0

Hi I have shared hosting on a UK2 server that got suspended again. They claim that my account is sending SPAM messages but the problem is that I can't trace those from the information they've given me (bellow). I've tried my best to find the malicious software but no luck there obviously I couldn't because that's 4th time my account gets suspended. Also the support doesn't help a lot by giving me ID of the process that sends the SPAM because all access I have is the cPanel, no logs I even don't have SSH access. Can someone help here, give some clues or something that I can use from the information bellow?

ffuomarina@tcon.kiev.ua
SMTP error from remote mail server after RCPT TO::
host mail.plasticcard.com.ua [62.80.164.42]: 550 Restricted name in address

------ This is a copy of the message, including all the headers. ------
------ The body of the message is 142607 characters long; only the first
------ 106496 or so are included here.

Return-path: 
Received: from adsplane by cpanel16.uk2.net with local (Exim 4.80)
(envelope-from )
id 1U3M4P-001aZY-JD
for ffuomarina@tcon.kiev.ua; Thu, 07 Feb 2013 07:38:57 +0000
To: ffuomarina@tcon.kiev.ua
Subject: =?UTF-8?B?0JLRgdC1INCyINCg0YPRgdGB0LrRg9GOINCx0LDQvdGO?=
Message-ID: 
Date: Thu, 07 Feb 2013 08:01:03 +0200
From: =?UTF-8?B?0KDRg9GB0YzQutCwINCR0LDQvdGP?= 
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="_=MailEx_13602168635113431fbb715_=_"
Precedence: bulk
infinity
  • 183
  • 9
  • It could be multiple things, they could be exploiting a web form with poor validation, they could be relaying through the mail server on your system if it is an open relay, or it could be a piece of malicious software installed on your system (usually through poor security in web applications). The headers say very little, it's nowhere near enough.. – NickW Feb 07 '13 at 09:45
  • Regarding the web applications I am running two WordPress blogs and a Joomla website all having latest updates with no fancy extension so things on that side are pretty standard – infinity Feb 07 '13 at 09:47
  • It could be those (as easily as it could be something else), but unless you're able to link a PID to a program, most of what I'm saying is going to be pure guessing.. BTW, doesn't CPanel provide some log access? – NickW Feb 07 '13 at 09:52
  • @TomO'Connor how is my question duplicate since I am on shared hosting and have no control over the server. I am just looking for possible solutions or questions that I can ask my Support so THEY can do something about my server and account – infinity Feb 07 '13 at 09:59
  • 1
    Unfortunately, infinity, if you're not the server admin, this question may be off-topic for SF. – MadHatter Feb 07 '13 at 11:10
  • @MadHatter yeah I was afraid that'd be the answer I'll try to solved it through the Support. Thanks! – infinity Feb 07 '13 at 12:11

0 Answers0