There are people who are entering my mail without authentication or permission without any account created in my own domain to send pshing and spam messages like the following:
example1@example.com.co
User mail - @ domain
(For reasons of security of my company I can not reveal the domain nor the user there will be any problem)
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>
From: jia@aguerriarquitectos.com <jia@aguerriarquitectos.com>
Posted on: Wednesday, June 12, 2019 23:21
To: example1@example.com.co
Subject: example1@example.com.co has been hacked! Change your password immediately!
I salute you!
I have bad news for you.
01/23/2019 - on this day I pirated his operating system and got full access to his account example1@example.com.co.
That's how it was.
In the router software through which it was connected, there was a vulnerability.
First I pirated this router and put my malicious code on it.
When he entered through the Internet, my Trojan was installed in the operating system of his device.
After that, I made a complete dump of his disk (I have his entire address book,
History of viewing sites, all files, phone numbers and addresses of all your contacts).
A month ago, I wanted to lock your device and ask for a small amount of money to unlock.
But I looked at the sites you visit regularly. I'm surprised by your favorite resources.
I'm talking about adult sites.
I mean, you're a great pervert. You have unbridled fantasy!
After that, an idea came to my mind.
I took a screenshot of the intimate website where you have fun (you know what I mean, yes?).
After that I took a picture of your entertainment (using your device's camera).
The result was great! Do not hesitate!
I am deeply convinced that you would not like to show these images to your family, friends or colleagues.
I think $ 214 is a small amount for my silence.
Also, I spent a lot of time with you!
I accept money in bitcoins.
My BTC wallet: 1NKSptmiwmgz9kBi8s8g2tWHeMjWSs6HRa
Do not know how to transfer money to Bitcoin?
In any search engine type "How to transfer money to bitcoin".
It's easier than transferring money to a credit card!
For the payment you have a little more than two days (exactly 50 hours).
Do not worry, the timer will start at the moment you open this letter. Yes, yes ... It has already begun!
After payment, my virus and the commitment to you automatically destroy themselves.
Narrative: if I do not receive the specified amount from you, your device will be blocked and all your contacts will receive a photo with your "entertainment".
I want you to be prudent.
- Do not try to find and destroy my virus! (All your data is already loaded on a remote server)
- Do not try to contact me (this is impossible, the sender's address was generated at random)
- Several security services will not help you; formatting a disk or destroying a device will not help either, since your data is already on a remote server.
. I guarantee that I will not bother you again after payment, since you are far from my only victim.
This is a hacker honor code.
From now on, I advise you to use good antivirus and update them regularly (several times a day).
Do not get mad at me, everyone has their own work.
Goodbye
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>
Detailed log on the entry and sending of spam mail this example is a single user, has also sent groups within the server something that disturbs me a lot as you know what groups are on the server or is it just chance?
additional to this I have a detailed error of sql if possible a solution I would appreciate it is very important for me this type of solutions
Start log and send to my server HmailServer V.5.6 4-B2283 - Type MSSQL CE
Code: Select all
"TCPIP" 7192 "2019-06-12 20:42:53.262" "TCP - 192.168.1.144 connected to 192.168.1.254:110."
"ERROR" 2580 "2019-06-12 20:42:54.298" "Severity: 2 (High), Code: HM5032, Source: DALConnection::Execute, Description: Source: SQLCEConnection::Execute(), Code: HM10044, Description: Error while executing SQL statement:
DELETE FROM hm_logon_failures WHERE failuretime < DATEADD(mi, -999999999, GETDATE())
Microsoft SQL Server Compact OLE DB Provider
Uno o más errores al procesar el comando."
"TCPIP" 7192 "2019-06-12 20:42:55.832" "TCP - 185.137.111.136 connected to 192.168.1.254:25."
"TCPIP" 7192 "2019-06-12 20:43:10.392" "TCP - 185.137.111.129 connected to 192.168.1.254:25."
"TCPIP" 7192 "2019-06-12 20:43:12.037" "TCP - 109.252.91.99 connected to 192.168.1.254:25."
