Brett
Premium Member
Registered: 16th Dec 02
Location: Manchester
User status: Offline
|
Ok, I've got my own domain with mail server. I've got the family setup with their own accounts, etc.
Recently, my folks have been having mega issues, receiving thousands of undelivered mail errors a day to their accounts. This hasn't happened to my account on the same server, which made me think it was something limited to theirs.
Initially I thought they'd entered their addresses on a site they shouldn't which has resulted in loads of spam, but after looking at the mails they're getting (the bounce backs) it most definitely looks like the mails are originating from their accounts.
As a little test, I changed the passwords to their accounts, cleared their inboxes, and left the accounts as is to see if something was using their accounts to send mail. So far, there's not been a single bounce back, which makes me think that their shared machine at home must have some kind of virus that's bulk mailing random addresses?
Could this be the case? Is this a common thing? Obviously my server has been getting the blame from them and they've said they're gonna move servers, but obviously there'd be no point if infact it's their machine itself that's using the registered accounts on the machine to email randoms.
Thing is, I've got full malwarebytes and Avast installed on this machine, which hasn't ever brought up any problems.
Any advice appreciated 
|
Whittie
Member
Registered: 11th Aug 06
Location: North Wales Drives: BMW, Corsa & Fiat
User status: Offline
|
I'm sure somebody was asking the same thing on here a while back. Will have a little search now.
Still with BWF? Drop Stephen an email, he replies within the hour.
|
Brett
Premium Member
Registered: 16th Dec 02
Location: Manchester
User status: Offline
|
Yeah I know they're good for responding at BWF generally. I just don't think they could do anything apart from tell me what I already know 
|
Sam
Moderator
Premium Member
Registered: 24th Dec 99
Location: West Midlands
User status: Offline
|
Well it definitely sounds like their accounts have been compromised, given that you've had no problems personally indicates they've got some kind of malware on their PCs, yes.
I wouldn't rely on free anti virus solutions though, in my experience they aren't and never will be as good as the stuff you have to pay for.
|
willay
Moderator
Organiser: South East, National Events
Premium Member
Registered: 10th Nov 02
Location: Roydon, Essex
User status: Offline
|
webmail or is it SMTP/POP3 using Outlook/some other client?
|
Brett
Premium Member
Registered: 16th Dec 02
Location: Manchester
User status: Offline
|
Outlook.
They're "free" versions as such, Sam, except they're the fully registered and paid for option.
|
Sam
Moderator
Premium Member
Registered: 24th Dec 99
Location: West Midlands
User status: Offline
|
I'm assuming you downloaded the actual product from their website and got the key from the special shop?
Just wondering whether the AV software itself has a virus if it was downloaded from the special shop... 
|
Brett
Premium Member
Registered: 16th Dec 02
Location: Manchester
User status: Offline
|
 Wow, you know me too well. Could be lol
|
Sam
Moderator
Premium Member
Registered: 24th Dec 99
Location: West Midlands
User status: Offline
|
FPMSL
|
willay
Moderator
Organiser: South East, National Events
Premium Member
Registered: 10th Nov 02
Location: Roydon, Essex
User status: Offline
|
Yeah probably mined the details out of the outlook configuration files and used it to send out loads of spam. With Windows machines I always think a good old fashioned format/reinstall is the best course of action, you never know how deep these viruses/worms/rootkits get into the system and only by doing a full on boner format then you can never be 100% sure!
|
willay
Moderator
Organiser: South East, National Events
Premium Member
Registered: 10th Nov 02
Location: Roydon, Essex
User status: Offline
|
To avoid this in the future, good AV on the machines and possibly move them over to Webmail if you have the facility ?
And depending how much access you have over this service/mail server you might be able to limit amount of connections for outgoing emails or something?
And make sure your domain/ip hasnt been blacklisted on SORBS or whatever or you may find it hard to communication with certain other big hosts in future.
|
Brett
Premium Member
Registered: 16th Dec 02
Location: Manchester
User status: Offline
|
Yeah, I agree Willay, but it's like a fuckin monthly thing with my folks machine, so fuckin annoying 
It's my dad, he uses dodgy sites to get movies and stuff and he doesn't realise things. Like when it's clearly an advert with a big DOWNLOAD NOW button, he'll click on it, rather than reading and clicking on the ACTUAL download link (if you know what i mean)
|
Brett
Premium Member
Registered: 16th Dec 02
Location: Manchester
User status: Offline
|
quote:
Originally posted by willay
To avoid this in the future, good AV on the machines and possibly move them over to Webmail if you have the facility ?
And depending how much access you have over this service/mail server you might be able to limit amount of connections for outgoing emails or something?
And make sure your domain/ip hasnt been blacklisted on SORBS or whatever or you may find it hard to communication with certain other big hosts in future.
I thought I had the AV covered this time round tbh lol
I can do webmail, although it's not ideal for mum/dad really. I've been down that road with them before.
I can pretty much set anything I want on the server, can setup keys, restrict to machines/IPs, the works, although I think in this particular case that wouldn't do any good anyway. I could've easily just made it so error messages are disposed of, but obviously that wouldn't actually fix the culprit.
It probably already is blacklisted too, happens all the time. Always thought it was someone else doing it because it's a shared server, but it's likely my folks who cause it Usually gets removed again before long.
|
Sam
Moderator
Premium Member
Registered: 24th Dec 99
Location: West Midlands
User status: Offline
|
Norton seems pretty good IMO, and it ain't slow/bloated like previous versions either. I'll see what this BitDefender stuff is like that I mentioned in my other thread.
|
Brett
Premium Member
Registered: 16th Dec 02
Location: Manchester
User status: Offline
|
Well, did a scan this weekend, didn't find a thing. I don't know what to do? Not sure I can be assed formatting in case it isn't that 
|
Jamie Walby
Member
Registered: 15th Nov 04
User status: Offline
|
I was getting thousands of emails like this at work and changed the password and it solved it.
|
Robbo
Member
Registered: 6th Aug 02
Location: London
User status: Offline
|
quote:
Originally posted by Brett
Yeah, I agree Willay, but it's like a fuckin monthly thing with my folks machine, so fuckin annoying
It's my dad, he uses dodgy sites to get movies and stuff and he doesn't realise things. Like when it's clearly an advert with a big DOWNLOAD NOW button, he'll click on it, rather than reading and clicking on the ACTUAL download link (if you know what i mean)
my dad keeps going on dodgy porn sites and gettign viruses despite the fact ive told him to only ever use like redtube and pornhub etc parents
|
