp@aol.net by scmp-m006.mail.aol.com; Wed, 23 Dec 2015 10:26:07 EST To: report@abuse.he.net From: scomp@aol.net Date: Wed, 23 Dec 2015 10:26:07 EST Subject: Email Feedback Report for IP 64.62.211.131 MIME-Version: 1.0 Content-Type: multipart/report; report-type=feedback-report; boundary="boundary-1138-29572-2659438-32462" X-AOL-INRLY: johnny.heliohost.org [64.62.211.131] scmp-m006 X-Loop: scomp --boundary-1138-29572-2659438-32462 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit This is an email abuse report for an email message with the message-id of 30f556f7e189455eb1702b01bc0feabe@titan-ras.sk received from IP address 64.62.211.131 on Wed, 23 Dec 2015 09:11:32 -0500 (EST) For information, please review the top portion of the following page: http://postmaster.aol.com/Postmaster.FeedbackLoop.php For information about AOL E-mail guidelines, please see http://postmaster.aol.com/Postmaster.Guidelines.php If you would like to cancel or change the configuration for your FBL please use the tool located at: http://postmaster.aol.com/SupportRequest.FBL.php --boundary-1138-29572-2659438-32462 Content-Disposition: inline Content-Type: message/feedback-report Feedback-Type: abuse User-Agent: AOL SComp Version: 0.1 Received-Date: Wed, 23 Dec 2015 09:11:32 -0500 (EST) Source-IP: 64.62.211.131 Reported-Domain: johnny.heliohost.org Redacted-Address: redacted Redacted-Address: redacted@ --boundary-1138-29572-2659438-32462 Content-Type: message/rfc822 Content-Disposition: inline Return-Path: <allison_holmes@titan-ras.sk> Received: from johnny.heliohost.org (johnny.heliohost.org [64.62.211.131]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mtaig-aan01.mx.aol.com (Internet Inbound) with ESMTPS id 4647270000089 for <redacted>; Wed, 23 Dec 2015 09:11:32 -0500 (EST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=titan-ras.sk; s=default; h=Content-Transfer-Encoding:Content-Type:MIME-Version:Message-ID:From:Date:Subject:To; bh=ldHY25j93c9cBqFuKoPZs+jnw+8sOpIFyN/m8KOApWs=; b=oTwt8HHHAqz7Du09vrk3OgZVwW8ct8WbIeMhnQ85gepzzO7l63aZymm2Z5EwSD2pS/o8a+ajHJ94n4ZaEo9jMgI5zL8yEKZfciKEh7fdBTozKr0J9txn5o/EfvLWe6CfLUbDjeCM70uV1OiCyqbdJqF2GuhhiAM4sXXDcsfdAQ4=; Received: from mrobo by johnny.heliohost.org with local (Exim 4.82) (envelope-from <allison_holmes@titan-ras.sk>) id 1aBk8Y-0006kz-F7 for redacted; Wed, 23 Dec 2015 06:11:30 -0800 To: redacted@aol.com Subject: 1 New SnapF#ck Alert Date: Wed, 23 Dec 2015 06:11:30 -0800 From: Allison Holmes <allison_holmes@titan-ras.sk> Message-ID: <30f556f7e189455eb1702b01bc0feabe@titan-ras.sk> X-Priority: 3 X-Mailer: PHPMailer 5.2.9 (https://github.com/PHPMailer/PHPMailer/) MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="b1_30f556f7e189455eb1702b01bc0feabe" Content-Transfer-Encoding: 8bit X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - johnny.heliohost.org X-AntiAbuse: Original Domain - aol.com X-AntiAbuse: Originator/Caller UID/GID - [93311 32007] / [47 12] X-AntiAbuse: Sender Address Domain - titan-ras.sk X-Get-Message-Sender-Via: johnny.heliohost.org: authenticated_id: mrobo/from_h X-Source: /usr/bin/php X-Source-Args: /usr/bin/php /home/mrobo/public_html/components/com_finder/views/search/gallery.php X-Source-Dir: titan-ras.sk:/public_html/components/com_finder/views/search x-aol-global-disposition: S X-AOL-SCOLL-AUTHENTICATION: mtaig-aan01.mx.aol.com ; domain : titan-ras.sk DKIM : pass Authentication-Results: mx.aol.com; spf=none (aol.com: the domain titan-ras.sk appears to have no SPF Record.) smtp.mailfrom=titan-ras.sk; X-AOL-REROUTE: YES x-aol-sid: 3039ac1b1341567aab94302a X-AOL-IP: 64.62.211.131 X-AOL-SPF: domain : titan-ras.sk SPF : none --b1_30f556f7e189455eb1702b01bc0feabe