Thread: Someone hacked my email account, now what?

UGH! Just woke up to a mailbox full of over 400 emails returned Daemons, someone has apparently hacked into my websites email and tried to send out those annoying financial pdfs to people. I can't believe this is happening, my second time being hacked in a month, these guys really piss me off! What a great way to wake up in the morning. Still waiting to see how this happened from my server people

Do the e-mails show up in your "sent items"?
Did you check the headers on some of those "returned" messages?

It's possible that nothing got hacked at all. That's why I ask.

Zap is correct, it could be a spoof...

I've had my domains spoofed a few times already.

I've even had spoofed spam sent to me that was from one of my own old domains!!! mg: Freaked me out!

Yeah I've had it done before as well, sucks people think you are actually sending them!

You can make some edits to try to stop it, not 100% effective though. To early for me to get into how to do it either

I'm voting for spoofed too. One of my 4 letter .coms gets spoofed so bad I've now shut off all mail services to that domain, it's just a redirect anywho so not a big deal. You'd be surprised at how many emails I recieved from people cursing me out because "I" sent them spam.

The worst is when the spoofers spoof from admin or webmaster.. Grrr I need those addresses!

Yes it was a spoof but still very annoying! I just feel so attacked lately. First my forum was hacked and everything deleted now this. Plus just spent all morning trying to save Scott's computer it apparently had a major virus attack and I need to reinstall windows... but of course I don't have the right disk. Downfall of too many computers, I get the disks mixed up. So now I have a computer totally wiped out and have to wait until Monday at the earliest to get the new windows disk. Thank god our guarantee wasn't up on the computer LOL What a freaking day its been. I'm still get mail daemens too from whoever is doing this and I don't have anything I can do to stop him I don't think?

Originally Posted by Kaos

Yes it was a spoof but still very annoying! I'm still get mail daemens too from whoever is doing this and I don't have anything I can do to stop him I don't think?

Nope. Unfortunately, anyone can spoof anyone else's e-mail address and you don't have to login to the server to do it. I could change my Outlook to say that I am Bill Gates and, even with all his power, he can't stop me. It's one of the drawbacks to how the SMTP protocol works.

It should subside after a couple of days.

Sadly there is really nothing you can do about spoofed email.

People SUCK sometimes!

spf records have helped me prevent some of the spoofs. My main domain was getting hammered, daily, was getting spam reports and more.

I installed an spf record and it's gone down dramatically.

Can I just google and find that or is it something to activate on the server? "spf"

DNS Stuff: DNS tools, DNS hosting tests, WHOIS, traceroute, ping, and other network and domain name tools.

go here, run a dns report on your server/domain
Report will show errors, if you do not have an spf record it will state it and show a link to an easy to use generation tool with complete instructions.

You add the code via the edit dns function in WHM for cpanel

SPF is still going to rely on the other servers to check it, but implementing it should, at least, cut down on the number of bouncebacks you receive the next time.
And, it won't prevent someone from trying this again. You'll just get a lot fewer bouncebacks when it does happen.

Originally Posted by Zap

SPF is still going to rely on the other servers to check it, but implementing it should, at least, cut down on the number of bouncebacks you receive the next time.
And, it won't prevent someone from trying this again. You'll just get a lot fewer bouncebacks when it does happen.

Yeah it doesn't totally stop it or nothing, but anything to help
The firewall I installed also helps alot it appears, spam is way, way down.

I think the basic SMTP protocol is in need of an overhaul.
When it was created, the was no such thing as SPAM.

If all the SMTP servers authenticated the POP3 address and also authenticated the SMTP sender and checked for these 2 successful authentications at the receiving end, then we could be assured of the sender's identification on each and every e-mail we receive.

My server, errr not sure if all of them are but I believe my cpanel servers are setup to require authentication before sending. That alone nocked alot of the spoofs out of the water.

A mix of everything I believe.

Funny...

SPF is also used for sunscreen strength (another blocking mechanism).

Originally Posted by Kaos

People SUCK sometimes!

I don't mind the ones that do it goooood.

Originally Posted by Grim

spf records have helped me prevent some of the spoofs. My main domain was getting hammered, daily, was getting spam reports and more.

I installed an spf record and it's gone down dramatically.

I do not use SPF at all. It's a bad anti-forgery technique which causes legitimate mail to be blocked as much as spam. There are so many better ways to address forgery problems.

SPF breaks more things than it fixes IMO.

Some better alternatives are:

SES - Signed Envelope Sender
CSV - Certified Server Validation
BATV - Bounce Address Tag Validation
Yahoo's Domain Keys
META Signatures

Are among a few.

Do not be fooled, SPF is not a anti-spam system. Most spammers have adopted SPF themselves and as a result, most of their spam rates an SPF pass result.

SPF can be duped. Spammers can easily take responsibility for forwarded mail by modifying the headers to appear as though they come from a trusted host or a domain with reputation in the trust database.

SPF only has a whitelist not a blacklist and therefore does not give any indication that mail is valid. SPF only rejects mail it thinks is invalid.

SPF is not an internet standard and as such, having not been adopted into any standard when you publish your SPF records you are asking people to trash legitimate mail that you sent.

Nothing out there is perfect, but IMO, SPF is not a good technique for dealing with spam.

Not for spam, the spoofs though it appeared to help alot. Adding authentication requirements, spam assassin, the firewall all played a part in reducing the spoofs, bouncebacks and spam as a whole.