Portal Home > Knowledgebase > Articles Database > Am I hacked I receive emails from my own domain?
Am I hacked I receive emails from my own domain?
Posted by Helpmehelpmyself, 05-08-2015, 11:20 AM |
Today I received an email
admin@mydomain.com
sending to my other email info@mydomain.com
asking me to download a microsoft document. it seems the document has virus
What is going on?
|
Posted by Andei, 05-08-2015, 11:23 AM |
Check the email header to see if it was indeed sent from your server or not.
|
Posted by EthernetServers, 05-08-2015, 11:31 AM |
Do you have root access to this machine, or is it just a shared hosting account? As mentioned above, checking the headers will certainly help, but you can also review your MTA (Mail Transport Agent) logs (e.g. Qmail, Postfix, Exim) assuming you have root access.
|
Posted by iserversupport, 05-08-2015, 11:31 AM |
Check email header or mail server logs, best to change account password asap
|
Posted by Helpmehelpmyself, 05-08-2015, 11:37 AM |
See this is the header mydomain.com is mine just for my privacy I changed it to mydomain.com the rest is as it has been sent
From idoeugwk@bossequip.com Fri May 08 23:03:29 2015
Received: from p5de4706f.dip0.t-ipconnect.de ([93.228.112.111]:1931)
by mydomain.com with esmtp (Exim 4.85)
(envelope-from )
id 1Yqis3-0001Y9-JG
for admin@mydomain.com; Fri, 08 May 2015 23:03:29 +0900
Received: from 0818.mydomain.com (10.126.92.131) by mydomain.com (10.0.0.190) with Microsoft SMTP Server id S5K9583B; Thu, 24 Jul 2014 09:38:37 GMT
Date: Thu, 24 Jul 2014 09:31:34 GMT
From: "Administrator@sales"
Message-ID: <78099499996811581606965488439578861598475@mydomain.com>
To: sales@mydomain.com
Subject: Administrator - Exchange Email id6107509
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_Next_32470_0570260786.6868733875298"
------=_Next_32470_0570260786.6868733875298
Content-Type: text/plain;
Content-Transfer-Encoding: 8bit
|
Posted by Helpmehelpmyself, 05-08-2015, 12:15 PM |
It seems to me emails are coming from this domain http://bossequip.com/ apparently this is the domain that has been hacked and been used to send emails with virus attachments , probably need to contact those guys
|
Posted by Helpmehelpmyself, 05-08-2015, 01:43 PM |
Wow so many smart guys here but can't tell ?
|
Posted by ServerGigs, 05-08-2015, 02:53 PM |
Yet another way to trick you and compromise your credentials. The mail is not sent from your server, but made to look as if its from yours.
If you have downloaded / opened the document which may contain virus, reset your password.
|
Posted by Ash, 05-08-2015, 03:29 PM |
p5de4706f.dip0.t-ipconnect.de ([93.228.112.111]:1931)
Is that your server? If yes you have a problem, if no it's just spam.
|
Posted by acm_whr, 05-08-2015, 04:17 PM |
It clearly shows that mails are coming from random addresses from bossequip.com. The said domain is spamming your server, you can filter those mails from the said domain on the server.
|
Posted by athuey, 05-08-2015, 04:39 PM |
It means nothing
The source address of an email is not in any way authenticated and it can be spoofed easily.
It is like you write a letter to the boss and put the name of a coworker at the bottom
|
Add to Favourites Print this Article
Also Read