I already have a service ticket open so this is a question for readers of the forum - the admin has responded to trouble ticket and situation is under advisement.
My account has been suspended for spam activity - they send me a long list of spam sent by bighost... using my domain - BUT - I did not send the spam.
Actually, I don't send mail from the account in question...I use my msn mail account as in and out default.
So - My question is - for anybody who can answer it - HOW are hackers using my domain and how can I stop them? Can the outbox on the mail account be disabled?
I'm running XP with MC Afee firewall and virus protection, spyware guard, xsoft spy, and daily virus checks, and use msn mail exclusively.
Can anybody out there help me?
Thanks
cf
Full Version: Hacker Attack
Some of the php nuke software has a security issue that lets people send mail from it posing as a user on the server.... Do any of your subdomains use a content mananger? Or any other PHP scripting?
the admin was kind enough to reinstate my service. I subsequently removed every script/script containing component.
I'd installed the php that came with the hosting a long time ago to see what I could use it for (clients wanting bb's, etc).
The only other scripts on the account were Matt's random mail scripts - the admin said that was the probable culprit. No biggie.
However, while I was waiting for the decision about reinstatement, I shopped for other hosting services - many told me that they had protection installed on their servers to avoid the issue.
I guess, in retrospect, I wish I'd been informed of and given a chance to remedy the problem rather than being dropped like a lead balloon - I do have clients who are not happy... I also wish that there was some way that known bad (hacker accessible) scripts could be blocked from upload.
I do very basic web design - no database stuff, no asp, etc. So - this is all new to me (after 10 years). In the meantime, while attempting to find out what was causing the issue, I upped my firewall, bought a new spyware program, and learned some - but not as much as I'd wished to, about how people hijack web servers outgoing mail.
Any direction would be appreciated.
C. Fleishman
I'd installed the php that came with the hosting a long time ago to see what I could use it for (clients wanting bb's, etc).
The only other scripts on the account were Matt's random mail scripts - the admin said that was the probable culprit. No biggie.
However, while I was waiting for the decision about reinstatement, I shopped for other hosting services - many told me that they had protection installed on their servers to avoid the issue.
I guess, in retrospect, I wish I'd been informed of and given a chance to remedy the problem rather than being dropped like a lead balloon - I do have clients who are not happy... I also wish that there was some way that known bad (hacker accessible) scripts could be blocked from upload.
I do very basic web design - no database stuff, no asp, etc. So - this is all new to me (after 10 years). In the meantime, while attempting to find out what was causing the issue, I upped my firewall, bought a new spyware program, and learned some - but not as much as I'd wished to, about how people hijack web servers outgoing mail.
Any direction would be appreciated.
C. Fleishman
QUOTE
However, while I was waiting for the decision about reinstatement, I shopped for other hosting services - many told me that they had protection installed on their servers to avoid the issue.
yes...everybody will tell you that, but just give a look to every email account on the world and tell me what you think about the existence of a 100% effective spam protection? 
QUOTE
I guess, in retrospect, I wish I'd been informed of and given a chance to remedy the problem rather than being dropped like a lead balloon
yes, i wish the same if i make an error with my scripts or i install some bogus program.... but if you sit in the other corner... You'll be happy if hostony suspend inmediately an account if it's overloading the server and affecting all users performance
Here's a question though from someone who really doesn't have a clue.... Is there a service where you can type in your domain say, and it would check your site for potential problem code? I have a terrible fear of this sort of thing happening and only in the last six months did I start using php and so forth and I really didn't know this sort of hacker thing was even possible. I know there used to be a place that you could type in your domain and it would check every link to make sure it worked. I'm hoping for something simple folks like me could use that's as easy to use as that. Any suggestions?
Thanks!
-Bonnie
Thanks!
-Bonnie
Not really Bonnie. That is what White Hats get paid to do.. Server security, penetration testing etc...
Some suggestions if I may....
