How Did My Email Get Compromised and What Can I Do to Stop It?

Once in a while, we have received complaints concerning claims of someone else using an email account to send email without the knowledge of the actual account owner. Cases like this may not really be a hack. But i can be sure to say that your email account has indeed been compromised. This often creates a problem especially when mass mails are being sent from the accounts. Let's examine this in greater detail and see what can be done.

You may also want to read:

7 Ways to Build Your Email List
Any listserv or mailing list service?
Email Problems: What Should I do?
How to Check and Send Emails Using Webmail
How to Solve Email Bounce Back Issues
How to configure Email Client

In the “old days”, that typically meant that your computer had acquired a virus, and that virus was in turn accessing your PC’s email program and systematically sending email to everyone in your contact list or address book. While that’s still a possibility – and you should absolutely make sure that your anti-malware tools are running and up to date – it’s not nearly as common as it once was. Most email programs now carefully protect against unauthorized address book access.

What more likely occurred is that your email account has been compromised – meaning that you probably have an on-line email account, free or otherwise, that someone has gained access too. How this happened is difficult to say. It could be anything from a weak password that’s easy to guess, to your account credentials being sniffed in an open WiFi hotspot, to your simply having shared the account information with someone you should not have and to a friend gaining access to your computer without your knowledge.

(And for the record, last year there was a partial account compromise at one of the larger free email services – account credentials were stolen without the users having done anything wrong. Same result.)

Also read:

How to create an email forwarder in cPanel How to enable spam assasin in cPanel

How to fix error 500 no such user here

How to grow your mailing list ethically

We have covered an issue about emails that appears to come from you, but in fact does not. This is different from the issue being discussed here and is called email spoofing.

Spam email is sent to random people you don’t know, “spoofing” the From: address to make it look like it comes from you when it does not. There is almost nothing that can be done about this.

Email from stolen accounts is sent to people in your address book, and is not spoofed at all – it really is coming from your account. It’s just not you sending it.

Changing your password is good but not enough.

You also need to change any and all security related information associated with the stolen account. Why? Because the thief has access to all that too, and he can use that information to steal your account again.

Scanning your system, local computer, to be sure there are no viruses and malware issues.

Protect your computer from unauthorized access.

Also read:

Managing the Mail Function in CPanel
Webmail Programs in CPanel
What is Email Spoofing?
What is Spamming?

Final Words

Emails are important because it contains the most valuable information you keep and all information regarding login details and password resets are usually sent to an email. Once your email account is vulnerable, all other accounts associated with that email become vulnerable. Understanding email security is therefore crucial to the security of every online project, especially the hosting of your website. In this tutorial, we take you through the basic steps to safeguard your emails and protect your accounts from hackers.

These suggestions will keep you safe from email attackers:

1. Use a strong password: We suggest you use paswords with both lower and upper case, numbers and special characters and at least 8 digits in lenght.

2. Avoid public WiFi: Avoid using public unsecure networks. It is cheap and also risky. You can browse sites but avoid checking emails and login.

3. Do not share login information: Please do not share your login information with anyone.

4. Change Password Regularly Following Password Rules: Please change your passwords regularly and make sure you check to see that you follow proper password rules. I is recommended you use the cPanel password change incon found in your email to generate your password to be sure it is strong.

5. Check for forwarders: Be sure no forwarders exist that collect your information without your knowledge or authrization.

If you follow these rules, your email account will be safe from hackers.

Prevent Spamming in WordPress

Preventing spam on a WordPress website is usually done through plugins. Here are some recommended plugins which can help you combat spam on a WordPress website.


Developed by Automattic – the company behind WordPress, this is one of the most popular cloud-based and free anti-spam plugins ever developed for WordPress. Akismet employs a web service powered by cloud servers which evaluates comments for spam. First you need to connect to the cloud service using an API key which can be obtained by registering for the service.

The plugin uploads all incoming comments to the Akismet’s cloud servers, wherein highly specialized algorithms are run to evaluate the validity of the comment. Some are caught red handed and shifted to the spam queue. The squeaky clean ones are directly moderated and published. If in case Akismet gets stuck, i.e. it can’t decide for good whether a particular plugin is spam or not, it moves the comment to the moderation queue.

