Séverin Richard
2008-04-01 14:51:27 UTC
Hi,
My qmail box has been hacked:
here is a message recived in mymachine/maildir/new:
(i replace the hacked domaine with example.com, and my machine name with
12345.ovh.net ))
What can i do???????
__________________
Return-Path: <#@[]>
Delivered-To: ***@ns12345.ovh.net
Received: (qmail 1320 invoked for bounce); 1 Apr 2008 14:49:34 -0000
Date: 1 Apr 2008 14:49:34 -0000
From: MAILER-***@ns12345.ovh.net
To: ***@ns12345.ovh.net
Subject: failure notice
Hi. This is the qmail-send program at ns12345.ovh.net.
I tried to deliver a bounce message to this address, but the bounce bounced!
<***@scamvictimsunited.com>:
208.56.184.176 does not like recipient.
Remote host said: 550 5.1.1 <***@scamvictimsunited.com>...
User unknown.accessgen.rbl
Giving up on 208.56.184.176.
--- Below this line is the original bounce.
Return-Path: <>
Received: (qmail 24389 invoked for bounce); 1 Apr 2008 14:49:33 -0000
Date: 1 Apr 2008 14:49:33 -0000
From: MAILER-***@ns12345.ovh.net
To: ***@scamvictimsunited.com
Subject: failure notice
Hi. This is the qmail-send program at ns12345.ovh.net.
I'm afraid I wasn't able to deliver your message to the following addresses.
This is a permanent error; I've given up. Sorry it didn't work out.
<***@example.com.com>:
Sorry, no mailbox here by that name. vpopmail (#5.1.1)
--- Below this line is a copy of the message.
Return-Path: <***@scamvictimsunited.com>
Received: (qmail 8048 invoked by uid 503); 1 Apr 2008 14:49:33 -0000
Received: from unknown (HELO utentec8eb0d7c.homenet.telecomitalia.it)
(87.21.107.156)
by ns12345.ovh.net with SMTP; 1 Apr 2008 14:49:33 -0000
Received: from
14598296591473434.13791265889132947.18121439213740689.11265040305086994
(HELO localhost.localdomain)
(18210874851628879.17652827686384629.18496046318558586.19680412842270039)
by
18581045974696701.15311597126044208.18713306499362675.15748104325906137
with SMTP; Tue, 1 Apr 2008 16:41:09 -0100
Date: Tue, 1 Apr 2008 16:41:09 -0100
Message-Id: <***@scamvictimsunited.com>
X-Mailer: MIME::Lite 3.01 (F2.72; A1.62; B3.01; Q3.01)
X-Header-CompanyDBUserName: hpccm
X-Header-MasterId: 516062
X-Header-Versions: Hewlett-***@us.newsgram.hp.com
X-FID: 55E79DBC-8973-29AF-B9E3-32CDEA52DCB3
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit
To: <***@example.com>
From: "Della Goode" <***@scamvictimsunited.com>
Subject: Wallstreet Insider
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.2900.2963" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV align=left><FONT face=Arial size=2><U><I>We told you to watch DnC
Multimedia Corporation Today</I></U></FONT></DIV><BR>
<DIV align=left><FONT face=Arial size=2>Huge Volume Spike and Over 20%
gains on a ground breaking PR from the company reassured our beliefs in
the company</FONT></DIV>
<DIV align=left><FONT face=Arial size=2><B>Symbol:DCNM</B></FONT></DIV><BR>
<DIV align=left><FONT face=Arial size=2><U>Just released today
</U></FONT></DIV>
<DIV align=left><FONT face=Arial size=2>DnC Multimedia Announces
Distribution Agreement and $445,000 Purchase Order, read more about
it.</FONT></DIV><BR>
<DIV align=left><FONT face=Arial size=2>Grab this gem while its in cents
it wont last there long.</FONT></DIV><BR>
<DIV align=left><FONT face=Arial size=2><B><U>Ride the gains with DCNM
DnC Multimedia Corporation Today</U></B></FONT></DIV>
</BODY></HTML>
My qmail box has been hacked:
here is a message recived in mymachine/maildir/new:
(i replace the hacked domaine with example.com, and my machine name with
12345.ovh.net ))
What can i do???????
