email compromised?

Hey G33ks,
I dont know if it’s true, but today I received a message from my webhost containing the following message:

The **** account has just finished sending 1500 emails.
There could be a spammer, the account could be compromised, or just sending more emails than usual.

After some processing of the /etc/virtual/usage/****.bytes file, it was found that the highest sender was [email protected], at 3131 emails.

The top authenticated user was [email protected], at 3131 emails.
This accounts for 208% of the emails.  The higher the value, the more likely this is the source of the emails.
An authenticated username is the user and password value used at smtp time to authenticate with exim for delivery.

The top sending host was ***.***.***.***, at 3131 emails (208%).

The most common path that the messages were sent from is /, at 3131 emails (208%).
The path value may only be of use if it's pointing to that of a User's home directory.
If the path is a system path, it likely means the email was sent through smtp rather than using a script.

This warning was generated because the 1500 email threshold was hit.

Automated Message Generated by DirectAdmin

Tho I don’t really know if my mail has been compromised, be careful with the mails you click.
Either the messages I send you are ones send with the FinlayDaG33k tag, and generated because you did an action, or the newsletter.

Be very careful!

On my end, I will change my mailpassword. tho the password is already really friggin strong, I change it just to be safe.

G33k Out

Leave a reply