Never install code/scripts etc that you do not understand. If you are like most, that is a hard pill to swallow, so there is a compromise. Only run Trusted Scripts. These would fall in the category of popular programs that have thousands of users testing/probing/checking the scripts daily. Only use Open Source scripts, this lets ANYONE examile the source code and most all Obvious security issues will be worked out before its even released to the public. Keep up with the updates on your software programs. I don't think on any major open source project that a major security flaw was found that a patch/fix/workaround didnt come about within 24hours. Keep things updated. Some argue that Open Source gives the Black Hats a chance to develop exploits on software easier as they can find the holes and capitalize on them. This is true, but like I said, major issues are found and fixed promptly, keep things updated (did I mention that already?)
If the SPAM was coming from a nuke/content managed site it was an old version. This bug was fixed a LONG time ago with phpnuke. The versions of scripts installed with Fantastico and Cpanel are mostly all old versions, always install the latest stable from the developer.
Jason
Some suggestions if I may....
Never install code/scripts etc that you do not understand. If you are like most, that is a hard pill to swallow, so there is a compromise. Only run Trusted Scripts. These would fall in the category of popular programs that have thousands of users testing/probing/checking the scripts daily. Only use Open Source scripts, this lets ANYONE examile the source code and most all Obvious security issues will be worked out before its even released to the public. Keep up with the updates on your software programs. I don't think on any major open source project that a major security flaw was found that a patch/fix/workaround didnt come about within 24hours. Keep things updated. Some argue that Open Source gives the Black Hats a chance to develop exploits on software easier as they can find the holes and capitalize on them. This is true, but like I said, major issues are found and fixed promptly, keep things updated (did I mention that already?)
If the SPAM was coming from a nuke/content managed site it was an old version. This bug was fixed a LONG time ago with phpnuke. The versions of scripts installed with Fantastico and Cpanel are mostly all old versions, always install the latest stable from the developer.
Jason
Thanks for replying Jason!
I'm trying to eliminate my own dependence on MySQL for three of my own blogs, and in a way that's easy, but I also have four others running (all Nucleus CMS) that I just host for family and friends. I have fixed these so that only jpgs and gifs are allowed to be uploaded, but I recently noticed one of the Nucleus plugins I installed in three of them was being accessed repeatedly so I removed the plugin from all the blogs. (It was a "mail this to a friend" plugin and it wasn't making sense that ALL the entries on the blog were getting hits from this thing daily.) I do have a small bit of php code I got that I use in two places on my site. (On two splash pages.) But they are from a trusted source and I haven't had any trouble with them. I did install the latest version of Nucleus a while ago on the oldest one, but the others were already the latest versions. Not that I don't have to check that again... As you say, Open Source stuff changes fast! (I am an open source fan! I use open source software for everything I can. From site maintenance to music creation to word processing to whatever.... )
Anyway, sorry to interrupt this thread.... I just figured this is the place to ask.
-Bonnie
I'm trying to eliminate my own dependence on MySQL for three of my own blogs, and in a way that's easy, but I also have four others running (all Nucleus CMS) that I just host for family and friends. I have fixed these so that only jpgs and gifs are allowed to be uploaded, but I recently noticed one of the Nucleus plugins I installed in three of them was being accessed repeatedly so I removed the plugin from all the blogs. (It was a "mail this to a friend" plugin and it wasn't making sense that ALL the entries on the blog were getting hits from this thing daily.) I do have a small bit of php code I got that I use in two places on my site. (On two splash pages.) But they are from a trusted source and I haven't had any trouble with them. I did install the latest version of Nucleus a while ago on the oldest one, but the others were already the latest versions. Not that I don't have to check that again... As you say, Open Source stuff changes fast! (I am an open source fan! I use open source software for everything I can. From site maintenance to music creation to word processing to whatever....
)Anyway, sorry to interrupt this thread.... I just figured this is the place to ask.
-Bonnie
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.