Haker rozsyła spam moim kosztem?

[fizyka 0]

Witam

 

Od pewnego czasu otrzymuję mniej więcej co dwie minuty e-mail podobnego typu, jednocześnie wcześniej często dostawałem ostrzeżenia typu "250 e-mails just have been sent" a sam na pewno tyle nie wysłałem.

Wyłączyłem forum aby zmniejszyć liczbę wysyłanych e-maili (forum zostało również zaatakowane przez spamerów i było tam ponad 20.000 spamerskich kont).

 

Zastanawiam się co się dzieje i jak temu zaradzić?

 

Jedyne co mi przychodzi w tej chwili do głowy to pomysł, że być może ktoś wykorzystuje formularze na mojej stronie do rozsyłania spamu?

 

Będę wdzięczny za każdą pomoc...

 

Poniżej treść jednego z wielu podobnych e-maili.

 

 

 

This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:

 [email="as604asican@new-purse.com"]as604asican@new-purse.com[/email]
Unrouteable address

------ This is a copy of the message, including all the headers. ------

Return-path: [email="admin@fizyka.dk"]<admin@fizyka.dk>[/email]
Received: from kormoran by ssd.joi.pl with local (Exim 4.80.1)
(envelope-from [email="admin@fizyka.dk"]<admin@fizyka.dk>[/email])
id 1TkqU5-0000mj-6E
for [email="as604asican@new-purse.com"]as604asican@new-purse.com[/email]; Tue, 18 Dec 2012 07:16:57 +0100
To: [email="as604asican@new-purse.com"]as604asican@new-purse.com[/email]
Subject:
Date: Tue, 18 Dec 2012 07:16:57 +0100
From: ButSonnatot [email="as604asican@new-purse.com"]<as604asican@new-purse.com>[/email]
Reply-To: [email="as604asican@new-purse.com"]as604asican@new-purse.com[/email]
Message-ID: [email="9ede6be730046e1773cbce565bb99af5@fizyka.dk"]<9ede6be730046e1773cbce565bb99af5@fizyka.dk>[/email]
X-Priority: 3
X-Mailer: PHPMailer (phpmailer.sourceforge.net) [version 2.0.4]
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="utf-8"

NFL Jerseys Wholesale This tiny tip will be able to give your stomach time to inform you your full so you won't continue to keep eating Understanding certain meals result in a reaction, avoid individuals meals You don Damaging inhale might be a genuine romantic mood killer, so the battle for refreshing inhale turns into significantly more vigilant when going around a date

As we have just mentioned, quality sleep is something that cannot be dismissed - or at least should never be ignored These medications will assistance relax the muscle groups of the ureter allowing the stones to pass more convenient and with not as much discomfortMore Suggestions for Tattoos for femalesBesides the most popular tattoo designs for women, those which has a belief within astrology might flaunt their own zodiac signs in small to medium sized feminine variations One of these is actually lean protein

[url="http://www.cheapnikejerseysget.com"]www.cheapnikejerseysget.com[/url] and instead earns the name of chronic sinusitis Turn on to make the music, then sit or lie comfortably, close your eyes and have a deep breath That is not to say you will endure other manifestations if you have endured othersFort Collins DietThe leading edge education of Certified Medical Nutritionists result in them to become one of today's most counted on clinicians in the area of integrative complementary-alternative diet

However, people also have the choice of using smokeless cigarettes in order to continue their nicotine habit without ingesting any of the other harmful chemicals that are included in traditional cigarettes2 This final results in far more calories than you system requires and - you guessed it - extra lbs For starters, if you're a diver, you should have an appear at the basic choices in the dive watches

Jerseys Wholesale The usual pulse rate for men wouldn't be distracted except you will find difficulties with the organ or psychological condition User assessments are great due to the fact they are the unbiased belief of other users just like youDoes promiscuous persons are more likely to become infected?Not found evidence of past sexual partners a person affects the chances of being infected with HPV over the current partner, although previous studies have shown itSo long as additives are kept at a minimum, you will discover a lot of food items that diabetics can consume without ill effects; plain yogurt, whole grain waffles or biscuits, and lean turkey bacon are some examples

Sinusitis symptoms usually consist of purulent nasal discharge, nasal obstruction, facial pain and/or low grade feversEvery just one of these seats came with a father or motherAt the first sign of an age spot, or any pigment yellowing many people rush off and buy an above the counter skin lightener You can take what we have revealed and use it to great effect in your own situation

[url="http://www.nfljerseyschinapros.com"]www.nfljerseyschinapros.com[/url] Persons who will be pregnant or breastfeeding must also not use this merchandise Constantly using control pills, steroids and antibiotics can generate the death of the beneficial bacteria and the fungus will grow rapidly Walking:Walking is the best HCG exercise for people who plan to slim down These home teeth whiten products are just as effective as going to the dentist and can whiten your teeth by up to 11 shades

Therefore, before playing the sports that you have all the time love, it is best to do some heat-up exercises first Wonderful dental health boosts our own opportunity to talk, laugh, fragrance, quality, contact, chew on, swallow, and additionally show

[Pan Kot 1535]

Na pewno tu masz źródło:

X-Mailer: PHPMailer (phpmailer.sourceforge.net) [version 2.0.4]

 

Możemy więc zakładać, że winą jest jakiś skrypt PHP.

 

Nie napisałeś czy jest to hosting wirtualny czy jakiś VPS więc zakładam to pierwsze. W tym wypadku zacząłbym od solidnej aktualizacji CMS'a (o ile jakikolwiek masz), na pewno pomoże też analiza logów, do których powinieneś mieć dostęp.Tam możemy znaleźć jaki skrypt php jest odpowiedzialny za "dziurę" i dalej myśleć. Zainteresuj się logami, postaraj się znaleźć jakieś "okazy" i wklej je na forum, założę się, że któryś skrypt jest dziurawy.

[fizyka 0]

Z mojej wstępnej analizy wynika jednak, że wszystkie skrypty są jednak aktualne...

Hosting typu "shared" w firmie joi.pl

 

Może wywalić tymczasowo wszystkie formularze ze strony i sprawdzić czy to coś da?

Edytowano Grudzień 18, 2012 przez fizyka (zobacz historię edycji)

[Pan Kot 1535]

Łatwiej będzie sprawdzić logi bądź zlecić to odpowiednim osobom.

[B0FH 3]

ktoś Ci wrzucił PHP shella i rozsyła spam, poszukaj:

grep -i phpmailer /var/www

czy gdzie tam masz stronę w katalogu...