Where would a spam bot be located?
- by Tim
I have a hosted website using a free hosting service, I received an email this afternoon saying that I have been suspended because my account has been compromised.
Basically, someone is using my email account to mass send spam. I've changed all the passwords and everything but when my Gmail pulls the emails from the host it's still downloading loads of spam messages that show like this:
This message was created automatically by mail delivery software.
A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:
[email protected]
SMTP error from remote mail server after end of data:
host 198.91.80.251 [198.91.80.251]: 554 5.6.0 id=23634-03 - Rejected by MTA on relaying, from MTA([127.0.0.1]:10030):
554 Error: This email address has lost rights to send email from the system
------ This is a copy of the message, including all the headers. ------
Return-path: <[email protected]>
Received: from keenesystems.com ([66.135.33.211]:2370 helo=server211)
by absolut.x10hosting.com with esmtpsa (TLSv1:RC4-MD5:128)
(Exim 4.77)
(envelope-from <[email protected]>)
id 1TGwSW-002hHe-Lc
for [email protected]; Wed, 26 Sep 2012 13:35:44 -0500
MIME-Version: 1.0
Date: Wed, 26 Sep 2012 13:35:43 -0500
X-Priority: 3 (Normal)
X-Mailer: Ximian Evolution 3.9.9 (8.5.3-6)
Subject: New staff members wanted at Auction It Online
From: [email protected]
Reply-To: [email protected]
To: "Nadia Monti" <[email protected]>
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable
Message-ID: <OUTLOOK-IDM-9aed7054-6a3e-e1a4-1d5c-3e73377652a6@server211>
Date : 26 September 2012=0ATime : 13:35=0ASender : Dennise Halcomb Head =
Office Manager of RJ Auction Drop-Off Int.=0A=0ANice to meet you Nadia M=
onti=0A=0ARJ ADO Ltd., a USA based company, offers a significant amount =
of goods worldwide for our customers on eBay and other auction venues. =
Our company's main target is to provide a suitable and cost-effective se=
rvice for any person, company or fundraising company. The main purpose o=
f the administrative assistant / sales support representative is to cont=
ribute to the sales force and add convenience to our cost-effective serv=
ice dedicated to individuals, businesses, and organizations worldwide. O=
ur HR department obtained your resume from one of the various job-orient=
ed websites just to offer you this post.=0A=0AWorking Schedule: This is =
a part time and home-based offer. You won't need to spend more than 3 ho=
urs each day. Your =0Aschedule will be flexible.=0A=0ASalary: At the end=
of the trial period (it lasts for 1 month) you will be paid 1,800 EUR. =
With the average volume of clients your overall income will raise up to =
3,000 EUR per month. After the trial period is over your base salary wil=
l grow up to 2,500 EUR per month, so you will earn 5% commission from th=
e transactions completed.=0A=0AWhere?: Italy Wide. As it is a stay at ho=
me position all the communication will be carried out via email and via =
phone.=0A=0ARequirements: Access to the internet during the workday and =
basic microsoft office skills are needed. Basic knowledge of English is =
required (most of the contacts will be in English).=0A=0ACosts and Fees:=
There are NO costs at any time for our employees. All fees related to t=
his position are covered by the RJ ADO Co. Ltd..=0A=0AFurther Hiring Pro=
cess: If you are interested in position we offer, please reply to this e=
mail and send us the copy of your resume for verification.=0A=0AAfter re=
viewing all of the received applications we will reply to successful app=
licants only. Then we'll offer to these successful applicants a position=
within our firm on a trial period basis for one month beginning from th=
e date you sign a trial agreement. During this trial period you will rec=
eive full guidance and support. Employees on a one monthly trial period =
are evaluated at least one week prior to the end of their trial. During =
the trial, your supervisor can recommend termination. At the end of the =
trial period, the supervisor can offer continued employment, extension o=
f trial period, or termination. After the trial period you may ask for m=
ore hours or continue full-time.=0A=0AIf you are interested in this posi=
tion, just reply to this email and send any questions you have and the c=
opy of your resume for verification.=0A=0AThank You,=0AHR-Manager of RJ =
ADO Co. Ltd.=0A=0APermission Settings=0AYou have been referred to RJ Auc=
tion Drop-Off If you feel you received this email in error or do not wis=
h to receive future messages, please reply to this message with "remove"=
in the subject field. We will immediately update our database according=
ly. =0AWe apologize for any inconvenience caused.=0A=0ARJ Auction Drop-O=
ff Co. Ltd.
I'm not aware of how this has happened. I'm not sure how anyone could have got hold of my password. It's a simple wordpress install, at some point recently my host went down and there was a fresh install of wordpress with default admin accounts, I have a feeling it could be something to do with this. My question is, even though I've changed all my passwords it's all still happening, is there annywhere in paticular this script would be stored on my host. I really can't deal with having my hosting account suspended and my email account sending all this spam.
