Jump to content



Photo

My Own Website is Sending Me Spam - How Do I Stop it?


  • Please log in to reply
11 replies to this topic

#1 Sir Topham Hatt

Sir Topham Hatt

    A Very Talented Individual

  • 6,699 posts
  • Joined: 02-November 03
  • Location: Island of Sodor, UK

Posted 24 April 2014 - 18:07

So, recently my website has been emailing me with messages asking me to download a zip file.

 

One came from admin@mysite,com, another from fax-report@mysite.com - these addresses do not exist.

 

Attachments are: Balance-Sheet.zip and ATT00001

 

My site is a closed website with one index page, no links, no nothing.  I only use it to forward email me@mysite.com to an outlook.com address.  I have set the mail settings to reject all email being sent to other addresses, apart from those I specify.

 

How is whatever it is doing it?

How can I stop it?

 

Thanks




#2 Juguard

Juguard

    ...

  • 528 posts
  • Joined: 11-August 02

Posted 24 April 2014 - 18:12

Virus on your computer?  Your email got compromised, and its used by spammers.  Or your website got compromised.



#3 OP Sir Topham Hatt

Sir Topham Hatt

    A Very Talented Individual

  • 6,699 posts
  • Joined: 02-November 03
  • Location: Island of Sodor, UK

Posted 24 April 2014 - 18:18

Hmm, MSE reports no viruses and the hoster would know if there was some sort of infection.

I have opened a support ticket with them but don't know if anyone has any pointers here.  I know emails can be fudged to look like they come from another address, so I presume this is happening here.



#4 Juguard

Juguard

    ...

  • 528 posts
  • Joined: 11-August 02

Posted 24 April 2014 - 18:22

Try doing a scan with https://www.malwarebytes.org/ and http://usa.kaspersky...oads/TDSSKiller

 

Also, I would get a premium anti-virus, something like Kapserksy, or Nod32.  ... Don't change password yet, until you are sure your computer is clean, or change from a different computer you know is clean.



#5 Juguard

Juguard

    ...

  • 528 posts
  • Joined: 11-August 02

Posted 24 April 2014 - 18:42

Also, look at your email header to see where its coming form, and send that header to your host.



#6 HawkMan

HawkMan

    Neowinian Senior

  • 21,340 posts
  • Joined: 31-August 04
  • Location: Norway
  • Phone: Noka Lumia 1020

Posted 24 April 2014 - 18:43

e-mail adresses are easily spoofed, you can do it yourself. 

 

what's happening is that the spam company found your website/domain and used it's domain name to send spam, probably to more people than just you. But it also included one or more catch all addresses in your domain (or you had an easily guessed main address on it) on the spam list it used for sending mail with your spam url.

 

a second alternative is that you're misreading the mail headers and these are actually returned mails because the address is unknown because the spammers is trying to spoof your mail Then they get returned to your server, and your server will dump them in your catch all because it can't find the address.

 

Happens all the time when you own a domain, not much you can do about it. you can disable the catch all, or create a specific spam mail and tell the mail server to put all the catch all mails in that. If the actually found/guess your actual mail and is sending spam directly to that, then there's not much you can do. something you just have to live with when owning a domain. 



#7 xrobwx

xrobwx

    Neowinian

  • 720 posts
  • Joined: 14-June 03
  • Location: Panama City Beach, FL USA
  • OS: Win 8.1
  • Phone: Galaxy Note II

Posted 24 April 2014 - 18:46

Change the password.



#8 +LogicalApex

LogicalApex

    Software Engineer

  • 6,150 posts
  • Joined: 14-August 02
  • Location: Philadelphia, PA
  • OS: Windows 7 Ultimate x64
  • Phone: Nexus 5

Posted 24 April 2014 - 18:47

Depends on what you have as an MTA and how it is configured to handle SPAM. The most straight forward solution is to implement SPF/Domain Keys to make it easier for your anti-spam engine to pick it up and block it.

 

http://en.wikipedia....olicy_Framework



#9 +warwagon

warwagon

    Only you can prevent forest fires.

  • 25,846 posts
  • Joined: 30-November 01
  • Location: Iowa

Posted 24 April 2014 - 18:49

Hmm, MSE reports no viruses

 

Said ----- Everyone ---- Ever!

 

You are in serious need of a second opinion.

 

But like others have said, its trivial to spoof an email address.



#10 Ambroos

Ambroos

    Neowinian Senior

  • 6,012 posts
  • Joined: 16-January 06
  • Location: Belgium

Posted 24 April 2014 - 18:56

Depends on what you have as an MTA and how it is configured to handle SPAM. The most straight forward solution is to implement SPF/Domain Keys to make it easier for your anti-spam engine to pick it up and block it.

 

http://en.wikipedia....olicy_Framework

 

This. Ask your webhost to set up SPF for your domain. They should be able to do that and it helps email providers to filter them out as spam without affecting genuine emails.



#11 HawkMan

HawkMan

    Neowinian Senior

  • 21,340 posts
  • Joined: 31-August 04
  • Location: Norway
  • Phone: Noka Lumia 1020

Posted 24 April 2014 - 18:57

it's extremely unlikely this has to do with any malware or hacked e-mail accounts

 

anyone who's ever owned a domain will experience this. 



#12 Aergan

Aergan

    Neowinian Senior

  • 2,332 posts
  • Joined: 24-September 05
  • Location: Staffordshire, UK
  • OS: Windows 8.1 Pro / Server 2012 R2 / Xubuntu 14.04
  • Phone: Sony Xperia Z1

Posted 24 April 2014 - 19:10

Used to be a common issue for me until I signed up for a whois guard service on a different domain name (emails from admin@myregistereddomain.com etc to my gmail account that was in the WHOIS info).

I still get crap in my catch-all, but that's to be expected.





Click here to login or here to register to remove this ad, it's free!