• You MUST read the Babiato Rules before making your first post otherwise you may get permanent warning points or a permanent Ban.

    Our resources on Babiato Forum are CLEAN and SAFE. So you can use them for development and testing purposes. If your are on Windows and have an antivirus that alerts you about a possible infection: Know it's a false positive because all scripts are double checked by our experts. We advise you to add Babiato to trusted sites/sources or disable your antivirus momentarily while downloading a resource. "Enjoy your presence on Babiato"

Email Spamming

ikonix

New member
Jul 27, 2020
21
6
3
Africa
Hello Community.

How are hackers able to create a webmail account with one or two of my domains and send spam via them.
 
There are two methods of sending email, both of which spammers use:
1. Sending Email Through Your Email Account

Just like you do, if a spammer gains access to the username/password of your email account, they can log in and use your email server to send emails.

2. Sending Email From Their Own Web Server

This is how most spam is sent. Any server can send emails and the code can make the reply address say anything. A few lines of code could send an email from [email protected].

Most SPAM is sent using #2 above. So a quick line of code and they can send an email that looks like it was sent from your domain but had nothing to do with your domain.

Every email contains a header, which your email program hides from view. This header contains all sorts of information about where this email came from and how it was sent. It is often very easy to confirm that the reply address with your domain did not actually originate from your server.
 
  • Like
Reactions: ikonix
Not necessarily, @bluvia. If your site doesn't have a proper captcha system, they can use the comment forms or the password recovery forms to inject malicious code into your php and simply use sendmail to bombard with over a thousand emails per minute. If you suspect something like that is happening, the best bet is to disable postfix and repair the website. If the website is not repairable or it would take a lot of time, restore a previous backup.
It's recommended to use Google ReCaptcha in most php enabled websites to ensure that malicious scripts do not gain access to the php command line.
 
You could install WordFence in case you're using wordpress. It scans all your website for modified files and attempts to automatically fix them.
 

Forum statistics

Threads
78,857
Messages
1,127,716
Members
246,553
Latest member
boogaloochun
AdBlock Detected

We get it, advertisements are annoying!

However in order to keep our huge array of resources free of charge we need to generate income from ads so to use the site you will need to turn off your adblocker.

If you'd like to have an ad free experience you can become a Babiato Lover by donating as little as $5 per month. Click on the Donate menu tab for more info.

I've Disabled AdBlock