Hacked?

Caroline Centa

New member
It appears someone has been sending spam from my email account that I've set up with my website. I have changed all the passwords, is there anything else I need to do?

I have the IP address (from the bahamas) that the emails have all been sent from, is there somewhere I can report it?


Looks like the IP is masked as it changes (seems to have emails sent in bunches). :/ Guess that means there's no point reporting it.

I've received over 5000 undelivered notifications and they are still coming. Does this mean they're still being sent or does it take time for them to process?
 

admin

Administrator
Staff member
Is the actual email account's that are sending out spam or is it the CMS platform your website is using. Make sure your website software is up to date and any plugins you may use.

I'll also take a look for you.
 

Genesis

Administrator
Staff member
Moved to Hosting Account Support Forum from Forum support.

@Caroline. Just noticed you're almost at 5000 e-mails in that e-mail account. Instead of trying to delete all of those e-mails and also to make sure no one accesses the account again suggest that we delete that account for you. Script kiddies and hackers seem to like to target Admin accounts. So perhaps you can consider starting a new mail account with a more unique name and also a very unique password. Then edit your mail forwarders so that they all go to that unique account or a bunch of unique accounts so the main account name is not visible on your Website.

Let me know how you would like to proceed.

Chris's advice is good advice. Are your WP theme and plug-ins up to date? Is your Admin account "Admin"? Those are all of the areas where hackers can get in. We also had some issues a few months ago with specifically e-mail relayers, but with a previous version of Joomla. You're not using Joomla though are you?

If your main account on WP is Admin, I'd also think of changing that too to something more unique. Again script kiddies are notorious for hacking into Websites via the Admin gate. Here is more information about how they do it as well as an excellent step by step guide how to change your Admin Account to something more unique, how to update your software as well as beef up the security of your WP site with two really good plug-ins:

[video=youtube]

The two WP security plug-ins that come recommended by the video are:

Limit Login attempts - WP plugin
Wordfence - WP plugin
 

Caroline Centa

New member
I don't have a wordpress account. I have an opencart account. I am in the process of changing them. Changing the email will be a pain though as it's on all my business cards. :/


My email account is not visible on my website, but I do give it out in places like Facebook

I have my gigarank/cPanel account, which has a random username and password.
In there I have the standard email that I rarely check (and is full of the error messages/undelivered messages) from my website. I check it every now and then and clear it out.

I also have the email I created, which is the admin@mywebsite.net The password was different to my cPanel account. This is the one that I believe to be hacked. It is the main email I use for my business and thus have it on my business cards. I have changed the password on it and since then it appears to have stopped the spamming.

Then I have my Opencart platform. I did log into there with the admin username, but a different password to the other two. I have since removed all administration users (I had a demonstration user, staff user and admin user - I logged in as admin, which had the highest access) and changed it to two users with different passwords, neither with the 'admin' username.

I have disconnected the connection between my admin email and my hotmail account, in case the hack was via that way. (I had the admin connected as an alias on hotmail).

None of my accounts share a password. I have always used a generator to create my passwords too.

The wordpress hosted on my website is no longer active (since Sep 2013) and is only still in my file manager for history records and to redirect people to my other blog, which is hosted by the providers of the platform.

I did just remember that I do have Moodle on there, so will go and change passwords there too.


Is there any concern regarding the passwords of my clients who are registered with my OpenCart and Moodle platforms?

Thanks in advance for your help.
 

Genesis

Administrator
Staff member
OK understood. Don't know how I thought you were using WP.

Plan B to get rid of the 4000 e-mails in your admin e-mail account could be for us to either delete the e-mail account, or empty it and you could then recreate it from scratch. Unless you're planning to delete the spam e-mails yourself.
 

Caroline Centa

New member
all the emails have already been deleted. I deleted them as they came in. The emails are all cleaned out and no new ones have come in for about 9 hours now.
 

Genesis

Administrator
Staff member
OK got it. So as a rule you receive a large number of e-mails.

Do you need any further input from us? Can we mark this as solved?
 

Caroline Centa

New member
Yeah, I have another issue with email, but I think it's unrelated. I'll mark this as solved and if I can't sort the email out, I'll post a new thread. Thanks for the help