Hacked ?

Submitted by yard on 2018-03-06

Hello,

I have WI 1.1.2 and today was coming 2 strange emails to me:

https://i.imgur.com/ZzXblET.png

how it is possible ?

https://i.imgur.com/kEslwlI.png

message source:

Delivered-To: xxxxxx@gmail.com
Received: by 10.80.153.28 with SMTP id k28csp1260141edb;
        Tue, 6 Mar 2018 07:15:03 -0800 (PST)
X-Google-Smtp-Source: AG47ELvBORglW9Fzi2dYNTXcf4tdX8RJHfM37b6ndoRBDGGbooa1lNV8QC1X6+Z5puBKlrDiXnND
X-Received: by 10.28.156.215 with SMTP id f206mr12204204wme.131.1520349303776;
        Tue, 06 Mar 2018 07:15:03 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1520349303; cv=none;
        d=google.com; s=arc-20160816;
        b=LVU+NmvA3TZeTW26xWFbv4PSILl2VWPGdt5t1HFPJ3UBpqXOCWEujX/wmGCvRvLclP
         GedikslPk54ZVjLQuwD55SE2n3prIaIrMGobaTrFwgwDbci+US6vAaa0s2cEb1e24qDr
         iWAXN33fqkAUujCv4KoopS5sNQbu+h7L+eWTL+di9J3xH8VF4ECOn4Adg4ywdZQG6wo2
         /3B3npwcVlccH+dSgiAugxLhsXXgt7BjIPwKVJb7YHdYrV3jcB2pgDceIwKQztElA1bO
         VdJ1ltd9u7R/GswyCEAlh1dToUmN8SxurabRPi0S0n9FUzLYBmAW+JGcLrS7jL4XKHbS
         KDBQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=content-transfer-encoding:mime-version:message-id:subject:from:to
         :date:arc-authentication-results;
        bh=Zy9FoNFyp0l0dHIjBnjknVxaKhRAtgmVSf9Fq8xCrmA=;
        b=oMeMWndXO4G0tss1n6r3ORAr6PCuyC0ZZbaHNZvM+drmVqEzt+6eMpYfqxphkmBua2
         Qxqox8U/ELrBY3VKijrmicU3e+a8nW/p3oDb8JH4pVA7OQvOsCBSjcXzqxJ+j0JhnSzK
         +YOovGd8hyzs2UfBU4CEsDucPWumKBIqliDy0huml55Q/V4WCaOZIYP99EzJIMl61a6K
         hLzvfEumh9uqFZC92E+yJgS0YMXMaNzXdfZ+M4NJtqSfmunP+8rAv9RoggAovlQJlvtk
         r3+GhS7jHCEB5/xGRzSF+6qgfo2yyMZIDlOVgIgk7OEw07kuIeJBUEfYX9Cn7Ldu8MWz
         npqA==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=softfail (google.com: domain of transitioning xxxx@yyyy.eu does not designate 46.229.230.229 as permitted sender) smtp.mailfrom=xxxx@yyyy.eu
Return-Path: <xxxx@yyyy.eu>
Received: from mailman.hostmaster.sk (mailman.hostmaster.sk. [46.229.230.229])
        by mx.google.com with ESMTPS id f9si505277wrf.83.2018.03.06.07.15.02
        for <xxxxx@gmail.com>
        (version=TLS1 cipher=AES128-SHA bits=128/128);
        Tue, 06 Mar 2018 07:15:02 -0800 (PST)
Received-SPF: softfail (google.com: domain of transitioning xxxx@yyyy.eu does not designate 46.229.230.229 as permitted sender) client-ip=46.229.230.229;
Authentication-Results: mx.google.com;
       spf=softfail (google.com: domain of transitioning xxxxx@yyyyy.eu does not designate 46.229.230.229 as permitted sender) smtp.mailfrom=xxxx@yyyyy.eu
Received: from mail5.hostmaster.sk (mail5.hostmaster.sk [46.229.230.234])
	by mailman.hostmaster.sk (Postfix) with ESMTPS id 5D9D8184CF9
	for <xxxx@gmail.com>; Tue,  6 Mar 2018 16:15:02 +0100 (CET)
Date: Tue, 6 Mar 2018 16:15:02 +0100
To: =?UTF-8?Q?Administr=C3=A1tor?= <xxxxx@gmail.com>
From: XXXX YYYY WebIssues server <xxxxx@yyyyy.eu>
Subject: =?UTF-8?Q?PC-SERVIS_-_Po=C5=BEiadavky_-_Aktivn=C3=AD_po=C5=BEadavky?=
Message-ID: <65deaab03ecbf134fb14d7eb40300f1a@wi.yyyyyy.eu>
X-Priority: 3
X-Mailer: PHPMailer 5.2.7 (https://github.com/PHPMailer/PHPMailer/)
MIME-Version: 1.0
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: 8bit

 

 

I don't see anything unusual. The fist message is some spam, the other is a bounce email, probably related to the first one.

Regards,
Michał