Content-Type: text/plain; charset=us-ascii i luv being f#cked but my BF never gives it to me my BF is out of town and i want to get f*cked by a real man! [ http://phauthuatthankinhbachmai.com/template.php?a=40&sDhm3Jh5twWfJ=gN8gkGz ] visit my profile here Talk soon ! --b1_30f556f7e189455eb1702b01bc0feabe Content-Type: text/html; charset=us-ascii <html> <body> i luv being f#cked but my BF never gives it to me my BF is out of town and i want to get f*cked by a real man! <a href="http://phauthuatthankinhbachmai.com/template.php?a=40&sDhm3Jh5twWfJ=gN8gkGz"> visit my profile here </a> Talk soon ! </html> </body> --b1_30f556f7e189455eb1702b01bc0feabe-- --boundary-1138-29572-2659438-32462-- We have received a complaint about your account. Please investigate and fix within 24 hours. Hurricane Electric Abuse Department support@he.net From scomp@aol.net Tue Dec 29 19:02:26 2015 Return-Path: <scomp@aol.net> X-Original-To: report@abuse.he.net Delivered-To: report@abuse.he.net Received: from smr-a02e.mx.aol.com (smr-a02e.mx.aol.com [204.29.186.244]) by abuse.he.net (Postfix) with ESMTPS id 4964E54030C for <report@abuse.he.net>; Tue, 29 Dec 2015 19:02:26 -0800 (PST) Received: from scmp-m008.mail.aol.com (scmp-m008.mail.aol.com [172.29.110.249]) by smr-a02e.mx.aol.com (AOL Mail Bouncer) with ESMTP id 9814738001F6 for <report@abuse.he.net>; Tue, 29 Dec 2015 22:02:25 -0500 (EST) Received: from scomp@aol.net by scmp-m008.mail.aol.com; Tue, 29 Dec 2015 22:02:22 EST To: report@abuse.he.net From: scomp@aol.net Date: Tue, 29 Dec 2015 22:02:22 EST Subject: Email Feedback Report for IP 64.62.211.131 MIME-Version: 1.0 Content-Type: multipart/report; report-type=feedback-report; boundary="boundary-1138-29572-2659438-16813" X-AOL-INRLY: johnny.heliohost.org [64.62.211.131] scmp-m008 X-Loop: scomp --boundary-1138-29572-2659438-16813 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit This is an email abuse report for an email message with the message-id of a41bc3d37df7919fb975d8cab4ef27b2@titan-ras.sk received from IP address 64.62.211.131 on Tue, 29 Dec 2015 22:02:20 -0500 (EST) For information, please review the top portion of the following page: http://postmaster.aol.com/Postmaster.FeedbackLoop.php For information about AOL E-mail guidelines, please see http://postmaster.aol.com/Postmaster.Guidelines.php If you would like to cancel or change the configuration for your FBL please use the tool located at: http://postmaster.aol.com/SupportRequest.FBL.php --boundary-1138-29572-2659438-16813 Content-Disposition: inline Content-Type: message/feedback-report Feedback-Type: abuse User-Agent: AOL SComp Version: 0.1 Received-Date: Tue, 29 Dec 2015 22:02:20 -0500 (EST) Source-IP: 64.62.211.131 Reported-Domain: johnny.heliohost.org Redacted-Address: redacted Redacted-Address: redacted@ --boundary-1138-29572-2659438-16813 Content-Type: message/rfc822 Content-Disposition: inline Return-Path: <dana_riley@titan-ras.sk> Received: from mtaomg-mab02.mx.aol.com (mtaomg-mab02.mx.aol.com [172.26.249.84]) by scmp-m008.mail.aol.com (8.14.1/8.12.11) with ESMTP id tBU32Kcr002599 for <tosspam@abuse.aol.com>; Tue, 29 Dec 2015 22:02:20 -0500 Received: from core-aba01.mail.aol.com (core-aba01.mail.aol.com [172.27.22.1]) by mtaomg-mab02.mx.aol.com (OMAG/Core Interface) with SMTP id 1CED038000081 for <tosspam@abuse.aol.com>; Tue, 29 Dec 2015 22:02:20 -0500 (EST) X-AOL-HF-SYS: lmtp X-AOL-HF-ORIGFROM: dana_riley@titan-ras.sk X-AOL-HF-ORIGTO: redacted@aol.com X-AOL-HF-STATUS: PASS Received: from johnny.heliohost.org (johnny.heliohost.org [64.62.211.131]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mtaig-aah04.mx.aol.com (Internet Inbound) with ESMTPS id 