Using site to Sent Mass Spam Messages

**Andros** · 09-10-2009, 10:11 AM

Today, I have received over 150 messages marked undelivered. Seems like someone is using one of my indexu sites to sent mass spam messages.

This is a copy of your message, including all the headers. ------

To:
Subject: Hello Dear
From: <erlatb1@yahoo.com>
X-Mailer: INDEXU_X-Mailer/1.0
Message-Id: <E1MllBd-0005I7-Ll@cyprus.cyprusexplorer.com>
Date: Thu, 10 Sep 2009 18:03:49 +0300

Hello Dear

My late husband was recently killed in Tagum City Philippine on 22nd May 2008. I am contacting you because I have no other choice than to look for someone who I will trust who will help me by saving the future of my children....

Any idea how to prevent this?

**dody** · 09-10-2009, 01:19 PM

Does it send only to you (admin) ?

**Andros** · 09-11-2009, 12:48 AM

No, it sents to all members in database. My server is configured messages that have failed to be sent to notifiy me. There are email addresses in database that have changed or unable to receive messages for one reason or another. Now the admin password is quite strong , letters, numbers, capital and small case. How did this person do this?

Return-path: <nobody@cyprus.cyprusexplorer.com>
Received: from nobody by cyprus.cyprusexplorer.com with local (Exim 4.69)
(envelope-from <nobody@cyprus.cyprusexplorer.com>)
id 1MlsfO-0000uj-Ol
for dimitriowen@gmail.com; Fri, 11 Sep 2009 02:03:02 +0300
To: dimitriowen@gmail.com
Subject: Hello Dear
From: <erlatb1@yahoo.com>
X-Mailer: INDEXU_X-Mailer/1.0
Message-Id: <E1MlsfO-0000uj-Ol@cyprus.cyprusexplorer.com>
Date: Fri, 11 Sep 2009 02:03:02 +0300

**FSGDAG** · 09-13-2009, 09:13 AM

Is this your own dedicated server? Have you checked your server for vulnerabilities? Even if this particular site has now a strong password, if other domains on the server are weak, files can be uploaded to the server to give the spammer complete access to all DB's.

**dody** · 09-13-2009, 10:33 PM

Did you also get spam submission? I mean when someone can break the captcha, it is possible to submit [send email] in each detail page. This is the only way to spam indexu users.

I suggest to use recaptcha instead of default indexu captcha.

**Andros** · 09-15-2009, 04:35 AM

Ok, I will try recaptcha

Thread: Using site to Sent Mass Spam Messages

Thread Tools

Display

Using site to Sent Mass Spam Messages

Similar Threads

Mass Changes to Category's

Category Mass Edit

Mass Edit and Claiming Links

Mass Emailer Hack...!

Mass delete votes and disable ?

Posting Permissions