Email address compromised - 1000's of spam emails being sent

[Time2Kill]

This is the first time I've had something like this happen and no idea how to solve it. For the past 10 days, I've been getting several hundred Undeliverable/Bounced back emails to my email account. They're all spam emails that I did not personally send, but are originating from my email address.

I've ran AVG virus scan and Malware Bytes on all my PCs and phone that have access to that email and have repeatedly changed passwords with absolutely no luck in getting this to stop.

Does anyone have any recommendations on how to solve this?

This is the header from one of the bounced emails:

Return-Path: <ti****@eadperformance.com>
Received: by gateway34.websitewelcome.com (Postfix, from userid 500)
id 33B7433D3E9E; Mon, 11 May 2015 18:09:30 -0500 (CDT)
Received: from cm2.websitewelcome.com (unknown [192.185.178.13])
by gateway34.websitewelcome.com (Postfix) with ESMTP id 319F433D3E84
for <marv_lysak@yahoo.com>; Mon, 11 May 2015 18:09:30 -0500 (CDT)
Received: from gator4123.hostgator.com ([192.185.4.135])
by cm2.websitewelcome.com with
id Sn9V1q00G2unBdc01n9Wmn; Mon, 11 May 2015 18:09:30 -0500
Received: from [2.177.28.231] (port=50410 helo=[127.0.0.1])
by gator4123.hostgator.com with esmtpa (Exim 4.82)
(envelope-from <ti*****@eadperformance.com>)
id 1YrveK-0007WG-N1; Mon, 11 May 2015 16:54:09 -0500
Message-ID: <55512500.6BCA9524@eadperformance.com>
Date: Mon, 11 May 2015 21:54:11 +0000
From: "Brittany Stryker" <ti*****@eadperformance.com>
Subject: greets
To: andycozz@hotmail.com, poluch22@hotmail.com, slob_o@hotmail.com,
bayemt@hotmail.com, marv_lysak@yahoo.com, garhi40@hotmail.com
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset=UTF-8
X-Mailer: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.0.2) Gecko/20021120
Netscape/7.01
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - gator4123.hostgator.com
X-AntiAbuse: Original Domain - yahoo.com
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - eadperformance.com
X-BWhitelist: no
X-Source-IP: 2.177.28.231
X-Exim-ID: 1YrveK-0007WG-N1
X-Source:
X-Source-Args:
X-Source-Dir:
X-Source-Sender: ([127.0.0.1]) [2.177.28.231]:50410
X-Source-Auth: ti****@eadperformance.com
X-Email-Count: 89
X-Source-Cap: ZWFkcGVyZjE7ZWFkcGVyZjE7Z2F0b3I0MTIzLmhvc3RnYXRvci5jb20=

 

[Elixer]

Is eadperformance.com your domain?
It is being sent from 2.177.28.231 which isn't a MI IP, so, looks like they are using SMTP on your server. Lock it down, it tell the hosting company to do it.

 

[Time2Kill]

Is eadperformance.com your domain?
It is being sent from 2.177.28.231 which isn't a MI IP, so, looks like they are using SMTP on your server. Lock it down, it tell the hosting company to do it.

There's quite a few different IPs being used, mostly in the middle east, vietnam, and india.

Any chance that the email is just being spoofed with my email as a return/sender?

eadperformance.com is my domain.

 

[Elixer]

There's quite a few different IPs being used, mostly in the middle east, vietnam, and india.

Any chance that the email is just being spoofed with my email as a return/sender?

eadperformance.com is my domain.

They are using your e-mail server.

Received: from [2.177.28.231] (port=50410 helo=[127.0.0.1])
by gator4123.hostgator.com with esmtpa (Exim 4.82)
(envelope-from <ti*****@eadperformance.com>)

Either call your hosting company, and tell them or, if you are responsible for the server in question, then you need to change passwords, and lock it down.
I would change passwords to your account in either case.

 

[Time2Kill]

They are using your e-mail server.

Either call your hosting company, and tell them or, if you are responsible for the server in question, then you need to change passwords, and lock it down.
I would change passwords to your account in either case.

I'm with hostgator. Changed the passwords multiple times, doesn't effect it. Also changed Cpanel password.

I've got three open tickets with Hostgator about this issue, all 7-10 days old and not a single response. Hostgator doesn't seem to give a crap or want to help.

From other people I talked to, it looks like the emails are being spoofed with my return info and not actually originating from my email server but who knows...

 

[Elixer]

Just to be clear, the above, what you posted, is going through hostgator.
RE-reading what you said, this is only the bounce e-mail, which, makes sense that it would be going through hostgator, since the Return-Path: <ti****@eadperformance.com> line.

Would need the actual e-mail (with full headers) being sent to see anything more.
However, hostgator should & can filter out all this crap and not let it spam you to death.
Might be better to go with a better host.

 

[inachu]

Back in the day I used to know how to spoof and make the email look like it came from satan@god.com

I think if memory serves me right all they need is the IP of the email server and use any email address. They could be using a relay inside your company so that the email server will trust the data being sent. So either lock down any relays on your domain or get rid of them entirely. Also as the other emails above mine mention locking down the email server even more.

 

[IlllI]

first mistake was going with hostgator

 

[corkyg]

Delete that email account totally. Replace it with another address as well as password.