katonboard Posted June 7, 2005 Posted June 7, 2005 My site hasn't gone live yet... I have a couple of test user accounts in my database. Today my test accounts received the following email.. Has anyone had anything similar happen? Does anyone know what needs doing or what I can do to "batten the hatches"? I am on a hosted system so without access to the httpd.conf file. Thank you, Kat ***************** Dear Valued Member, According to our site policy you will have to confirm your account by the following link or else your account will be suspended within 24 hours for security reasons. http://www.youngminds.com.au/confirm.php?e...ungminds.com.au (this linked to http://205.138.199.146/confirm.php?email=k...ngminds.com.au) Thank you for your attention to this question. We apologize for any inconvenience. Sincerely, Youngminds Security Department Assistant.
FalseDawn Posted June 7, 2005 Posted June 7, 2005 If your web area has been compromised, the only totally safe thing to do is delete abolutely everything, including the database, and start from a known uncompromised backup. If you don't have a good backup you will need to manually look for any suspicious files in your web area by comparing the files to those in a stock install. Delete any you know shouldn't be there. Also, do the following: Change your password to your hosts account Rename the admin folder and then password protect it. Recreate the database and choose a different password. Only ever access the Admin side through HTTPS Make sure you login to your HOST through HTTPS, too.
katonboard Posted June 7, 2005 Author Posted June 7, 2005 If your web area has been compromised, the only totally safe thing to do is delete abolutely everything, including the database, and start from a known uncompromised backup.If you don't have a good backup you will need to manually look for any suspicious files in your web area by comparing the files to those in a stock install. Delete any you know shouldn't be there. Also, do the following: Change your password to your hosts account Rename the admin folder and then password protect it. Recreate the database and choose a different password. Only ever access the Admin side through HTTPS Make sure you login to your HOST through HTTPS, too. <{POST_SNAPBACK}> Thank you - that is exactly what I have started doing. though I am still wondering if anyone else had seen this or had this happen.
♥Vger Posted June 7, 2005 Posted June 7, 2005 It really depends upon what e-mail accounts you set up on your site. All domains get picked up by spam bots and if you have generally used email addresses like [email protected] and [email protected] then spammers will take a punt at sending spoof mail out in the name of those accounts - without knowing if they actually exist or not. They will also send out mail spoofed to e-mail accounts that don't exist on your domain at all. I often get spoof mail at my domains, supposedly coming from my own domains - except that the e-mail accounts don't exist. I have my spam settings set to delete all incoming mail sent to [email protected] - 'yourname' is a favourite spammers e-mail trick. Vger
Guest Posted June 7, 2005 Posted June 7, 2005 I would also try and protect your email addresses. Right now you have one on your main page. They should all be protected in your contact us page and not written anywhere on the site.
katonboard Posted June 8, 2005 Author Posted June 8, 2005 I would also try and protect your email addresses. Right now you have one on your main page. They should all be protected in your contact us page and not written anywhere on the site. <{POST_SNAPBACK}> Thank you I take both your and Vger's points on board. Will remove the address. I just didn't think I had (until I gave it away above) given katrina@ or for that matter placed my name anywhere so I thought it wasn't merely a guess of luck. Hopefully, I am wrong.
Guest Posted June 8, 2005 Posted June 8, 2005 You might want to look at Emailencoder and change the stores email addresses at the same time. Since you are not live yet this is easy to do.
katonboard Posted June 8, 2005 Author Posted June 8, 2005 You might want to look at Emailencoder and change the stores email addresses at the same time. Since you are not live yet this is easy to do. <{POST_SNAPBACK}> Excellent thank you. I appreciate the help. Kat
katonboard Posted June 8, 2005 Author Posted June 8, 2005 Excellent thank you. I appreciate the help.Kat <{POST_SNAPBACK}> I thank you everyone for there help and I know have a more secure site... this came to me today explaining the email. "Account alert" fraudulent email related to Mytob virus variant
MnMeBiz Posted June 8, 2005 Posted June 8, 2005 I would also try and protect your email addresses. Right now you have one on your main page. They should all be protected in your contact us page and not written anywhere on the site. <{POST_SNAPBACK}> "protected" on my contacts page? Can you explain this more??? Thanks Thanks Mike
FalseDawn Posted June 8, 2005 Posted June 8, 2005 Protected was the wrong word. "Displayed" might have been better. There is no foolproof way to protect your E-mail addresses. You can try using robots.txt to keep them out of contact page, but the "nasty" bots ignore that anyway. You can use .htaccess to deny access based on referrer, but it'll be a never-ending battle of log-checking and updating. I'm already getting spam on sites that haven't even been made available to the public yet. As soon as you register a domain you are likely to start getting spam - they just add "webmaster", "sales", "returns" to the domain etc.
Recommended Posts
Archived
This topic is now archived and is closed to further replies.