Hi,
I've got an absolute stiinker of a virus hitting my email system right now. I wonder if anyone here can help.

The symptoms of the virus that I receive an email about every 3-5 seconds. The other night I received over 1,800 emails in just a few hours! Sure enough, when these attacks come on they absolutely clog my server up with TONNES of junk (I had over 30MB of junk email last time I checked). And... the worst part is... when the attacks happen, then after a short while, my site gets taken offline because it has gone over the bandwidth limit.

My site has already been offline two or three times this week.

My webhosts have been good enough to reset the bandwidth for my site on every occassion, but the problem is not being solved.

As far as the emails go, I can tell you that about 40% of them are junk mail (adverts for Viagra and such like). The other 60% of emails that I'm getting are "Mail Returned" errors. So, it's as if someone is sending out billions of emails from my email address!!!

I have tried changing my passwords, and for a while the attacks ended. But, tonight I logged on to my email to check that everything was still ok and the instant I logged on, my empty in-box suddenly started suddenly filling up again. It's as if the act of me signing on was somehow the trigger for the attack to happen.

The only other information that's probably worth mentioning is that the virus is probably NOT on my actual computer.

I say this because of three reasons...

*Firstly, I've ran some virus scans and (apparently) I'm clean.

*Secondly, none of my other email addresses have been affected.

*Thirdly, when I check my email I do NOT use Outlook (or similar software). Instead, I check my email by using an online control panel (Hotmail style).



I'm sorry for all the info and the big long post, but this is killing me and I'm DESPERATE for some help.

Since starting this post I have received over 50 emails!!!!!

Help me Obi Wan Kenobi- you're my only hope!

Why not just disable your webmail account and leave your website up.

Well, I'm not sure how to do that.

Maybe I should look into it.

But, I'll tell you this... it's a sad day.

I like my email account and it's a real bummer if I'm gonna have to stop using it because of some crumby virus.

Is this just one email account or is it happening with multiple? If it's just one, you can probably change accounts.

You're right in thinking that this probably isn't actually your account. This is happening everywhere really. It's those damned M$ viruses. So there's tons of comprimised M$ stations out there sending these emails. I had to install a filter at the gateway, but I'm suspecting you can't do that...

Just one.

Well... it's happening for all email accounts which relate to "ANYTHING"@topgig.com.

Sounds like someone using the topgig.com account as an open relay.....

Easy to do, and very easy to stop on an exchange server...

Ok, so is there any chance of telling me how to stop the thing?

So far, I have changed my passwords (but that didn't help).


Late last night, just after posting on this forum, I went into the CGi bin for my site and I noticed a couple of strange files amidst the "contact-us" scripts. I viewed the files with Notepad and they were made up of 95% gobbledeegook.

Sure enough, I assumed that this must be the virus thing and I deleted both of the files.

The trouble is... even after I deleted the things I still got lots "Message Returned" errors.

I'm gonna go and check my email now to see how things are.

Thanks for your help so far guys.

you can't stop the message returned errors. someone's probably using your address in the From: header and its all bouncing back to you. thats what i think anyways......

David, the very first thing you need to do is check the headers to find out where the email is originating. If it's your server then either (probably) your server is an open relay and the admins need to close it, or you have a hacked or insecure script. Sounds like the second one may be the case since you found unfamiliar files. If you really think you've been hacked then it's time to do some spring cleaning and let your admins know.

If it's not your home machine or server then you can track down the admins for the servers and let them know about the abuse. Generally each domain has an abuse@domain.com address, so that's a good place to start.

Originally posted by jstarkey
David, the very first thing you need to do is check the headers to find out where the email is originating. If it's your server then either (probably) your server is an open relay and the admins need to close it, or you have a hacked or insecure script. Sounds like the second one may be the case since you found unfamiliar files. If you really think you've been hacked then it's time to do some spring cleaning and let your admins know.

If it's not your home machine or server then you can track down the admins for the servers and let them know about the abuse. Generally each domain has an abuse@domain.com address, so that's a good place to start.

Great idea, if you want to send millions of emails to abuse emails when most of the emails have fake address's :D

I would though do what he said checking the headers. Do you have Cpanel?

Originally posted by jamesm87
Great idea, if you want to send millions of emails to abuse emails when most of the emails have fake address's :D


You send it to the owner of the originating IP (or the relay). Not the domain in the reply-to.