I'm assuming that they are not from surpass administrators, but if they are not, I have a major security hole in my website, as the headers show the email originating from a surpass server. I receieved the following:
Subject: Account Alert
Body: We attached some important information regarding your account.
Headers:
Quote:
Return-path: <mikeamo sh56.surpasshosting.com>
Envelope-to: mikemikeamos.net
Delivery-date: Tue, 07 Jun 2005 08:56:27 -0400
Received: from mikeamo by sh56.surpasshosting.com with local-bsmtp (Exim 4.43)
id 1Dfdd3-0008MX-Pv
for mikemikeamos.net; Tue, 07 Jun 2005 08:56:27 -0400
Received: from pool-141-157-8-207.balt.east.verizon.net ([141.157.8.207] helo=mikeamos.net)
by sh56.surpasshosting.com with esmtp (Exim 4.43)
id 1Dfdd1-0008MN-Kr
for mikemikeamos.net; Tue, 07 Jun 2005 08:56:25 -0400
From: servicemikeamos.net
To: mikemikeamos.net
Subject: Account Alert
Date: Mon, 6 Jun 2005 20:57:04 -0700
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_0011_F48262C6.0C2BD853"
X-Priority: 3
X-MSMail-Priority: Normal
X-Spam-Checker-Version: SpamAssassin 3.0.3 (2005-04-27) on
sh56.surpasshosting.com
X-Spam-Level:
X-Spam-Status: No, score=0.5 required=5.0 tests=ALL_TRUSTED,
DATE_IN_PAST_06_12,MISSING_MIMEOLE,NO_REAL_NAME,PR IORITY_NO_NAME,
RCVD_IN_NJABL_DUL,RCVD_IN_SORBS_DUL autolearn=no version=3.0.3
Message-Id: <E1Dfdd3-0008MX-Pvsh56.surpasshosting.com>
Status: R
|
Contained an attachment called: account-details.zip containing a batch file.
Subject: *WARNING* Your e-mail account will be closed.
Body: We regret to inform you that your account has been suspended due to the violation of our site policy, more info is attached.
Headers:
Quote:
Return-path: <mikeamosh56.surpasshosting.com>
Envelope-to: mikemikeamos.net
Delivery-date: Tue, 07 Jun 2005 09:15:46 -0400
Received: from mikeamo by sh56.surpasshosting.com with local-bsmtp (Exim 4.43)
id 1Dfdvl-0000To-UK
for mikemikeamos.net; Tue, 07 Jun 2005 09:15:46 -0400
Received: from pool-141-157-8-207.balt.east.verizon.net ([141.157.8.207] helo=mikeamos.net)
by sh56.surpasshosting.com with esmtp (Exim 4.43)
id 1Dfdvi-0000Tk-Qu
for mikemikeamos.net; Tue, 07 Jun 2005 09:15:45 -0400
From: adminmikeamos.net
To: mikemikeamos.net
Subject: *WARNING* Your Email Account Will Be Closed
Date: Mon, 6 Jun 2005 21:16:23 -0700
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_0011_46A2068E.B21DA3F6"
X-Priority: 3
X-MSMail-Priority: Normal
X-Spam-Checker-Version: SpamAssassin 3.0.3 (2005-04-27) on
sh56.surpasshosting.com
X-Spam-Level:
X-Spam-Status: No, score=0.5 required=5.0 tests=ALL_TRUSTED,
DATE_IN_PAST_06_12,MISSING_MIMEOLE,NO_REAL_NAME,PR IORITY_NO_NAME,
RCVD_IN_NJABL_DUL,RCVD_IN_SORBS_DUL autolearn=no version=3.0.3
Message-Id: <E1Dfdvl-0000To-UKsh56.surpasshosting.com>
Status: R
|
Contained an attachment "info-text.zip" containing a batch file..
I got two more sent with the same style.. When I first saw that a virus was attached, I expected to see something else in the headers, but it appears as if I sent it to myself, or someone got into my account and sent it to me. I understand that this probably wasn't the administration who sent this to me, but I am seeking better ways of protecting my site from and intruders, or any explanation as to how this may have occured!
Thanks!