icgit2 Posted May 16, 2017 Posted May 16, 2017 username: ICGIT server: Tommy domain: www.icgit.com.uy
icgit2 Posted May 16, 2017 Author Posted May 16, 2017 I just realized that from one of my accounts sent in a period of 12 hours about 800 emails like this: This message was created automatically by mail delivery software.A message that you sent could not be delivered to one or more of itsrecipients. This is a permanent error. The following address(es) failed: eugeniomanzzo@gmail.com Domain icgit.com.uy has outgoing email disabled. h.w3rd5@gmail.com Domain icgit.com.uy has outgoing email disabled. ccu2003@yahoo.com Domain icgit.com.uy has outgoing email disabled.Action: failedFinal-Recipient: rfc822;ccu2003@yahoo.comStatus: 5.0.0Action: failedFinal-Recipient: rfc822;h.w3rd5@gmail.comStatus: 5.0.0Action: failedFinal-Recipient: rfc822;eugeniomanzzo@gmail.comStatus: 5.0.0---------- Mensaje reenviado ----------From: Eulalia <soporte@icgit.com.uy>To: Cc: Bcc: Date: Tue, 16 May 2017 15:49:19 +0300Subject: Adult dates ASAP ,Women from aroundhttp://www.medici.cal.pl/wp-includes/js/tinymce/plugins/wpautoresize/dda626784e.html Enjoy sex tonight! Nearby local dates Nearby chickswith amazing lust Surely this is the cause for which the account was suspended. I need to reactivate the account to be able to change the passwords of e-mail and see if this solves that problem. Thank you.
wolstech Posted May 17, 2017 Posted May 17, 2017 You're indeed suspended for spam. Are you ready to fix the problem now? If so I'll unsuspend you.
icgit2 Posted May 17, 2017 Author Posted May 17, 2017 You're indeed suspended for spam. Are you ready to fix the problem now? If so I'll unsuspend you.Yes, I'm ready to do it right now. Thanks.
icgit2 Posted May 17, 2017 Author Posted May 17, 2017 Unsuspended. Please fix it quickly.TYVM! I just changed the password of the supposedly affected account. Do I have a way to monitor from the CPANEL some unusual activity that may be happening?
wolstech Posted May 17, 2017 Posted May 17, 2017 There is not unfortunately. Krydos can tell you how many emails you've sent in the past day though, so if you and your website aren't sending much, you could stop back in a day or so and ask to see if the number sent for the day is what you expect.I'd also recommend changing your cpanel password just for good measure, even though there's no evidence of it being compromised.Thank you for taking care of this quickly. Also, you figured out your issue on your own, but if you're interested, the below is the abuse report for the spam email that got you suspended. Normally I'd have posted this earlier, but I was on a mobile device that can't copy/paste properly on these forums. We have received a complaint about your account. Please investigate and fix within 24 hours. Hurricane Electric Abuse Department support@he.net From fblbounces@senderscore.net Tue May 16 02:49:59 2017 Return-Path: <fblbounces@senderscore.net> X-Original-To: report@abuse.he.net Delivered-To: report@abuse.he.net Received: from he.net (he.net [216.218.186.2]) by abuse.he.net (Postfix) with ESMTPS id C86C6541245 for <report@abuse.he.net>; Tue, 16 May 2017 02:49:58 -0700 (PDT) Received: from mrfbl00-den.returnpath.net ([66.45.29.178]) by he.net with ESMTPS (AES256-GCM-SHA384:TLSv1.2:Kx=RSA:Au=RSA:Enc=AESGCM(256):Mac=AEAD) for <abuse@he.net>; Tue, 16 May 2017 02:50:34 -0700 Received: from poma01.lan.returnpath.net (poma01.lan.returnpath.net [10.2.0.106]) by mrfbl00-den.returnpath.net (Postfix) with ESMTP id 524894A0AB8 for <abuse@he.net>; Tue, 16 May 2017 03:49:53 -0600 (MDT) Received: by poma01.lan.returnpath.net (Postfix, from userid 106706) id 50A5C60492; Tue, 16 May 2017 03:49:53 -0600 (MDT) Content-Type: multipart/report; boundary="_----------=_14949281932053952960"; report-type="feedback-report" MIME-Version: 1.0 X-Mailer: MIME::Lite 3.029 (F2.84; T2.04; A2.12; B3.13; Q3.13) Date: Tue, 16 May 2017 03:49:53 -0600 Subject: Synacor Abuse Report To: abuse@he.net From: feedbackloop@fbl.synacor.com Message-Id: <20170516094953.50A5C60492@poma01.lan.returnpath.net> Content-Transfer-Encoding: 7bit This is a multi-part message in MIME format. ----------=_14949281932053952960 Content-Disposition: inline Content-Transfer-Encoding: 7bit Content-Type: text/plain This is a Synacor email abuse report for an email message received from IP 65.19.143.6 on Tue, 16 May 2017 09:49:48 +0000 ----------=_14949281932053952960 Content-Disposition: inline Content-Transfer-Encoding: 7bit Content-Type: message/feedback-report User-Agent: ReturnPathFBL/1.0 Abuse-Type: complaint Arrival-Date: Tue, 16 May 2017 09:49:48 +0000 Feedback-Type: abuse Version: 1 Source-IP: 65.19.143.6 Original-Mail-From: hello@enviral.com.au ----------=_14949281932053952960 Content-Disposition: inline Content-Type: message/rfc822 Content-Transfer-Encoding: 7bit Return-Path: hello@enviral.com.au Received: from mx01.agate.dfw.synacor.com (LHLO mx01.agate.dfw.synacor.com) (10.40.0.40) by md46.agate.dfw.synacor.com with LMTP; Tue, 16 May 2017 05:49:49 -0400 (EDT) Return-Path: <hello@enviral.com.au> X-Spam-Rating: ** X-CLOUDMARK-CSI: SUSPECT X-Spam-Rating: ** X-SPAMHAUS: CSS X_CMAE_Category: , , X-CNFS-Analysis: v=2.2 cv=etCd9chX c=1 sm=1 tr=0 a=XYFu0eUjL/+itSNVGxuTsQ==:117 a=XYFu0eUjL/+itSNVGxuTsQ==:17 a=MNe2cPJyAAAA:8 a=9+rZDBEiDlHhcck0kWbJtElFXBc=:19 a=KGjhK52YXX0A:10 a=9cW_t1CCXrUA:10 a=tJ8p9aeEuA8A:10 a=r77TgQKjGQsHNAKrUKIA:9 a=vC9Y8pdhBniNNv-C_owA:9 a=Ft8UYL4EG9YA:10 a=291NRvSM8msMbchfAPYA:9 a=_W_S_7VecoQA:10 a=wUT0n_FaeesJAGgxTkP1:22 X-CM-Score: 0 X-Scanned-by: Cloudmark Authority Engine X-Received-HELO: from [65.19.143.6] (helo=tommy.heliohost.org) Received: from [65.19.143.6] ([65.19.143.6:36462] helo=tommy.heliohost.org) by smtp.embarq.synacor.com (envelope-from <hello@enviral.com.au>) (ecelerity 3.6.14.50842 r(Core:3.6.14.1)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 4C/D2-18882-D3BCA195; Tue, 16 May 2017 05:49:49 -0400 Received: from [222.254.34.113] (port=38625 helo=5.45.73.16) by tommy.heliohost.org with esmtpsa (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.89) (envelope-from <hello@enviral.com.au>) id 1dAZ6x-0005rg-K0; Tue, 16 May 2017 02:49:48 -0700 Message-ID: <9396207378AC8231EDE8A11C785262B6@enviral.com.au> From: "Jayde" <hello@enviral.com.au> Subject: =?UTF-8?B?0J/RgNC40LzQtdGAIA==?= =?UTF-8?B?0J/QuNGB0YzQvNCw?= Date: Tue, 16 May 2017 12:49:45 +0300 MIME-Version: 1.0 X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - tommy.heliohost.org X-AntiAbuse: Original Domain - centurytel.net X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - enviral.com.au X-Get-Message-Sender-Via: tommy.heliohost.org: authenticated_id: soporte@icgit.com.uy X-Authenticated-Sender: tommy.heliohost.org: soporte@icgit.com.uy X-Source: X-Source-Args: X-Source-Dir: Content-Type: multipart/alternative; boundary="028121e0413199332f382e8001ef" This is a multi-part message in MIME format. --028121e0413199332f382e8001ef Content-Type: text/plain; charset="windows-1251" Content-Transfer-Encoding: quoted-printable =C7=E4=F0=E0=E2=F1=F2=E2=F3=E9=F2=E5, =D1 =F3=E2=E0=E6=E5=ED=E8=E5=EC, Millicent --028121e0413199332f382e8001ef Content-Type: text/html; charset="windows-1251" Content-Transfer-Encoding: quoted-printable <HTML><HEAD> <META http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dwindows= -1251"> </HEAD> <BODY bottomMargin=3D5 leftMargin=3D5 rightMargin=3D5 topMargin=3D5=20 bgColor=3D#ffffff><FONT color=3D#000000 size=3D2 face=3DArial> <DIV>=C7=E4=F0=E0=E2=F1=F2=E2=F3=E9=F2=E5, </DIV> <DIV> </DIV> <DIV> </DIV> <DIV>=D1 =F3=E2=E0=E6=E5=ED=E8=E5=EC, Millicent</DIV></FONT></BODY></HTML= > --028121e0413199332f382e8001ef-- ----------=_14949281932053952960--
icgit2 Posted February 4, 2018 Author Posted February 4, 2018 Hi. Today my account was suspended again. Before I was suspended I started receiving replies to e-mails that I never sent and immediately changed the password for that account. username: ICGITserver: Tommydomain: www.icgit.com.uy
icgit2 Posted February 4, 2018 Author Posted February 4, 2018 All my email accounts are used only from gmail accounts. I do not understand how it is possible that someone has obtained the password and they have used it to send spam. The cpanel password generator is safe? Or is it possible that someone has those passwords?
Recommended Posts