Mail Fraud on Server

About 1 hour ago I received a very suspicious subscription payment through PayPal (who signs up dkjshkjhdskjf.com and agrees to pay $17.95 a month?) - So I checked out what he has uploaded so far... sure enough it's a sendmail script with a message uploaded on the server regarding a SunTrust mail scam. First thing I do is terminate this account. About 15 minutes later I get an email from PayPal saying my payment was put on hold because the buyer's account was used without his consent. I reply to that email, releasing the funds back to the defrauded buyer.

I check the server load and it's 7.99! so obviously this guy's messages are still being routed through the server. I panic and force reset through WHM. When the server comes back online I notice the server is still processing the emails, so I panic some more and shut down exim. I submitted a support ticket to theplanet notifying them of this issue - and was forwarded to their abuse group (which hasn't responded yet).

I'm kind of in limbo here -- If any of you have had similar experiences, how have you dealt with it, what did you do to investigate the damage, what CAN I do? I'm already receiving replies and abuse reports since the messages are being sent with a nobody@velocity.pixdserver.com reply address.

Thanks for you help.

 

 

 

 

Top