My boyfriend asked me to ask this question. He has a mail account that he only accesses via webmail - it’s a Squirrelmail client on a Dreamhost server. He’s lately seen a lot of spam being sent from his inbox (in his sent items) to him and to other people. What happened and how can he fix it?
I would start by changing my password.
The spammers found his e-mail address. Changing the password probably won’t help.
Relax. Those items aren’t being sent from his email address at all. Some spammer(s) are using his email address in forged headers, so that any mail which bounces back gets sent to his inbox, rather than the spammers. It just looks like they’re sending it from his email account. Trust me, they aren’t.
If that were the case, the alleged spams would not appear in his “Sent” folder. It sounds to me like someone has a bot that either knows his password or knows of a security flaw in SquirrelMail.
Gah. I missed that part of the OP. I assumed these were bounced mails in his Inbox. :smack:
So, Happy is right. Immediately changing the password to something more secure is the first step, then see if the issue continues. No english words, combo of numbers and letters, nice and long but easy to remember.
If it does continue after that, I’d take the problem to the owner of the webmail site, whether it’s a domain host or a third party.
Anything on the internet can be cracked and invaded. It’s just a matter of difficulty. Webmail servers in particular often don’t use secure protocols, so breaking them is pretty easy for a dedicated hacker.
I’ve got a Dreamhost account and mine has been fine so far, so if it is cracked it’s just yours.
dictionary hacks, brute force attacks, and … damn can’t remember the name right now but there’s a semi-brute-force style attack can crack any password shorter than 6 characters in a matter of days depending on the speed and number of computers in the assault and the security measures of the website. If the website itself has compromised security, that may be a different problem altogether…
Am I right in thinking that Squirrelmail is actually just a graphical front end for various *nix mail agents? If so, then I’d say it sounds like there’s some security hole in the server itself, or maybe even something as simple as that the mail relay has been left exposed to the outside world.
See squirrelmail.
Gmail is HTTPS from the front page: the password is transmitted in an encrypted form.
Me, I’d say get whatever the mail client is, and forward to a new Gmail account, and use that from then on.
Yeah, the big ones (Hotmail, Gmail, Yahoo mail) use HTTPS. It’s the ones set up by part-time sysadmins that often don’t. I’m pretty sure the default for squirrelmail is to not use HTTPS, though I could be wrong.
At least one site that uses squirelmail uses HTTPS (that’s how I communicate for some volunteering I do), but I have no idea whether the HTTPS was a modification to the basic product, so you may very well be correct about the default.
A matter of days? If it’s a 6 character password try a matter of minutes with the right password cracking tool. The best passwords are not words at all but phrases, 15 characters or longer.