Akismet is free for personal and non-commercial use with a limit of 50,000 comment checks a month. The paid plans start from $5 USD a month – which is a pretty sweet deal for spam. It also seamlessly integrates with the Jetpack and Contact Form 7 plugin.

Anti-Spam by CleanTalk – No Captcha, no Comments & Registrations Spam

CleanTalk is a premium cloud-based antispam plugin for WordPress which blocks spam comments, spam bot signups and trackbacks.

The plugin works very similar to Akismet where the incoming comments are uploaded to CleanTalk’s cloud servers which where they go multiple validation checks. Depending on the results, the comments are then moved to the spam queue or are approved and published.

Preventing Spamin Joomla

The best way to prevent spam in Joomla is to ensure that all modules, components and every other etension are up to date. This is extremely important to do as spamming can be very costly. On Todhost servers, your account can be deleted for spamming. So, here are some few things ou should do additionally to block spam on a Joomla website.

  • Enable Captcha - Recaptcha in global configuration and in your plugin manager.
  • As an extreme option, disable user registration in user manager. This is allowed only for websites that do not take new user registrations.
  • Enable protection in Akeeba Admin Tools as follows:
  • Register an account and apply for a key (it's free)
  • At Components -> Admin Tools -> Web Application Firewall -> Configure WAF -> Project Honeypot integration, set:
  • Enable HTTP:BL filtering: Yes
  • Project Honeypot HTTP:BL Key: [enter your own key here]

Take Advantage of Free Plugins

You can find more free and commercial IP address blocking extensions in the Site Protection and Spam Protection categories in the Joomla Extensions Directory. Some promising free extensions are:

HTTPBL - Project Honeypot Blocklists Plugin which checks against
SpambotCheck which checks against several databases, such as,,, and

Preventing Spam in Drupal

A couple of measures will help prevent spam in Drupal. Basically that will require adjusting some settings and deploying some modules.

Take Advantage of Captcha

The captcha module provides a base API for other spam modules, but also comes with some preconfigured captchas, such as a maths question. You are asked 2 + 4 = 6 and if you get the question right, you must be posting legitimate comments. Spambots now get around this, however, so don't recommend it as a standalone solution. Always learn more about the module you choose


The re-captcha is a better solution.Basically, many old books have been scanned, but some of the words are not readable by the scanners. These squiggly words are then presented as captchas (and very hard for spambots to read). If enough people enter the same word as the answer, that word will be accepted as the correct word for the book. re-captcha can be beaten and this will usually lead to loads of spam getting past. Please learn about any module you choose before you implement it on your website.


Mollom is a freemium (free up to a certain level) anti-spam measure created by Dries, the creator of Drupal. You can configure it to only present the captcha after scanning the user's input and figuring out that it might be spam.


Honeypot is the daddy of anti-spam. It's so good that Drupal doesn't use Mollom, it uses honeypot. Honeypot creates a hidden field with a label that is enticing to a spambot, something like URL or Website. if that field is filled in, then you must be a spambot. You can also configure it to be time-based, defaulting to 5 seconds. If you can fill out this form in under 5 seconds, you must be a spambot.

Simple Anti-spam

Simple Anti-spam is a module that appears to do what Honeypot does and then some more as well, which means it's potentially even better than honeypot.


This isn't an anti-spam module, per se. The rules module lets you set up custom rules to say do certain things upon certain events. We recommend you learn more about any module you choose to apply.

  • 1 Users Found This Useful
Was this answer helpful?

Related Articles

Managing the Mail Function in CPanel

Mail functions allow a user to do many different tasks with email accounts. This includes...

How to Check and Send Emails Using Webmail

To access the Webmail feature on Todhost server, there are two routes that can be taken which...

How to configure Email Client

You can use either the webmail interface or an email client. Check our tutorial on how to use...

Webmail Programs in CPanel

Todhost offers you a choice in webmail programs. You can choose whichever program you are most...

How to enable spam assasin in cPanel

SpamAssassin is an open-source project of the Apache Software Foundation. it runs each email...

Powered by WHMCompleteSolution