El servidor dejo de funcionar el sábado, el viernes recibi un correo con estos datos:
A message that you sent was rejected by the local scanning code that
checks incoming messages on this system. The following error was given:
You have exceeded message receiving limit for user yakunkina.ira@mail.ru, and i will not accept any messages to this user within 1 minute
------ This is a copy of your message, including all the headers. ------
Authentication-Results: mxs.mail.ru; spf=softfail (mx17.mail.ru: transitioning domain of msn.com does not designate 91.121.109.174 as permitted sender) smtp.mailfrom=ivan_luis@msn.com smtp.helo=gameamos.com
Received-SPF: softfail (mx17.mail.ru: transitioning domain of msn.com does not designate 91.121.109.174 as permitted sender) client-ip=91.121.109.174; envelope-from=ivan_luis@msn.com; helo=gameamos.com;
Received: from [91.121.109.174] (port=34654 helo=gameamos.com)
by mx17.mail.ru with esmtp (envelope-from )
id 1VZmXc-0000df-6T
for yakunkina.ira@mail.ru; Fri, 25 Oct 2013 22:55:24 +0400
X-Mru-BL: 0:0:0
X-Mru-PTR: ks200048.kimsufi.com
X-Mru-NR: 1
X-Mru-OF: Linux (Ethernet or modem)
X-Mru-RC: FR
Received: (qmail 11518 invoked by uid 33); 25 Oct 2013 16:55:09 +0200
To: yakunkina.ira@mail.ru
Subject: Account Details for LucasSmasp at ALED.ES
X-PHP-Originating-Script: 10011hpmailer.php
Date: Fri, 25 Oct 2013 16:55:09 +0200
From: "ALED.ES"
Message-ID:
X-Priority: 3
X-Mailer: PHPMailer (phpmailer.sourceforge.net) [version 2.0.4]
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="utf-8"
X-Spam: Not detected
X-Mras: Ok
X-Mru-Authenticated-Sender: ivan_luis@msn.com
Hello LucasSmasp,
Thank you for registering at ALED.ES. Your account is created and must be activated before you can use it.
To activate the account click on the following link or copy-paste it in your browser:
http://aled.es/index.php?option=com_...b63ad9d80c420d
After activation you may login to http://aled.es/ using the following username and password:
Username: LucasSmasp
Password: P5v1oj8iaX
Y hoy
This is an automatically generated Delivery Status Notification
THIS IS A WARNING MESSAGE ONLY.
YOU DO NOT NEED TO RESEND YOUR MESSAGE.
Delivery to the following recipient has been delayed:
levshaabase@gmail.com
Message will be retried for 2 more day(s)
----- Original message -----
X-Received: by 10.180.36.242 with SMTP id t18mr2784979wij.28.1382803022264;
Sat, 26 Oct 2013 08:57:02 -0700 (PDT)
Return-Path:
Received: from gameamos.com (ks200048.kimsufi.com. [91.121.109.174])
by mx.google.com with ESMTPS id gg6si4854742wjb.147.2013.10.26.08.57.02
for
(version=TLSv1 cipher=RC4-SHA bits=128/128);
Sat, 26 Oct 2013 08:57:02 -0700 (PDT)
Received-SPF: softfail (google.com: domain of transitioning ivan_luis@msn.com does not designate 91.121.109.174 as permitted sender) client-ip=91.121.109.174;
Authentication-Results: mx.google.com;
spf=softfail (google.com: domain of transitioning ivan_luis@msn.com does not designate 91.121.109.174 as permitted sender) smtp.mail=ivan_luis@msn.com
Received: (qmail 22269 invoked by uid 33); 26 Oct 2013 04:30:12 +0200
To: levshaabase@gmail.com
Subject: Account Details for aammrxpq at ALED.ES
X-PHP-Originating-Script: 10011hpmailer.php
Date: Sat, 26 Oct 2013 04:30:12 +0200
From: "ALED.ES"
Message-ID: <36b6302020f2b2d6c3cd9b8f8166c016@aled.es>
X-Priority: 3
X-Mailer: PHPMailer (phpmailer.sourceforge.net) [version 2.0.4]
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="utf-8"
Hello aammrxpq,
Thank you for registering at ALED.ES. Your account is created and must be activated before you can use it.
To activate the account click on the following link or copy-paste it in your browser:
http://aled.es/index.php?option=com_...b55eaae103d642
After activation you may login to http://aled.es/ using the following username and password:
Username: aammrxpq
Password: 234xchjnQQ
y recibi un correo de ovh:
.---------------------------------------------------------------------------------------------------------------------------------------.
| OVH Service Monitoring [ALERT]
.-----------------+---------+--------+-----------------+---------+---------------------------+------------------------------------------.
| IP | Proto | Port | Time [sec] | Status | Timestamp | Reason
+-----------------+---------+--------+-----------------+---------+---------------------------+------------------------------------------+
| 91.121.109.174 | http | 80 | 0.000 | FAILURE | Sun Oct 27 18:00:01 2013 | Connection problem.
'-----------------+---------+--------+-----------------+---------+---------------------------+------------------------------------------'
Creo que es un ataque como veis el tema y que puedo hacer: