Is someone sending emails through my sendmail server??
Hi Im receiving some spam emails from my account firstname.lastname@example.org on my hotmail inbox and when I check the email source code I guess that emails are being sended from my server, but Im not sure.
The worst of this is that the email passes the sender ID auth.
This is my server IP 188.8.131.52
This is my server hostname: levelagency.com
And here is the emails source code:
Any help please, thanks!
All of the email headers with the x- prefix are cpanel/exim config specific and in all honesty I never paid any attention to them. The real gritty stuff is the recieved by headers. These look to indicate the email IS being generated from the server itself and looks to be coming from Apache.
The first thing you should do is disable any contact or mail forms on your website to see if that resolves the issue. If it does you know where your problem lies and can start looking at sanitizing the form inputs to prevent people from compromising the site.
You can compare the timestamp of Tue, 19 Jun 2012 20:09:03 +0100 with your apache access logs, /var/log/httpd/access.log.
Once you find the IP of the guy who is abusing the form add an IPtable drop rule to drop his IPs connection.
After looking at your site, its wordpress... Very notorious for compromise of this fashion. Take a look at wordpress.org/extend/plugins/email-spam-protection/, customers of mine at the web host company I worked for have used it and have reported alot of success in protecting their contact forms.
|All times are GMT -5. The time now is 01:40 AM.|