sending spam email with js code ? - GoFuckYourself.com

DanyBelec · 03-04-2014, 07:29 PM

Heres a short email from my hosting provider...

During an investigation into server load and possible spam related issues on our server it has been brought to our attention that an account within your control has been sending out unsolicited email messages (SPAM). We have disabled the email address in question for legal reasons and need some information from you.

It is our belief that this incident may not have been intentional. The account in question may actually be victim to one or more compromised third party web scripts (forum, blog, guest book, content management system). An attacker can take advantage of known security weaknesses in your software and use it for other purposes (spamming) without your knowledge.

No one had access to my server all i did is sell an ad space to someone on this forum. What ive found strange is it was a js code, my question is is it possible to send spam email by simply adding a js code to a website ?

Thanks

kumanaz · 03-04-2014, 11:40 PM

JS code is executed on client side (user browser)
In this message hosting provider said that SPAM is sent from your server.
Si in this case there are 2 ways:
1. Someone knows email password of your email and send messages via SMTP remote connection - you can ask hosting company to check which IPs accessed your server.
2. Someone hacked access to server and knows everything - it is better to reinstall everything from scratch.
3. Maybe someone elese will add more. I am not the best sysadmin (only 4 years expirience)

03-04-2014, 07:29 PM	#1
DanyBelec Registered User Industry Role: Join Date: Feb 2014 Posts: 27	sending spam email with js code ? Heres a short email from my hosting provider... During an investigation into server load and possible spam related issues on our server it has been brought to our attention that an account within your control has been sending out unsolicited email messages (SPAM). We have disabled the email address in question for legal reasons and need some information from you. It is our belief that this incident may not have been intentional. The account in question may actually be victim to one or more compromised third party web scripts (forum, blog, guest book, content management system). An attacker can take advantage of known security weaknesses in your software and use it for other purposes (spamming) without your knowledge. No one had access to my server all i did is sell an ad space to someone on this forum. What ive found strange is it was a js code, my question is is it possible to send spam email by simply adding a js code to a website ? Thanks

03-04-2014, 11:40 PM	#2
kumanaz Registered User Industry Role: Join Date: Sep 2013 Posts: 93	JS code is executed on client side (user browser) In this message hosting provider said that SPAM is sent from your server. Si in this case there are 2 ways: 1. Someone knows email password of your email and send messages via SMTP remote connection - you can ask hosting company to check which IPs accessed your server. 2. Someone hacked access to server and knows everything - it is better to reinstall everything from scratch. 3. Maybe someone elese will add more. I am not the best sysadmin (only 4 years expirience)