"SMTPD" 7192 519701 "2019-06-12 20:43:12.039" "109.252.91.99" "SENT: 220 example.com.co"
"SMTPD" 6728 519701 "2019-06-12 20:43:12.376" "109.252.91.99" "RECEIVED: EHLO 109-252-91-99.nat.spd-mgts.ru"
"SMTPD" 6728 519701 "2019-06-12 20:43:12.377" "109.252.91.99" "SENT: 250-mail.example.com.co[nl]250-SIZE 20480000[nl]250-AUTH LOGIN PLAIN[nl]250 HELP"
"TCPIP" 7192 "2019-06-12 20:43:12.512" "TCP - 192.168.1.95 connected to 192.168.1.254:110."
"SMTPD" 6740 519701 "2019-06-12 20:43:13.080" "109.252.91.99" "RECEIVED: MAIL From:<jia@aguerriarquitectos.com>" (spamer)
"SMTPD" 6740 519701 "2019-06-12 20:43:13.359" "109.252.91.99" "SENT: 250 OK"
"TCPIP" 7192 "2019-06-12 20:43:13.475" "TCP - 192.168.1.177 connected to 192.168.1.254:110."
"SMTPD" 6728 519701 "2019-06-12 20:43:13.797" "109.252.91.99" "RECEIVED: RCPT To:<example1@example.com.co>" (usuario)
"SMTPD" 6728 519701 "2019-06-12 20:43:13.807" "109.252.91.99" "SENT: 250 OK"
"SMTPD" 5568 519701 "2019-06-12 20:43:14.242" "109.252.91.99" "RECEIVED: DATA"
"SMTPD" 5568 519701 "2019-06-12 20:43:14.251" "109.252.91.99" "SENT: 354 OK, send."
"TCPIP" 7192 "2019-06-12 20:43:15.721" "TCP - 185.137.111.125 connected to 192.168.1.254:25."
"SMTPD" 2372 519701 "2019-06-12 20:43:15.908" "109.252.91.99" "SENT: 250 Queued (1.664 seconds)"
"SMTPD" 6728 519701 "2019-06-12 20:43:16.340" "109.252.91.99" "RECEIVED: QUIT"
"SMTPD" 6728 519701 "2019-06-12 20:43:16.341" "109.252.91.99" "SENT: 221 goodbye"
"TCPIP" 7192 "2019-06-12 20:43:16.693" "TCP - 185.137.111.96 connected to 192.168.1.254:25."
"TCPIP" 5568 "2019-06-12 20:43:17.031" "TCP - 192.168.1.143 connected to 192.168.1.254:110."
"TCPIP" 5568 "2019-06-12 20:43:17.288" "TCP - 192.168.1.143 connected to 192.168.1.254:110."
"TCPIP" 6728 "2019-06-12 20:43:24.322" "TCP - 181.155.203.65 connected to 192.168.1.254:143."
"TCPIP" 5568 "2019-06-12 20:43:25.741" "TCP - 192.168.1.171 connected to 192.168.1.254:110."
"TCPIP" 6740 "2019-06-12 20:43:30.874" "TCP - 192.168.1.37 connected to 192.168.1.254:110."
"TCPIP" 7192 "2019-06-12 20:43:32.491" "TCP - 185.137.111.136 connected to 192.168.1.254:25."
"TCPIP" 6740 "2019-06-12 20:43:42.325" "TCP - 190.144.231.197 connected to 192.168.1.254:110."
"TCPIP" 876 "2019-06-12 20:43:42.929" "TCP - 192.168.1.49 connected to 192.168.1.254:110."
"TCPIP" 876 "2019-06-12 20:43:43.385" "TCP - 192.168.1.178 connected to 192.168.1.254:110."
"TCPIP" 876 "2019-06-12 20:43:45.674" "TCP - 192.168.1.182 connected to 192.168.1.254:110."
"TCPIP" 7192 "2019-06-12 20:43:48.603" "TCP - 185.137.111.129 connected to 192.168.1.254:25."
"TCPIP" 876 "2019-06-12 20:43:49.487" "TCP - 192.168.1.142 connected to 192.168.1.254:110."
"TCPIP" 7192 "2019-06-12 20:43:50.006" "TCP - 185.137.111.125 connected to 192.168.1.254:25."
"TCPIP" 876 "2019-06-12 20:43:53.695" "TCP - 192.168.1.144 connected to 192.168.1.254:110."
"TCPIP" 7192 "2019-06-12 20:43:54.729" "TCP - 124.105.173.53 connected to 192.168.1.254:25."
"SMTPD" 7192 519719 "2019-06-12 20:43:54.731" "124.105.173.53" "SENT: 220 example.com.co"