Katsmeow
Give me a museum and I'll fill it. (Picasso) Give me a forum ...
- Joined
- Jul 11, 2009
- Messages
- 5,308
This is long but I really need suggestions.
My main email webmail was compromised and I'm trying to figure out what happened and if I need to do anything more to make certain I don't have a keylogger on my computer. Here is the situation:
For years my main email has been one I set up using my own domain. That is, let's say my domain was fubar.com (it isn't -- just using it for example). My domain is hosted at godaddy. I don't use fubar.com for anything other than a domain name for my email. Through godaddy I have email set up and godaddy provides webmail if I want to long onto my email account on the internet. In practice, I very rarely use the webmail. I have a master email account at gmail and have my fubar.com email forwarded to gmail and I send mail from fubar.com using my gmail account. So I hardly ever log into the webmail account (maybe once a month or so when I want to get a confirmation or something that I don't want to wait for it to be forwarded to gmail).
So -- several weeks ago I found that emails to fubar.com were being returned as undeliverable. I tried to log into the webmail and couldn't and ended up deleting the mailbox (through godaddy) and setting up the account again. Everything seemed to work.
Then yesterday the same thing happened. This time I called godaddy who had me...delete the mailbox and set up back up. The tech support guy sent me a test email and asked me to respond to it.
When I did the response popped us as not being from my actual email but from some other email and the response had a canned signature that was a Nigerian scam letter. I then looked at the webmail and realized someone had actually been logged in on the webmail and had created another identity to send emails using my account. I checked the login info and saw someone in Nigeria had logged in 2 days earlier and had sent out 100 or so scam emails. I also realized the same thing had happened a couple of days before the last time the email went down.
Obviously the issue for me is how did someone compromise the account. I immediately thought if a key logger so I ran Malwarebytes, AVG, and Norton 360. Nothing turned up except a few tracking cookies.
My password is one that I have used for awhile. It isn't one anyone is likely to disagree (it appears to be random but isn't really but no one could really guess it since it is based upon information that is not publicly available and is available only to me).
I am very careful and have never had a keylogger or virus (that didn't get caught by a virus checker).
The computer I am using is only a few months old. From before I got it I use RoboForm so I don't think I've ever typed the email password into the webmail login form since the password was already saved into RoboForm before I even got this computer. It is possible that I might have typed in that password on my notebook that I use at the office although that wouldn't have often happened.
Possibilities:
1. There is a keylogger on my computer at home but Malwarebytes, Norton 360 and AVG didn't find it. Is that at all possible? Is there something else I should use check for a keylogger?
2. There is a keylogger on my notebook I use at work. Possible I guess but unlikely. I use it only at work and don't go hardly anywhere except major web sites. The office blocks lots of websites so access is pretty limited.
3. Someone got my password and email from some forum or store or some other place where I use the same password for my forum login. I used to use that password a lot of places. I've mostly phased it out but haven't changed it everywhere yet.
4. Someone got my password from the godaddy webmail or something else godaddy related. If that is a possibility maybe I should change my domain hosting to somewhere else (any ideas? I just need hosting for email really).
Basically I feel sort of frozen now. I'm scared to change passwords on my desktop or my office notebook. I could I guess reformat my hard drives (I have an SSD drive with programs on it I want to run quickly then I have another drive with my other programs and my data), but I don't really want to do that unless I have to.
Any ideas?
My main email webmail was compromised and I'm trying to figure out what happened and if I need to do anything more to make certain I don't have a keylogger on my computer. Here is the situation:
For years my main email has been one I set up using my own domain. That is, let's say my domain was fubar.com (it isn't -- just using it for example). My domain is hosted at godaddy. I don't use fubar.com for anything other than a domain name for my email. Through godaddy I have email set up and godaddy provides webmail if I want to long onto my email account on the internet. In practice, I very rarely use the webmail. I have a master email account at gmail and have my fubar.com email forwarded to gmail and I send mail from fubar.com using my gmail account. So I hardly ever log into the webmail account (maybe once a month or so when I want to get a confirmation or something that I don't want to wait for it to be forwarded to gmail).
So -- several weeks ago I found that emails to fubar.com were being returned as undeliverable. I tried to log into the webmail and couldn't and ended up deleting the mailbox (through godaddy) and setting up the account again. Everything seemed to work.
Then yesterday the same thing happened. This time I called godaddy who had me...delete the mailbox and set up back up. The tech support guy sent me a test email and asked me to respond to it.
When I did the response popped us as not being from my actual email but from some other email and the response had a canned signature that was a Nigerian scam letter. I then looked at the webmail and realized someone had actually been logged in on the webmail and had created another identity to send emails using my account. I checked the login info and saw someone in Nigeria had logged in 2 days earlier and had sent out 100 or so scam emails. I also realized the same thing had happened a couple of days before the last time the email went down.
Obviously the issue for me is how did someone compromise the account. I immediately thought if a key logger so I ran Malwarebytes, AVG, and Norton 360. Nothing turned up except a few tracking cookies.
My password is one that I have used for awhile. It isn't one anyone is likely to disagree (it appears to be random but isn't really but no one could really guess it since it is based upon information that is not publicly available and is available only to me).
I am very careful and have never had a keylogger or virus (that didn't get caught by a virus checker).
The computer I am using is only a few months old. From before I got it I use RoboForm so I don't think I've ever typed the email password into the webmail login form since the password was already saved into RoboForm before I even got this computer. It is possible that I might have typed in that password on my notebook that I use at the office although that wouldn't have often happened.
Possibilities:
1. There is a keylogger on my computer at home but Malwarebytes, Norton 360 and AVG didn't find it. Is that at all possible? Is there something else I should use check for a keylogger?
2. There is a keylogger on my notebook I use at work. Possible I guess but unlikely. I use it only at work and don't go hardly anywhere except major web sites. The office blocks lots of websites so access is pretty limited.
3. Someone got my password and email from some forum or store or some other place where I use the same password for my forum login. I used to use that password a lot of places. I've mostly phased it out but haven't changed it everywhere yet.
4. Someone got my password from the godaddy webmail or something else godaddy related. If that is a possibility maybe I should change my domain hosting to somewhere else (any ideas? I just need hosting for email really).
Basically I feel sort of frozen now. I'm scared to change passwords on my desktop or my office notebook. I could I guess reformat my hard drives (I have an SSD drive with programs on it I want to run quickly then I have another drive with my other programs and my data), but I don't really want to do that unless I have to.
Any ideas?