One of my Fifthdread emails was sending spam, and I caught it

One of my Fifthdread emails was sending spam, and I caught it

Yeah, it's a blunder. It's probably been going on for some time as well, and I didn't think to check. Too be honest, you're more likely to get your account compromised than you think. It's happened to so many of my accounts that it's my policy to use multi-factor authentication anytime I can. I've said it a thousand times- use a password manager. Use multi-factor authentication. Use Bitwarden. Often it falls on deaf ears, so let me give you a great example of something that I found this morning. Emails, being sent to my catch-all inbox for Fifthdread.com email addresses...

Return messages sent to my catch-all email address

You're probably wondering "what am I looking at exactly?" and too be honest, I wasn't sure either. Looking at the messages revealed something interesting though...

It seemed like one of my random Fifthdread.com email addresses, 0001@fifthdread.com, was spamming people. What? How? I was going to find out. So I looked at the provided information within the email. I'll spare you the wall of text, but I did see a few things of importance.


Return-path: 0001@fifthdread.com
Received: from ehub54.webhostinghub.com
.....
From: "Aiza" 0001@fifthdread.com
To: ///redacted for privacy///
Subject: Good afternoon!
Date: Thu, 31 Aug 2023 18:17:33 +0400


My conclusion was that someone was able to login as 0001@fifthdread.com and was using it to send spam emails. They were doing it via my old webhosting provider, webhostinghub. My new provider, Skiff, handles all my email services as of now, but the old email server is still there, and still able to send emails if someone had the right credentials... Thankfully, I now know to monitor my catch-all email address for this sort of thing.

So what did I do? Well, I deleted all my old email boxes from webhostinghub!

What did we learn?

My throw-away email account was compromised. The password was likely weak, and was brute forced. While it didn't have anything of value on that email account, it was able to be used to send spam messages from Fifthdread.com. I'm not too happy about it, but lesson learned. Running your own domain comes with these risks, so it's imperitive that you enforce a strong password policy, and use multi-factor authentication on everything that supports it.

The person who hacked my email?

Take advantage of free and easy to use solutions for your passwords such as Bitwarden. It'll save you a lot of headache in the long run. I've had Fifthdread.com "hacked" into, along with Fifthdread email accounts, my ubisoft account, my Sony Playstation account, and a number of others I'm sure I'm forgetting. Now that I'm using multi-factor authentication for everything (with a few exceptions which don't allow it) I'm worry-free. In the event they don't allow multi-factor, I at least have a very strong randomly generated password which would be very hard to crack.

With a new found focus on self-hosting, I'm going to have to take a hard look at the security of my network and services.