Issues with Emails After Possible Domain Hack

Hello everyone, This situation may sound more like a back-end than a front-end, that's why I prefer to ask it here, even though my page has nothing back-end, it's just a presentation page. About a month ago, I uploaded the website I designed for a food import company to their existing domain. The domain and hosting were previously managed by another developer, whom I’ll call Alex. He owns his own hosting service. I uploaded the website on September 16, replacing the old version. Last Friday, the company started experiencing issues with their emails. Alex blamed me, claiming that the website lacked security and that it caused a phishing attack. However, what really caught my attention was when he mentioned that the domain was "hacked" between August 20 and 24, well before I uploaded the new website. Upon checking the cPanel, I noticed that the number of email accounts had increased from the original 28 to 40, confirming that someone had unauthorized access. I immediately took action by deleting the newly created email accounts and changing all the passwords for cPanel and the email accounts. To address the ongoing issues, I had the company change hosting providers to see if that would resolve the problem and to stop relying on Alex. Now, the issue is that when I try to send emails from some of these accounts, I get the following error message: This message was created automatically by mail delivery software. A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed: [email protected] host eig-east.smtp.a.cloudfilter.net [3.228.35.199] SMTP error from remote mail server after end of data: 550 <[email protected]> message rejected AUP#POL The message is much longer but due to server directives I am making it short. If you can help me with this I would appreciate it.
25 Replies
ἔρως
ἔρως2mo ago
you're probably in some blacklist https://multirbl.valli.org/ <-- type one of the emails here https://mxtoolbox.com/Problem/blacklist <-- you can also try this one then, if you show in a blacklist, literally follow whatever instructions it gives you (just don't provide any passwords or private stuff from the server) and wait some days also, make sure your message isn't too spammy there are services to test sending an email to, that will check it
Reproski
ReproskiOP2mo ago
The page is on two blacklists out of 72, I previously removed it from another one but I have not done so on those two, they are: UCEPROTECTL2 UCEPROTECTL3
ἔρως
ἔρως2mo ago
then do what the blacklists tell you to do
Reproski
ReproskiOP2mo ago
I literally send a test, hello how are you, something like that and it also gives me the error
ἔρως
ἔρως2mo ago
but this is not a guarantee https://www.reddit.com/r/email/comments/15jrcgk/comment/k7jkn6y/ <-- i also found this which may or may not help this is a configuration in your server
Reproski
ReproskiOP2mo ago
When I submit the IP of the page I get this message from UCEPROTECT IP Information Your IP XXX.XXX.XXX.XXX is part of AS 46606 UNIFIEDLAYER-AS-1, US and networks 162.240.0.0/15 162.241.148.0/24 The reverse DNS (PTR) exists and claims to be: XXX-XXX-XXX-XXX.unifiedlayer.com WARNING: There is no A record matching your reverse DNS. The DNS is INCONSISTENT. Please ask your administrator or provider to fix this problem. This IP is NOT registered at ips.whitelisted.org. You can find more information about whitelisted.org here.
ἔρως
ἔρως2mo ago
if you have free support for your server, this is a good chance to contact them also, i would consider seriously if you need to send emails
Reproski
ReproskiOP2mo ago
The customer support of this garbage hosting provider is terrible, they don't solve anything for me, they question and criticize me instead of helping me, that's why I turn to the community
ἔρως
ἔρως2mo ago
do you pay for support? or is it included? if so, they are required to give you support, even if they don't want to
Reproski
ReproskiOP2mo ago
Let me finish telling you the rest of the story, sorry if it's too long. Interestingly, this issue only affects some email accounts, not all of them. After doing some research, I found out it could be related to DNS settings. Upon reviewing the Email Delivery options, I see there is an error in Reverse DNS (PTR), which states: “To resolve this issue, please contact your system administrator and request that they replace all PTR records for “xxx.xxx.xxx.xxx.in-addr.arpa” with the following record at 'ns1.unifiedlayer.com' and 'ns2.unifiedlayer.com'.” I contacted Alex to request this change that cPanel itself recommends, and he responded rather rudely, stating that the hosting server is working fine and that the problem is a “security” issue. Additionally, I would like to clarify that this problem has been occurring since last Friday, as I mentioned earlier. However, the change made in the WebMail was this: “The Horde webmail application has been removed in cPanel & WHM version 108. All Horde email, contacts, and calendars will be automatically migrated to Roundcube. For more information, read our cPanel Deprecation Plan documentation.” Since I’m still relatively new to managing hosting and DNS configurations, I would really appreciate any advice or guidance from the community to resolve this issue. Literally it is a guy with a server at home hosting pages on the internet, maximum it will be a team of 3 people
ἔρως
ἔρως2mo ago
you've really picked the finest of the finest :/
Reproski
ReproskiOP2mo ago
In the end I decided to tell the company to migrate the domain to another provider and try to see if that fixes the problem. And that's what I'm doing now
ἔρως
ἔρως2mo ago
it probably may not fix it, but that company may have much better support but seriously, you should really consider not using emails, if you can just out of curiosity, is it a php website that you have?
Reproski
ReproskiOP2mo ago
It's a very old-fashioned company, they haven't modernized at all, the company is literally in trouble because they can't answer emails. I made the page purely in Boostrap and a bit of JS It is a purely presentation page, nothing complex, no purchases or anything.
ἔρως
ἔρως2mo ago
if you chose a service that sells a shared vps, it's possible that someone else was hacked and you ate from that turd sandwich as collateral i've seen my fair share of wordpress websites being infected because someone else got hacked and the virus was spread into the entire server and even non-wordpress websites were caught in that
Reproski
ReproskiOP2mo ago
At this point I honestly think I entered a battle that was already lost, probably the server was about to be hacked and just as I arrived I had to carry the dead man.
ἔρως
ἔρως2mo ago
or you were caught in the shitstorm you couldn't have stopped this the server providers wash their hands and blame you because it removes all liability from them and obviously, the fewer that know the better
Reproski
ReproskiOP2mo ago
When I log out of the domain management page and so on, it takes me to a rather strange page full of garbage written in Indonesian.
ἔρως
ἔρως2mo ago
that's ,,, sketchy ...
Reproski
ReproskiOP2mo ago
And Casino shit
ἔρως
ἔρως2mo ago
that's extra sketchy
Reproski
ReproskiOP2mo ago
It's literally logging out of the domain manager and redirecting to that shit.
No description
ἔρως
ἔρως2mo ago
you should talk with the support, because that's not normal also, you may have to provide an har file showing the network traffic
Reproski
ReproskiOP2mo ago
Thank you for your help, I will tell you that everything that is happening is not my fault, probably through that page they managed to gain access to the server where my website was hosted and from there they began to send emails and spam
ἔρως
ἔρως2mo ago
i mean, if you have a webpage that's just bootstrap and images, it's impossible to have been you but sadly, you're the one that suffer the consequences the domain gets blacklisted and messages get rejected hopefully, in a new server, you can get away from that bad reputation if you can't, well, there's paid bs like mandrill (which is $20 for 25000 emails a month) and that way, it's a little more likely for your email to be delivered
Want results from more Discord servers?
Add your server