Got a call saying that one of my domains is being used to spam

[nachoninja]

How do I find out which one it is and what do I look for?

Of course they did not say which one or answer when I call back

:help:

 

[bobby]

I assume its your ISP contacting you?.... Ifso I'd say.


Hey <insert rep name>, I checked all my sites and couldn't find any that had an above normal amount in the outgoing mail / queue / recent sends. If you could provide a snipped of the reported spam (such as the header) that would be most helpful in eliminating this bug. Thanks...


:xomunch:

 

[illusion]

Who called you?

 

[nachoninja]

I have no idea who called, said it was spamming craigslist.

 

[ConceptualMind]

You should've asked who was calling.

I would contact your hosting provider to make sure nothing is going on.

 

[nachoninja]

You should've asked who was calling.

I would contact your hosting provider to make sure nothing is going on.

They left a message, I am contacting my host now

ai yi yi

 

[Atomm]

Nacho, do you have a VPS or Dedicated server? If you do, is it Linux by chance?

 

[nachoninja]

Nacho, do you have a VPS or Dedicated server? If you do, is it Linux by chance?

It's all shared hosting, I am checking all my sites with contact forms looking for anything suspicious.

 

[aeiouy]

It could be anything. Did they leave a way to contact them?

I would actually get specific information before you waste too much time trying to find out the problem. For all you know it is someone else on your shared host doing it.

 

[Deliguy]

Of course they did not say which one

Someones lieing to ya buddy! There isn't a good reason on this planet an isp following up on a spam complaint wouldn't specify a domain name.

 

[lazar]

It for sure isn't and ISP or even your Host. It's probably someone fucking with you.

 

[waz67]

Tell them to forward you one of the spam messages. Chances are it has a from address of something stupid like some-random-name@yourdomain. I get these all the time. Spammers scrape domain databases and just pick names and domains to use in the from address, so that their spam looks like it's coming from a legit site. If you can get the full headers of one of the spams, you'll probably see that the sending server's IP is not yours, but somewhere in romania or china, or someone's dsl account that's been compromised. The thing that screws us webmasters over is that anyone can put anything they want as the "from" address on an email. Sysadmins should know to look for the sending server in the headers, but Joe Average might just look at the from address and assume it's your server that's sending the spam. The kicker is that there's almost nothing that can be done about it.

 

[nachoninja]

I am sure its this ^^^

I looked at my stuff and said fuck it - if it gets worse I am sure I'll hear about it.

Thanks for the info

 

[Atomm]

Can you check your bandwidth usage? If I think something's going on, I look for unusual bandwidth spikes, then investigate further.

 

[nachoninja]

Can you check your bandwidth usage? If I think something's going on, I look for unusual bandwidth spikes, then investigate further.

I checked everything, nothing looked funky - so I said fuck it