__________________
Return-Path: <#@[]>
Delivered-To: ***@ns12345.ovh.net
Received: (qmail 1320 invoked for bounce); 1 Apr 2008 14:49:34 -0000
Date: 1 Apr 2008 14:49:34 -0000
From: MAILER-***@ns12345.ovh.net
To: ***@ns12345.ovh.net
Subject: failure notice
Hi. This is the qmail-send program at ns12345.ovh.net.
I tried to deliver a bounce message to this address, but the bounce bounced!
<***@scamvictimsunited.com>:
208.56.184.176 does not like recipient.
Remote host said: 550 5.1.1 <***@scamvictimsunited.com>...
User unknown.accessgen.rbl
Giving up on 208.56.184.176.
--- Below this line is the original bounce.
Return-Path: <>
Received: (qmail 24389 invoked for bounce); 1 Apr 2008 14:49:33 -0000
Date: 1 Apr 2008 14:49:33 -0000
From: MAILER-***@ns12345.ovh.net
To: ***@scamvictimsunited.com
Subject: failure notice
Hi. This is the qmail-send program at ns12345.ovh.net.
I'm afraid I wasn't able to deliver your message to the following addresses.
This is a permanent error; I've given up. Sorry it didn't work out.
<***@example.com.com>:
Sorry, no mailbox here by that name. vpopmail (#5.1.1)
--- Below this line is a copy of the message.
Return-Path: <***@scamvictimsunited.com>
Received: (qmail 8048 invoked by uid 503); 1 Apr 2008 14:49:33 -0000
Received: from unknown (HELO utentec8eb0d7c.homenet.telecomitalia.it)
(87.21.107.156)
by ns12345.ovh.net with SMTP; 1 Apr 2008 14:49:33 -0000
Received: from
14598296591473434.13791265889132947.18121439213740689.11265040305086994
(HELO localhost.localdomain)
(18210874851628879.17652827686384629.18496046318558586.19680412842270039)
by
18581045974696701.15311597126044208.18713306499362675.15748104325906137
with SMTP; Tue, 1 Apr 2008 16:41:09 -0100
Date: Tue, 1 Apr 2008 16:41:09 -0100
Message-Id: <***@scamvictimsunited.com>
X-Mailer: MIME::Lite 3.01 (F2.72; A1.62; B3.01; Q3.01)
X-Header-CompanyDBUserName: hpccm
X-Header-MasterId: 516062
X-Header-Versions: Hewlett-***@us.newsgram.hp.com
X-FID: 55E79DBC-8973-29AF-B9E3-32CDEA52DCB3
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit
To: <***@example.com>
From: "Della Goode" <***@scamvictimsunited.com>
Subject: Wallstreet Insider
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.2900.2963" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV align=left><FONT face=Arial size=2><U><I>We told you to watch DnC
Multimedia Corporation Today</I></U></FONT></DIV><BR>
<DIV align=left><FONT face=Arial size=2>Huge Volume Spike and Over 20%
gains on a ground breaking PR from the company reassured our beliefs in
the company</FONT></DIV>
<DIV align=left><FONT face=Arial size=2><B>Symbol:DCNM</B></FONT></DIV><BR>
<DIV align=left><FONT face=Arial size=2><U>Just released today
</U></FONT></DIV>
<DIV align=left><FONT face=Arial size=2>DnC Multimedia Announces
Distribution Agreement and $445,000 Purchase Order, read more about
it.</FONT></DIV><BR>
<DIV align=left><FONT face=Arial size=2>Grab this gem while its in cents
it wont last there long.</FONT></DIV><BR>
<DIV align=left><FONT face=Arial size=2><B><U>Ride the gains with DCNM
DnC Multimedia Corporation Today</U></B></FONT></DIV>
</BODY></HTML>