Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Account holders received spoofed spam


katonboard

Recommended Posts

Posted

My site hasn't gone live yet... I have a couple of test user accounts in my database.

Today my test accounts received the following email..

 

Has anyone had anything similar happen?

Does anyone know what needs doing or what I can do to "batten the hatches"?

I am on a hosted system so without access to the httpd.conf file.

Thank you,

Kat

*****************

Dear Valued Member,

 

According to our site policy you will have to confirm your account by the following link or else your account will be suspended within 24 hours for security reasons.

 

http://www.youngminds.com.au/confirm.php?e...ungminds.com.au

(this linked to http://205.138.199.146/confirm.php?email=k...ngminds.com.au)

 

Thank you for your attention to this question. We apologize for any inconvenience.

 

Sincerely, Youngminds Security Department Assistant.

Posted

If your web area has been compromised, the only totally safe thing to do is delete abolutely everything, including the database, and start from a known uncompromised backup.

If you don't have a good backup you will need to manually look for any suspicious files in your web area by comparing the files to those in a stock install. Delete any you know shouldn't be there.

 

 

Also, do the following:

 

Change your password to your hosts account

Rename the admin folder and then password protect it.

Recreate the database and choose a different password.

Only ever access the Admin side through HTTPS

Make sure you login to your HOST through HTTPS, too.

Posted
If your web area has been compromised, the only totally safe thing to do is delete abolutely everything, including the database, and start from a known uncompromised backup.

If you don't have a good backup you will need to manually look for any suspicious files in your web area by comparing the files to those in a stock install. Delete any you know shouldn't be there.

Also, do the following:

 

Change your password to your hosts account

Rename the admin folder and then password protect it.

Recreate the database and choose a different password.

Only ever access the Admin side through HTTPS

Make sure you login to your HOST through HTTPS, too.

 

Thank you - that is exactly what I have started doing.

though I am still wondering if anyone else had seen this or had this happen.

Posted

It really depends upon what e-mail accounts you set up on your site. All domains get picked up by spam bots and if you have generally used email addresses like [email protected] and [email protected] then spammers will take a punt at sending spoof mail out in the name of those accounts - without knowing if they actually exist or not. They will also send out mail spoofed to e-mail accounts that don't exist on your domain at all.

 

I often get spoof mail at my domains, supposedly coming from my own domains - except that the e-mail accounts don't exist. I have my spam settings set to delete all incoming mail sent to [email protected] - 'yourname' is a favourite spammers e-mail trick.

 

Vger

Posted

I would also try and protect your email addresses. Right now you have one on your main page. They should all be protected in your contact us page and not written anywhere on the site.

Posted
I would also try and protect your email addresses.  Right now you have one on your main page.  They should all be protected in your contact us page and not written anywhere on the site.

 

Thank you I take both your and Vger's points on board. Will remove the address.

I just didn't think I had (until I gave it away above) given katrina@

or for that matter placed my name anywhere so I thought it wasn't merely a guess of luck. Hopefully, I am wrong.

Posted

You might want to look at Emailencoder and change the stores email addresses at the same time. Since you are not live yet this is easy to do.

Posted
Excellent thank you. I appreciate the help.

Kat

 

I thank you everyone for there help and I know have a more secure site...

this came to me today explaining the email.

 

"Account alert" fraudulent email related to Mytob virus variant

Posted
I would also try and protect your email addresses.  Right now you have one on your main page.  They should all be protected in your contact us page and not written anywhere on the site.

 

"protected" on my contacts page? Can you explain this more???

 

Thanks

Thanks

 

Mike

Posted

Protected was the wrong word. "Displayed" might have been better.

There is no foolproof way to protect your E-mail addresses. You can try using robots.txt to keep them out of contact page, but the "nasty" bots ignore that anyway.

You can use .htaccess to deny access based on referrer, but it'll be a never-ending battle of log-checking and updating.

 

I'm already getting spam on sites that haven't even been made available to the public yet. As soon as you register a domain you are likely to start getting spam - they just add "webmaster", "sales", "returns" to the domain etc.

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...