Spammer is using my email to send spam

[jonMEGA]

I been getting alot of returned email from places I didnt send to and from accounts I dont have, i.e. d534fk8p@jonmega.com

How do I stop them from using my account in this way?

 

[GroundZero]

change your passwords, scan for trojans and virri, use a firewall, notify your isp.

 

[jonMEGA]

Originally posted by: GroundZero
change your passwords, scan for trojans and virri, use a firewall, notify your isp.

Did all of thoose

 

[yoda291]

you do realize you can send mail under the guise of someone else's address. Lots of servers have safeguards against it, but not all do and many mail clients don't display headers by default so you may never know. If you like, I can send you an email from you to you.

 

[Yossarian]

are you sure you aren't sleepwalking and sending out a lot of spam yourself?

 

[jonMEGA]

Originally posted by: PipBoy
are you sure you aren't sleepwalking and sending out a lot of spam yourself?

I'm sure

 

[jonMEGA]

Here is one of the returned email with the header displayed:

Hi. This is the qmail-send program at aloha.net.
I'm afraid I wasn't able to deliver your message to the following addresses.
This is a permanent error; I've given up. Sorry it didn't work out.

<butch4@aloha.net>:
Sorry, no mailbox here by that name. (#5.1.1)

<crina@aloha.net>:
Sorry, no mailbox here by that name. (#5.1.1)

<boone1@aloha.net>:
Sorry, no mailbox here by that name. (#5.1.1)

<abrown9@aloha.net>:
Sorry, no mailbox here by that name. (#5.1.1)

--- Below this line is a copy of the message.

Return-Path: <0uyvmas6r@jonmega.com>
Received: (qmail 16884 invoked from network); 27 Mar 2003 20:26:34 -0000
Return-Path: <0uyvmas6r@jonmega.com>
Received: from unknown (HELO ELIK) (80.179.45.166)
by koa.aloha.net with SMTP; 27 Mar 2003 20:26:27 -0000
Received: from is7c.jyzlucy.net [70.2.188.215]
by ELIK SMTP id 70Dgl2Aj40ZXd8;
Thu, 27 Mar 2003 17:22:03 +0000
Message-ID: <8$u0x2s28--e4r8@pjf21g41.4z9n>
From: "Austin Eastman" <0uyvmas6r@jonmega.com>
To: <butch4@aloha.net>, <crina@aloha.net>, <boone1@aloha.net>,
<abrown9@aloha.net>, <maeno@aloha.net>
Subject: infeccion sbssion sa
Date: Thu, 27 Mar 03 17:22:03 GMT
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4133.2400
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary=".F.7E82._AECB_.69F"

This is a multi-part message in MIME format.

--.F.7E82._AECB_.69F
Content-Type: text/html
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; charset=3Diso-8859-1=
">
<META content=3D"MSHTML 6.00.2800.1141" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV>
<TABLE height=3D31 width=3D489 bgColor=3D#ffffff border=3D0>
<TBODY>
<TR>
<TD align=3Dmiddle width=3D"100%" bgColor=3D#ffffff height=3D25><FONT =
face=3DImpact
color=3D#cc0000 size=3D3>Take Control of Your Computer With This
Top-of-the-Line Software!</FONT></TD></TR></TBODY></TABLE></DIV>
<DIV>
<TABLE style=3D"BORDER-COLLAPSE: collapse" borderColor=3D#ffffff height=3D=
567
cellSpacing=3D3 borderColorDark=3D#000000 cellPadding=3D3 width=3D489 bgCo=
lor=3D#990033
borderColorLight=3D#ffff99 border=3D5>
<TBODY>
<TR>
<TD borderColorLight=3D#ffffff width=3D467 borderColorDark=3D#ffff99 h=
eight=3D555>
<TABLE borderColor=3D#ffffff height=3D86 width=3D"100%" bgColor=3D#f=
fff99
border=3D6>
<TBODY>
<TR>
<TD align=3Dmiddle width=3D"100%" height=3D80><B><FONT face=3DTa=
homa
color=3D#ff0000 size=3D6>Norton SystemWorks 2003 </FONT><FONT =

face=3DTahoma color=3D#000000 size=3D5>Software Suite</FONT><F=
ONT
face=3D"Times New Roman" color=3D#ff0000 size=3D6>
-<I>Prof=
essional
Edition</I>-</FONT></B></TD></TR></TBODY></TABLE>
<TABLE height=3D62 width=3D"100%" border=3D0>
<TBODY>
<TR>
<TD align=3Dmiddle width=3D"100%" height=3D56><B><FONT face=3DTa=
homa
color=3D#ffffff size=3D4>Includes Six - </FONT><I><FONT
face=3D=
Tahoma
color=3D#ffff99 size=3D4>Yes 5 !</FONT></I><FONT face=3D=
Tahoma
color=3D#ffffff size=3D4>- Feature-Packed Utilities
ALL for=

