Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Getting hit with .zip file emails with viruses.

Discussion in 'E-mail Discussion' started by TogaDave, Nov 23, 2005.

  1. TogaDave

    TogaDave Well-Known Member

    Joined:
    Apr 13, 2003
    Messages:
    135
    Likes Received:
    0
    Trophy Points:
    166
    During the past 48 hours many of the accounts on my server, including myself and several customers, have started receiving a bunch of bogus emails, all of them having a .zip file attached which of course contains an executable.

    The addresses it's from are spoofed - some of them appear to be coming from ourselves, some of them are coming from fake addresses like these:

    admin@cia.gov
    postman@ms-mss-04.nyroc.rr.com
    postman@sba.gov
    admin@fbi.gov
    info@yahoo.com

    The attached files are usually named one of the following:

    reg_pass.zip
    mail_body.zip
    list.zip
    downloadm.zip
    mail.zip
    question_list975.zip

    The thing is there seems to be no correlation/connection between any of us who are receiving the emails, it just seems like someone has managed to be able to target any email address for any account hosted on my server.

    Has anyone else been hit with this? Does anyone know of a good solution?

    I have temporarily blocked .zip files from exim, but obviously that is not a good solution because my customers need to be able to email zips.

    I'm incredibly frustrated at this point and not sure what to do, thanks for any advice,
    Dave
     
    #1 TogaDave, Nov 23, 2005
  2. nyjimbo

    nyjimbo Well-Known Member

    Joined:
    Jan 25, 2003
    Messages:
    1,131
    Likes Received:
    1
    Trophy Points:
    168
    Location:
    New York
    This week has been really rough. We are getting hit from all sides. Lots of returns are coming from someone spamming senators and congressmen with the similiar zip files. I think this is a co-ordinated effort and may be intended to be done during this quiet holiday week where there are less people around to report spam or fix problems.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #2 nyjimbo, Nov 23, 2005
  3. Brandonm

    Brandonm Active Member

    Joined:
    Aug 31, 2003
    Messages:
    42
    Likes Received:
    0
    Trophy Points:
    156
    Our machines are also being hit with this same type of emails. Some clients reporting upward of 3000 emails per day.
     
    #3 Brandonm, Nov 24, 2005
  4. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,460
    Likes Received:
    21
    Trophy Points:
    463
    Location:
    Go on, have a guess
    I would suggest that you seriously look into a server-side anti-virus/anti-spam solution (other than the inbuilt cPanel offering). There's a good one from rvskin and MailScanner will stop these dead. I haven't had a single virus get through it.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #4 chirpy, Nov 24, 2005
  5. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,309
    Likes Received:
    393
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Me either. And I have seen them show up in mailwatch. MS swats them down like flies.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #5 Infopro, Nov 25, 2005
  6. fikse

    fikse Well-Known Member

    Joined:
    May 10, 2003
    Messages:
    112
    Likes Received:
    0
    Trophy Points:
    166
    you can also use the clamav connector... although the latest round of viruses have been getting through it....
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #6 fikse, Nov 25, 2005
(You must log in or sign up to post here.)
Loading...
Similar Threads - Getting file emails
  1. JarekN

    Site keeps on getting hacked - infected files

    JarekN, Mar 15, 2018, in forum: Security
    Replies:
    6
    Views:
    399
    cPanelMichael
    Mar 15, 2018
  2. billmcollam

    SOLVED Getting file not found vs 404 with PHPFPM

    billmcollam, May 6, 2017, in forum: EasyApache
    Replies:
    2
    Views:
    1,408
    billmcollam
    May 13, 2017
  3. zeki

    How to see which site is getting the most hits during a certain time

    zeki, Aug 4, 2018, in forum: General Discussion
    Replies:
    2
    Views:
    89
    cPanelLauren
    Aug 6, 2018
  4. Zardiw

    mod_userdir getting 404 error

    Zardiw, Aug 3, 2018, in forum: General Discussion
    Replies:
    12
    Views:
    62
    cPanelLauren
    Aug 3, 2018
  5. madesimplemedia

    Getting error "End of script output before headers: ea-php56"

    madesimplemedia, Jun 12, 2018, in forum: CloudLinux
    Replies:
    10
    Views:
    201
    cPanelLauren
    Jun 13, 2018

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice