WordPress.org

Ready to get started?Download WordPress

Forums

URGENT HELP NEEDED! Spammers are sending spams through my domain! (1 post)

  1. NeedHelpSoon
    Member
    Posted 3 years ago #

    Dear experts,

    I have a domain name, on which I installed a WordPress blog (3.0.1). I don't have a personal server, and the site is hosted on a 3rd party hosting company.

    Lately I've received numerous spam complaints from the hosting company, and they have even suspended my account a few times. Apparently, they received spam complaints from people, who got spam emails from my domain. But I DID NOT do this (I'm against any kind of spamming).

    In one of the first spam complaints that I got from the hosting company, the tech support person mentioned that I should upgrade all WordPress blogs in my hosting account, which I did (all are version 3.0.1 now). I thought that solved the problem.

    But last night I got yet another spam complaint, and now I am really clueless. I don't have enough background in computer networking, so I don't exactly know what's going on.

    Initially, I thought that the spammers must be spoofing my domain name, so that the recipients/victims mistakenly think that I am the sender. In the spam complaint, I can see the sender's email address as being some random string @ mydomain dot com (for example: h8043hyj0ne0hgn303@mydomain.com).

    However, in the spam complaint, I also see a path to the index.php file in my WordPress blog directory (X-PHP-Script: http://www.MY_DOMAIN_NAME.com/blog/index.php). So that makes me think that it has something to do with WordPress as well.

    According to my research, an effective solution to combat domain spoofing is called SPF (Sender Policy Framework). But I don't know how to implement this. Furthermore, I believe SPF has nothing to do with WordPress, so I don't know what to do either.

    Last but not least, here is the spam complaint for you to dissect. I would really appreciate the assistance!
    Note: for privacy reasons, I have replaced personal information with generic strings, such as MY_DOMAIN_NAME, MY_HOSTING_USERNAME, and many more:

    Received: from 127.0.0.1 (EHLO salem.nswebhost.com) (174.132.226.4)
    by mta124.mail.ac4.yahoo.com with SMTP; Wed, 13 Oct 2010 17:38:54 -0700
    Received: from MY_HOSTING_USERNAME by salem.nswebhost.com with local (Exim 4.69)
    (envelope-from <MY_HOSTING_USERNAME@salem.nswebhost.com>)
    id 1P6BqE-00045J-QF
    for VICTIM_EMAIL_ID@yahoo.com; Wed, 13 Oct 2010 19:38:50 -0500
    To: VICTIM_EMAIL_ID@yahoo.com
    Subject: New Reorder Website
    X-PHP-Script: http://www.MY_DOMAIN_NAME.com/blog/index.php for 95.168.210.229
    From: Support <dfcb2b2040746809a2031325ce0c6a5b@MY_DOMAIN_NAME.com>
    Message-Id: <1307461215.464@MY_DOMAIN_NAME.com>
    MIME-Version: 1.0
    Content-Type: text/html
    Content-Transfer-Encoding: 8bit
    Date: Wed, 13 Oct 2010 19:38:42 -0500
    X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
    X-AntiAbuse: Primary Hostname - salem.nswebhost.com
    X-AntiAbuse: Original Domain - yahoo.com
    X-AntiAbuse: Originator/Caller UID/GID - [32259 32262] / [47 12]
    X-AntiAbuse: Sender Address Domain - salem.nswebhost.com
    Content-Length: 301
    MIME element (text/html)
    VICTIM_NAME
    SOME_HOME_ADDRESS

    Dear VICTIM_NAME,

    Please remember to place all of your reorders at New Website

    Thank you,

    Customer Service

Topic Closed

This topic has been closed to new replies.

About this Topic