Am I hacked I receive emails from my own domain?

Portal Home > Knowledgebase > Articles Database > Am I hacked I receive emails from my own domain?

Posted by Helpmehelpmyself, 05-08-2015, 11:20 AM
Today I received an email admin@mydomain.com sending to my other email info@mydomain.com asking me to download a microsoft document. it seems the document has virus What is going on?
Posted by Andei, 05-08-2015, 11:23 AM
Check the email header to see if it was indeed sent from your server or not.
Posted by EthernetServers, 05-08-2015, 11:31 AM
Do you have root access to this machine, or is it just a shared hosting account? As mentioned above, checking the headers will certainly help, but you can also review your MTA (Mail Transport Agent) logs (e.g. Qmail, Postfix, Exim) assuming you have root access.
Posted by iserversupport, 05-08-2015, 11:31 AM
Check email header or mail server logs, best to change account password asap
Posted by Helpmehelpmyself, 05-08-2015, 11:37 AM
See this is the header mydomain.com is mine just for my privacy I changed it to mydomain.com the rest is as it has been sent From idoeugwk@bossequip.com Fri May 08 23:03:29 2015 Received: from p5de4706f.dip0.t-ipconnect.de ([93.228.112.111]:1931) by mydomain.com with esmtp (Exim 4.85) (envelope-from ) id 1Yqis3-0001Y9-JG for admin@mydomain.com; Fri, 08 May 2015 23:03:29 +0900 Received: from 0818.mydomain.com (10.126.92.131) by mydomain.com (10.0.0.190) with Microsoft SMTP Server id S5K9583B; Thu, 24 Jul 2014 09:38:37 GMT Date: Thu, 24 Jul 2014 09:31:34 GMT From: "Administrator@sales" Message-ID: <78099499996811581606965488439578861598475@mydomain.com> To: sales@mydomain.com Subject: Administrator - Exchange Email id6107509 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_Next_32470_0570260786.6868733875298" ------=_Next_32470_0570260786.6868733875298 Content-Type: text/plain; Content-Transfer-Encoding: 8bit
Posted by Helpmehelpmyself, 05-08-2015, 12:15 PM
It seems to me emails are coming from this domain http://bossequip.com/ apparently this is the domain that has been hacked and been used to send emails with virus attachments , probably need to contact those guys
Posted by Helpmehelpmyself, 05-08-2015, 01:43 PM
Wow so many smart guys here but can't tell ?
Posted by ServerGigs, 05-08-2015, 02:53 PM
Yet another way to trick you and compromise your credentials. The mail is not sent from your server, but made to look as if its from yours. If you have downloaded / opened the document which may contain virus, reset your password.
Posted by Ash, 05-08-2015, 03:29 PM
p5de4706f.dip0.t-ipconnect.de ([93.228.112.111]:1931) Is that your server? If yes you have a problem, if no it's just spam.
Posted by acm_whr, 05-08-2015, 04:17 PM
It clearly shows that mails are coming from random addresses from bossequip.com. The said domain is spamming your server, you can filter those mails from the said domain on the server.
Posted by athuey, 05-08-2015, 04:39 PM
It means nothing The source address of an email is not in any way authenticated and it can be spoofed easily. It is like you write a letter to the boss and put the name of a coworker at the bottom