[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [OT] Has my e-mail account been hacked?

On Tue, 13 Oct 2015 04:15:21 -0400 (EDT), Jochen Spieker wrote:
> 
> Stuart Longland:
>> On 13/10/15 09:58, Stephen Powell wrote:
>>>
>>> Unfortunately, I don't.  Attached below is one of the mail delivery
>>> failure notices, which includes the headers of the original message.
>>> But I don't understand what it all means.
> …
>>> Authentication-Results:  smtp02.wow.cmh.synacor.com smtp.user=thecoughingcanary; auth=pass (LOGIN)
>>>
>> Not sure about this one.
> 
> It looks like the mail was delivered directly through
> smtp02.wow.cmh.synacor.com by a user who successfully authenticated
> using the username thecoughingcanary.
> 
> @Stephen: is that you?

No.  My id on this mail server is "zlinuxman".  I have no idea who
"thecoughingcanary" is.  Nor do I understand why the SMTP server would
allow "thecoughingcanary" to send out e-mails in my name, unless
"thecoughingcanary" is an administrator account.

> Who runs this mail service?

Wide Open West, or "Wow!" as they market themselves.

   http://wowway.net/

It's basically a cable TV company.  I have a bundle of cable, internet,
and phone service from them.  They provide free e-mail and a free
web-hosting service to all who subscribe to their internet service.
My connectivity is through a cable modem which they provide.
I have my own wired ethernet router connected to it, and my computers
connect to that.
> 
> If this is not your
> username, you might want to contact the people who run the service and
> have them reset the user's password.

I may do that.  But first, I have to be sure that I know what I'm talking
about.  They will probably try to avoid blame if they can.  It's human nature.
>  
> I had a similar case on my self-administered mail host.  A friend of mine
> has an account there and random hosts from all over the world used his
> credentials to send legitimately looking spam. We never found out how
> this happened but changing the password was enough to make it stop.

Of course, changing my own password won't help if they authenticated via
"thecoughingcanary".  Are you sure that the credentials of "thecoughingcanary"
were used to send the e-mails?

If it was my credentials which were used, then I need to know that, and I
need to know how my password was obtained and plug that leak.  Otherwise, they
will obtain the new password the same way that they obtained the old one,
and I'll be right back to square one.

-- 
  .''`.     Stephen Powell    <zlinuxman@wowway.com>
 : :'  :
 `. `'`
   `-
Reply to: