Email account hacked

Avatar
  • Answered
one of our email accounts seems to have been hacked. every 60 seconds it sends out 10-20 emails from the [email protected] account. It appears to be using one of the pages on the site X-PHP-Script: www.bodybyvenus.com/catalog/tell_a_friend.php for 76.72.169.28

But I looked at the code it is unchanged -

HELP!!!!!


* Are you getting any error messages?
No, other than receiving the bounce message in the inbox every few seconds.

* When did the issue begin occurring and how can we replicate it?
a few days about - no cannot replicate - can't find our why its doing it

* What software are you using to build your site?

CRELoaded

----- Original Message ----- From: "Mail Delivery System"
To:
Sent: Thursday, June 07, 2012 9:36 PM
Subject: Mail delivery failed: returning message to sender


This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:

[email protected]
SMTP error from remote mail server after RCPT TO::
host email.bdbiman.com [203.202.240.170]: 550 5.1.1 User unknown

------ This is a copy of the message, including all the headers. ------

Return-path:
Received: from bodyby9 by vps3966.inmotionhosting.com with local (Exim 4.69)
(envelope-from )
id 1ScqwH-0007EI-8B
for [email protected]; Thu, 07 Jun 2012 21:36:45 -0700
To: "[email protected]"
Subject: Your friend ##### HURRY #### Run Your Car On Water, Triple Your Mileage And Laugh At Rising Gas Prices... ######### has recommended this great product from www.bodybyvenus.com
X-PHP-Script: www.bodybyvenus.com/catalog/tell_a_friend.php for 76.72.169.28
From: "##### HURRY #### Run Your Car On Water, Triple Your Mileage And Laugh At Rising Gas Prices... #########"
MIME-Version: 1.0
X-Mailer: bodybyvenus.com
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Message-Id:
Date: Thu, 07 Jun 2012 21:36:45 -0700


Hi [email protected]!Your friend, ##### HURRY #### Run Your Ca=
r On Water, Triple Your Mileage And Laugh At Rising Gas Prices... #########=
, thought that you would be interested in Caribbean Pirate Costume (CRO-130=
7) from www.bodybyvenus.com.#######################################=
#########################Hi!Aren`t you tired of payingmore =
and more for the same amount of gas?=3D=3D http://myls.me/r/?cn=3Dh=
hoWell, I have some GREAT news for you.Right now there is a=
method to use waterto save up to 67.34% of your fuel.That`s 1,=
000s of dollars in gas savings!=3D=3D http://myls.me/r/?cn=3Dhh=
oThe best part is that you can tripleyour mileage WHILE imp=
roving performanceand reducing smog.=3D=3D http://myls.me/r=
/?cn=3DhhoThank you!
Avatar
Scott
Hello BodyByV, There are a couple of things you can do. If your ecommerce program has the ability, you will want to add a captcha to any forms on your site. This prevents bots from using them to send spam. This may not be an available feature on your ecommerce, however. Another thing you can do is to change the password for the email address in question, in case they are getting in directly. Also, you can ban that IP address from contacting your site using the cpanel IP deny manager. And finally, in case your email is being spoofed (means someone sends email from another location but using your email as a return address) you can add SPF records and Domain Keys to your account. The logs do indicate that the email was sent from your server using the contact_us@ email address, so using these suggestions should resolve the issue. I hope this answers your question. If you have any more questions or information specific to the issue please leave a comment below so we can further assist you. Best regards, Scott M