940E37000008D for <redacted@aol.com>; Tue, 29 Dec 2015 22:02:18 -0500 (EST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=titan-ras.sk; s=default; h=Content-Transfer-Encoding:Content-Type:MIME-Version:Message-ID:From:Date:Subject:To; bh=ij/bhXapJPRwkxzgg66XIDTzH89veF0GcU74vgR1HT8=; b=X1qLpUa12Srt4P2uDHihPUyoHN19IzuXrkWqEhE9ioZx5UNAKZpyPY0S5bE0e5QDH5zieDTLHtpBePA3uWae2LKvTZMdkC1lEPJGOX7+eVL9j7uk97J9cZKF34tMjtmrtPGIhdsZ1zaEJvJgV34QnqEj4JxDf1lVf845Bmo/sPQ=; Received: from mrobo by johnny.heliohost.org with local (Exim 4.82) (envelope-from <dana_riley@titan-ras.sk>) id 1aBL8O-00030w-O6 for redacted@aol.com; Tue, 22 Dec 2015 03:29:40 -0800 To: redacted@aol.com Subject: 1 Pending Hookup Alert Date: Tue, 22 Dec 2015 03:29:40 -0800 From: Dana Riley <dana_riley@titan-ras.sk> Message-ID: <a41bc3d37df7919fb975d8cab4ef27b2@titan-ras.sk> X-Priority: 3 X-Mailer: PHPMailer 5.2.9 (https://github.com/PHPMailer/PHPMailer/) MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="b1_a41bc3d37df7919fb975d8cab4ef27b2" Content-Transfer-Encoding: 8bit X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - johnny.heliohost.org X-AntiAbuse: Original Domain - aol.com X-AntiAbuse: Originator/Caller UID/GID - [93311 32007] / [47 12] X-AntiAbuse: Sender Address Domain - titan-ras.sk X-Get-Message-Sender-Via: johnny.heliohost.org: authenticated_id: mrobo/from_h X-Source: X-Source-Args: X-Source-Dir: X-AOL-SCOLL-AUTHENTICATION: mtaig-aah04.mx.aol.com ; domain : titan-ras.sk DKIM : pass Authentication-Results: mx.aol.com; spf=none (aol.com: the domain titan-ras.sk appears to have no SPF Record.) smtp.mailfrom=titan-ras.sk; X-AOL-REROUTE: YES x-aol-global-disposition: G x-aol-sid: 3039ac1af9545683493c7bbe X-AOL-OFFICIAL-DATE: Tue, 29 Dec 2015 22:02:20 -0500 (EST) X-AOL-ACCESS: relay_angelia-access Content-Type: text/plain; charset=us-ascii i'm a freak between the sheets and lookin for a man to handle me do u like to get a lil freaky? i like to get ch0ked while my pu$$y is f*cked [ http://gcoin.us/blog.php?a=40&25Het5z=pwHukCSFMc4bx ] my profile here see u soon --b1_a41bc3d37df7919fb975d8cab4ef27b2 Content-Type: text/html; charset=us-ascii <html> <body> <br><br> i'm a freak between the sheets and lookin for a man to handle me <br><br> do u like to get a lil freaky? i like to get ch0ked while my pu$$y is f*cked <br><br> <a href="http://gcoin.us/blog.php?a=40&25Het5z=pwHukCSFMc4bx"> my profile here </a> <br><br> see u soon <br><br> </html> </body> --b1_a41bc3d37df7919fb975d8cab4ef27b2-- --boundary-1138-29572-2659438-16813-- If we unsuspend mrobo can you assure us that your account will not send more spam?
mrobo Posted December 31, 2015 Author Posted December 31, 2015 Yes I will do my best to stop the spam.First thing I must change my password, then I would appreciate help me where can I find the logs which IP's were connected to my account.
mrobo Posted January 2, 2016 Author Posted January 2, 2016 I have changed passwords and enabled Email Authentication, DKIM, SPF in cPanel, I hope it stops spreading the spam for now.I am continue investigating how was the spam sended from my account.
wolstech Posted January 2, 2016 Posted January 2, 2016 Check this file: /home/mrobo/public_html/components/com_finder/views/search/gallery.php The first report indicates it as the script that sent one of the emails. It may be infected with malware.
mrobo Posted January 4, 2016 Author Posted January 4, 2016 "gallery.php"? no such file by mebut found another malware infected in public_html\modules\vsnznf.php and unknown g7x5jk.phpwhich I deleted
mrobo Posted January 12, 2016 Author Posted January 12, 2016 Need help it seems I am suspended again, why?
Recommended Posts