Question: |
Good morning. Today I received in my box [email protected] SPAM email sent from my mailbox [email protected].ŠŠø who no longer have access to email and CPanele.How is this possible? |
Answer: |
Hello give sozherzhimoe letter and all its headers. |
Question: |
From: [email protected] To: [email protected]Š¢ŠµŠ¼Š°: [SPAM] Client Email database: [email protected] Skype: prodawez389 Request details now If interested Thank you for the quick reply!Collect for You on the Internet database of potential customers for Your Business!Our database will have all the contact details required for bulk sales of Your products and services.At Your request I will send an example and detailed information.If interested, inquire for details now Email: [email protected]: prodawez389ŠŠ»Š°Š³Š¾Š“Š°ŃŠøŠ¼ for the quick reply!Today at 10.43 received a similar email from: [email protected] to: [email protected]Š¢ŠµŠ¼Š°: [SPAM] Clients??s base [email protected] Skype: prodawez389 Details ties??Aytos now!Collect for You on the Internet database of potential customers for Your Business! Our database will have all the contact details required for bulk sales of Your products and services. At Your request I will send an example and detailed information. If interested, inquire for details now Email: [email protected] Skype: prodawez389 Thank you for the quick reply!At the same time I received a notification from Yandex, that my site is not accessible. Now when you try to access your website kryazhev.photo gives a 404 error |
Question: |
Went to CPanel of the Site, I have gone folder Public_htmlŠ why? Please restore the functionality of the site |
Answer: |
please wait. |
Answer: |
let what you did in Apple? what was removed? |
Question: |
Yesterday removed only one FTP access, after receiving the spam e-mails.Went to the bar and looked if there are any suspicious folders or what not was removed, as that does not found.Today at 10.40 got a message from Yandex that the site is not available.I was sleeping, and no change on the website is not produced, access is no longer one was. |
Answer: |
\"Yesterday, I removed only one FTP access\" this is the reason. you removed it along with the files. please be careful and perform all the actions osoznanno |
Answer: |
so we asked them to bring message header. the us has not granted |
Question: |
Wow! Please restore from a backup. |
Question: |
The original text of the letter No. 1:X-AntiVirus: Checked by Dr. Web [version: 11.1.3.06180, engine: 11.1.2.07130, virus records: 5512916, updated: 4.08.2016]Subject: [SPAM] =?windows-1251?B?yuvo5e3y8ero5SDh4Of7ICBFbWFpbDogymf3?= =?windows-1251?B?dXBlY29kYS0zODk3QHlvcG1haWwuY29tifnr?= =?windows-1251?B?eXBlOiBwcm9kYXdlejM4OSDH4O/w7vHo8uUg?= =?windows-1251?B?7+7k8O7h7e7x8ugg8eXp9+DxIMXx6+gg6O3y?= =?windows-1251?B?5fDl8e3uIMHr4OPu5ODw6Owg5+Ag4fvx8vD7?= =?windows-1251?B?6SDu8uLl8iE=?=X-DrWeb-SpamState: YesX-DrWeb-SpamDetail: Vade Retro 01.390.83 AS+AV+AP Profile: ; Bailout: N/A; Hdr 4874 (300);^ForbiddenEmail (500);^A301-01 (15);^A284-07 (20);RTA (300);^RFC--ContentType2 (30);*Russian-DataBase (300)X-DrWeb-SpamVersion: 01.390.83 Return-path: Envelope-to: [email protected]: Thu, 04 Aug 2016 23:02:52 +0300Received: from [23.250.1.50] (port=43108 helo=tolgaogut.com) by knight.dns-panel.ru with esmtp (Exim 4.87) (envelope-from ) id 1bVOqy-002cnX-Bl for [email protected]; Thu, 04 Aug 2016 23:02:52 +0300Received: from htrckqlp (localhost [IPv6:::1]) by tolgaogut.com (Postfix) with SMTP id 8EA773685AC for ; Wed, 3 Aug 2016 20:25:08 -0400 (EDT)Message-ID: Reply-To: \"[email protected]\" From: \"[email protected]\" To: [email protected] Thu, 4 Aug 2016 06:25:07 +0700MIME-Version: 1.0 Content-Type: text/plain; charset=\"windows-1251\";Content-Transfer-Encoding: base640e7h5fDl7CDk6/8gwuDxIO/uIOjt8uXw7eXyIOHg5/Mg5ODt7fv1IA0K7+7y5e326ODr/O379SDq6+jl7fLu4iDk6/8gwuD45ePuIMHo5+3l8eAhDQrCIOHg5+Ug4fPk8/Ig4vHlIOru7fLg6vLt++Ug5ODt7fvlIO3l7uH17uTo7PvlIA0K5Ov/IOzg8fHu4u7pIO/w7uTg5uggwuD46PUg8u7i4PDu4iDoIPPx6/PjLg0Kz+4gwuD45ezzIOfg7/Du8fMg7/Do+Ovl7CDv8Ojs5fAg6CDv7uTw7uHt8/4g6O307vDs4Pbo/i4NCsXx6+gg6O3y5fDl8e3uIOfg7/Du8ejy5SDv7uTw7uHt7vHy6CDx5en34Pegdqpfbwfpbdogymf3dxbly29kys0zodk3qhlvcg1hawwuy29tdqpta3lwztogchjvzgf3zxozodkncshr4opu5odw6owg5+Ag4fvx8vD76SDu8uLl8iENCg== |
Question: |
The original text of the second letter X-AntiVirus: Checked by Dr. Web [version: 11.1.3.06180, engine: 11.1.2.07130, virus records: 5512916, updated: 4.08.2016]Subject: [SPAM] =?utf-8?Q?=D0=9A=D0=BB=D0=B8=D0=B5=D0=BD=D1=82=D1=81=D0?= =?utf-8?Q?=BA=D0=B8=D0=B5_=D0=B1=D0=B0=D0=B7=D1=8B__bawup?= =?utf-8?Q?ecoda-3897=40moncourrier=2Efr=2Enf_Skype=3A_pro?= =?utf-8?Q?dawez389_=D0=9F=D0=BE=D0=B4=D1=80=D0=BE=D0=B1?= =?utf-8?Q?=D0=BD=D0=BE=D1=81=D1=82=D0=B8_=D1=83=D0=B7=D0?= =?utf-8?Q?=BD=D0=B0=D0=B9=D1=82=D0=B5_=D1=81=D0=B5=D0=B9?= =?utf-8?Q?=D1=87=D0=B0=D1=81!?=X-DrWeb-SpamState: YesX-DrWeb-SpamDetail: Vade Retro 01.390.83 AS+AV+AP Profile: ; Bailout: N/A; ^ForbiddenHdr (500);^A301-01 (15);^A284-07 (20);^RFC--ContentType2 (30)X-DrWeb-SpamVersion: 01.390.83 Return-path: Envelope-to: [email protected]: Fri, 05 Aug 2016 11:09:01 +0300Received: from vps4540-cloud.comalis.net ([94.247.31.181]:50389) by knight.dns-panel.ru with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.87) (envelope-from ) id 1bVaBh-000Esx-Sw for [email protected]; Fri, 05 Aug 2016 11:09:01 +0300X-No-Auth: unauthenticated senderReceived: from xvasensg (localhost [127.0.0.1]) by vps4540-cloud.comalis.net (Postfix) with SMTP id CEC0FE340B for ; Fri, 5 Aug 2016 09:43:23 +0200 (CEST)Received-SPF: pass (vps4540-cloud.comalis.net: localhost is always allowed.) client-ip=127.0.0.1; [email protected]; helo=xvasensg;X-No-Auth: unauthenticated senderMessage-ID: <[email protected]>Reply-To: \"[email protected]\" From: \"[email protected]\" To: [email protected]: Fri, 5 Aug 2016 14:43:21 +0700MIME-Version: 1.0 Content-Type: text/plain; charset=\"utf-8\";Content-Transfer-Encoding: 8bitŠ ŠŠ ŃŠ Ā±RRR We\"R HOME RĀ°S RR Rers RSS` RĀ±RĀ°RĀ·S WeĀ°RRS\"... RRS RRSā PEPĀ°R\"SRS\"... RR\"Errs RR We\"HOME R RĀ°Cā¬R RRR PEPĀ·RRRĀ°! R` RĀ±RĀ°RĀ·R RĀ±SSS` RSR RRS RĀ°RS RS\"We RĀ°RRS\"R RRRĀ±...Ers\"R We\"HOME WeĀ°SSR No. RRRĀ°RĀ¶Re R RĀ°Cā¬RES... S RRRĀ°SRR Re SCR\"SR. RR R RĀ°Cā¬RRT RĀ·RĀ°Rsss RSESā¬R\"RR Rssers Re RRRĀ±RSS Rerc\"RRRĀ°Cā RES. Rā¢SR\"Re Rers RSSR RĀ·RĀ°Rsses R RRRĀ±RSS Re CRR No. Withā”RĀ°S Email: [email protected] Skype: prodawez389 R R\"RĀ°RRRĀ°Srer RĀ·RĀ° RĀ±WITH\"SS SS\"R # RS RRS`! |
Question: |
Unfortunately not all recovered=( |
Answer: |
letters were sent not from our server. Received: from [23.250.1.50] Received: from vps4540-cloud.comalis.net ([94.247.31.181] |
Question: |
I.e. it`s just a simple substitution of the headlines?* |
Answer: |
Yes. Judging by the address. |
Question: |
And the last question. Unfortunately not all recovered, and in particular the recent changes to the website made 30.07 (on the subdomain clients.kryazhev.photo), can we fix later? |
Answer: |
later. |
Question: |
Got it, thanks! |
Answer: |
ok
|