Jump to content

Recommended Posts

Posted

Sorry, I misspelled the HelioHost username in the thread title. It should be named

Suspended: Anghelina

The rest of the data is correct.

Could you please reactivate the account?

Posted

We have received a complaint about your account. Please investigate and fix within 24 hours.

Hurricane Electric Abuse Department
support@he.net

From scomp@aol.net Wed Jul 13 11:07:36 2016
Return-Path: <scomp@aol.net>
X-Original-To: report@abuse.he.net
Delivered-To: report@abuse.he.net
Received: from smr-a01e.mx.aol.com (smr-a01e.mx.aol.com [204.29.186.241])
by abuse.he.net (Postfix) with ESMTPS id 133EB54011B
for <report@abuse.he.net>; Wed, 13 Jul 2016 11:07:36 -0700 (PDT)
Received: from scmp-m008.mail.aol.com (scmp-m008.mail.aol.com [172.29.110.249])
by smr-a01e.mx.aol.com (AOL Mail Bouncer) with ESMTP id 6B7E638000BB
for <report@abuse.he.net>; Wed, 13 Jul 2016 14:07:35 -0400 (EDT)
Received: from scomp@aol.net by scmp-m008.mail.aol.com; Wed, 13 Jul 2016 14:07:33 EDT
To: report@abuse.he.net
From: scomp@aol.net
Date: Wed, 13 Jul 2016 14:07:33 EDT
Subject: Email Feedback Report for IP 65.19.143.2
MIME-Version: 1.0
Content-Type: multipart/report; report-type=feedback-report; boundary="boundary-1138-29572-2659438-7973"
X-AOL-INRLY: stevie.heliohost.org [65.19.143.2] scmp-m008
X-Loop: scomp

--boundary-1138-29572-2659438-7973
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit

This is an email abuse report for an email message with the message-id of E1bNNoj-0007l3-Cb@stevie.heliohost.org received from IP address 65.19.143.2 on Wed, 13 Jul 2016 13:19:11 -0400 (EDT)

For information, please review the top portion of the following page:
http://postmaster.aol.com/Postmaster.FeedbackLoop.php

For information about AOL E-mail guidelines, please see
http://postmaster.aol.com/Postmaster.Guidelines.php

If you would like to cancel or change the configuration for your FBL please use the tool located at:
http://postmaster.aol.com/SupportRequest.FBL.php


--boundary-1138-29572-2659438-7973
Content-Disposition: inline
Content-Type: message/feedback-report

Feedback-Type: abuse
User-Agent: AOL SComp
Version: 0.1
Received-Date: Wed, 13 Jul 2016 13:19:11 -0400 (EDT)
Source-IP: 65.19.143.2
Reported-Domain: stevie.heliohost.org
Redacted-Address: redacted
Redacted-Address: redacted@


--boundary-1138-29572-2659438-7973
Content-Type: message/rfc822
Content-Disposition: inline

Return-Path: <abroskin@stevie.heliohost.org>
Received: from stevie.heliohost.org (stevie.heliohost.org [65.19.143.2])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(No client certificate requested)
by mtaig-aan04.mx.aol.com (Internet Inbound) with ESMTPS id D6778700000AB
for <redacted>; Wed, 13 Jul 2016 13:19:11 -0400 (EDT)
Received: from abroskin by stevie.heliohost.org with local (Exim 4.82)
(envelope-from <abroskin@stevie.heliohost.org>)
id 1bNNoj-0007l3-Cb
for redacted; Wed, 13 Jul 2016 10:18:59 -0700
To: redacted@aol.com
Subject: Hi Pamla Young
X-cpchn: dpupsxszbirlrqzjtksicufiofoqjlr
X-sdoyaxjgaxxc: qndgyfpoejtcn
X-kuhpwsiioem: mdumjsuiuaxjiolurwglzkmlvxz
X-vzbsabunbkawwg: iupuczriyeozftpsrel
X-ukeszcoam: ckkrpxkvdtandifnwzxhciccjl
X-laeughsxzdjbwbxno: qthjxizztaycfd
Message-Id: <E1bNNoj-0007l3-Cb@stevie.heliohost.org>
From: abroskin@stevie.heliohost.org
Date: Wed, 13 Jul 2016 10:18:59 -0700
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - stevie.heliohost.org
X-AntiAbuse: Original Domain - aol.com
X-AntiAbuse: Originator/Caller UID/GID - [5080 32003] / [47 12]
X-AntiAbuse: Sender Address Domain - stevie.heliohost.org
X-Get-Message-Sender-Via: stevie.heliohost.org: authenticated_id: abroskin/primary_hostname/system user
X-Source: /usr/bin/php
X-Source-Args: /usr/bin/php /home1/abroskin/public_html/formatting-heaps.php
X-Source-Dir: antiquariato-it.com:/public_html
x-aol-global-disposition: G
X-AOL-SCOLL-DMARC: mtaig-aan04.mx.aol.com ; domain : stevie.heliohost.org ; policy : none ; result : F
Authentication-Results: mx.aol.com;
spf=none (aol.com: the domain stevie.heliohost.org appears to have no SPF Record.) smtp.mailfrom=stevie.heliohost.org;
dmarc=fail (aol.com: the domain stevie.heliohost.org reports that Neither SPF nor DKIM align.) header.from=stevie.heliohost.org;
x-aol-sid: 3039ac1b13465786780f7274
X-AOL-IP: 65.19.143.2
X-AOL-SPF: domain : stevie.heliohost.org SPF : none

Pamla Young, you are considered approved for no fax Cash Advance from $200 to $1000

Click to Apply Now http://antiquariato-it.com/formatting-heaps.php?xmlkhzz=aHR0cDovL2dldGxvYW5zZmFzdC50b3AvP2w9TkhaenJBc2VuYUFWWVMzUVY2VV9jRVdBS0tOZVJiMU8ybFg5bFMtb0F1az0=

Indiana 46816, USA - 2016 Wed 13:19:00 13 Jul


--boundary-1138-29572-2659438-7973--
Posted

As you can see in the spam report someone was sending emails with this file on your account:

/home1/abroskin/public_html/formatting-heaps.php

Someone has compromised your account. I strongly recommend deleting everything from public_html and setting it all up again. You should also change all of your passwords. You need to fix this immediately. If you get suspended for spam again you will most likely not get another chance. Your account is now unsuspended. Let us know if you need any additional help.

Posted

Thank you so much!

I've fulfilled all your recommendations.

Meanwhile, I am puzzled with the means my account was hacked with and try to seal all the possible security holes to avoid

such an incident in the future.

Could the hacker sneak into my site through the mail form driven with mailer.php?

Guest
This topic is now closed to further replies.
×
×
  • Create New...