</FONT><FONT face=3DTahoma color=3D#ffff99 size=3D4>1</FONT><F=
ONT
face=3DTahoma color=3D#ffffff size=3D4> Special </FONT><FONT f=
ace=3DTahoma
color=3D#ffff99 size=3D4>LOW</FONT><FONT face=3DTahoma
color=3D=
#ffffff
size=3D4> Price of </FONT><FONT face=3DTahoma color=3D#ffff99 =
size=3D4>Only
$39.99!</FONT></B></TD></TR></TBODY></TABLE>
<TABLE borderColor=3D#ffffff height=3D135 width=3D"100%" bgColor=3D#=
800000
border=3D4>
<TBODY>
<TR>
<TD borderColor=3D#800000 width=3D"100%" bgColor=3D#ffff99
height=3D129><B><FONT face=3DTahoma size=3D2><FONT color=3D#00=
0000>This
Software Will:</FONT><FONT color=3D#ffffff>
</FONT><F=
ONT
color=3D#ff0000>- Protect your computer from unwanted and
<I>hazardous</I> viruses
- Help secure your private &=
amp;
valuable information
- Allow you to transfer files an=
d send
e-mails <U>safely</U>
- Backup your ALL your data qui=
ck and
easily
- Improve your PC's performance w/<I>superior<=
/I>
integral diagnostics!
- <I>You'll NEVER have to take =
your
PC to the repair shop
AGAIN!</I></FONT></FONT></B></TD></TR></TBODY></TABLE>
<TABLE borderColor=3D#ffff99 height=3D4 width=3D"100%" bgColor=3D#ff=
ffff
border=3D4><TBODY>
<TR>
<TD width=3D"100%" height=3D1>
<P align=3Dcenter><B><FONT face=3DTahoma size=3D5><FONT
color=3D#000000><FONT color=3D#ff0000>5</FONT> Feature-Packed =
Utilities
</FONT><FONT color=3D#000080 size=3D5>
</FONT><U><FONT
color=3D#ff0000>1</FONT><FONT color=3D#000000> Great
Price</FONT></U><FONT color=3D#000000 size=3D5>
A <FONT
color=3D#ff0000>$300+</FONT> Combined Retail Value </FONT><I><=
FONT
color=3D#ff0000>YOURS</FONT></I> <FONT color=3D#000000>for Onl=
y <FONT
color=3D#ff0000>$39.99!</FONT> </FONT></FONT><FONT
size=3D6>
</FONT></B><FONT face=3DTahoma size=3D4><FONT
color=3D#000000>< Price Includes </FONT><FONT
color=3D#ff0000>FREE</FONT><FONT color=3D#000080> </FONT><FONT=

color=3D#000000>Shipping! ></FONT></FONT></P></TD></TR></TB=
ODY></TABLE>
<P align=3Dcenter><B><FONT face=3DArial color=3D#ffffff size=3D3>Don=
't fall prey
to destructive viruses or hackers!
Protect your computer an=
d your
valuable information and</FONT></B></P>
<TABLE borderColor=3D#ffff99 height=3D44 width=3D"100%" bgColor=3D#f=
fff99
border=3D4>
<TBODY>
<TR>
<TD align=3Dmiddle width=3D"100%" bgColor=3D#ffffff height=3D38>=
<B><A
style=3D"FONT-WEIGHT: bold; FONT-SIZE: 14pt; COLOR: #ff0000; F=
ONT-FAMILY: Verdana"
href=3D"http://www.antivirusline.com/nsw26.htm"><FONT face=3DT=
ahoma
color=3D#ff0000 size=3D4>-> CLICK HERE to Order Yours NOW! =

<-</FONT></A></B></TD></TR></TBODY></TABLE>
<P align=3Dcenter><FONT face=3DTahoma color=3D#ffffff size=3D1>Opt-O=
ut
Instructions:
We are strongly against sending unsolicited emails =
to
those who do not wish to receive our special mailings. You have opte=
d in
to one or more of our affiliate sites requesting to be notified of a=
ny
special offers we may run from time to time. We also have attained t=
he
services of an independent 3rd party to overlook list management and=

removal services. This is NOT unsolicited email. If you do not wish =
to
receive further mailings, please visit the link below be removed fro=
m the
list. Please accept our apologies
if you have been sent this emai=
l in
error. We honor all removal requests. Submit your remove request at:=
<A
href=3D"http://antivirusline.com/goodbye.html"><FONT
color=3D#ffff00>http://antivirusline.com/goodbye.html</FONT></A>.</F=
ONT></P></TD></TR></TBODY></TABLE></DIV></BODY></HTML>
oknstwlnbpefugtfwojksog buhg z v eyfsep zwidae
--.F.7E82._AECB_.69F--

 

[spartan]

What most probably happened was that the spammer put the 'Reply-To' header in your e-mail. So all invalid e-mails that were send are being returned to you. I've heard of this happening before and I don't think there's anything you can do but just wait all the returned mail (and people who reply saying that they want to unsubscribe, or say nasty things) to die down.

 

[silverpig]

I did a thread on this just a few days ago. It was happening to me as well. Someone had put my email in the reply to part of the header so that when they sent out their spam, any error messages would be sent to me. Well, I got the IP from the header that was sent to me, and traced it back to the ISP. I emailed them and after a conversation, they said they would try to find whoever was doing it and stop them for me.

 

[andrey]

Originally posted by: jonMEGA
I been getting alot of returned email from places I didnt send to and from accounts I dont have, i.e. d534fk8p@jonmega.com

How do I stop them from using my account in this way?

Not sure if that's the case with you, but several months ago I woke up to check my mail and woo hooo... My mailbox was full of returned e-mail and they kept on coming and coming in 100s each minute. My first thought, who the fvck hacked my account???? Especially considering the fact that my site isn't a microsoft.com or riaa.org

After doing some investigation, I determined that there was one file, formmail.pl which was accessed at least 10 times per second. Of course, I removed this file right away and only later discovered that the version of formmail which I had was an older one, and it was allowing under certain condition to rely smtp traffic through with forged headers.

The point of all this is check your site first and make sure you have absolutely no security holes, outdated files or unncessary scripts which can be accessed from outside. Once again, I'm not sure if that's the case, but check formmail.pl just to be on a safe side.

-- Andrey