Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Account holders received spoofed spam


katonboard

Recommended Posts

My site hasn't gone live yet... I have a couple of test user accounts in my database.

Today my test accounts received the following email..

 

Has anyone had anything similar happen?

Does anyone know what needs doing or what I can do to "batten the hatches"?

I am on a hosted system so without access to the httpd.conf file.

Thank you,

Kat

*****************

Dear Valued Member,

 

According to our site policy you will have to confirm your account by the following link or else your account will be suspended within 24 hours for security reasons.

 

http://www.youngminds.com.au/confirm.php?e...ungminds.com.au

(this linked to http://205.138.199.146/confirm.php?email=k...ngminds.com.au)

 

Thank you for your attention to this question. We apologize for any inconvenience.

 

Sincerely, Youngminds Security Department Assistant.

Link to comment
Share on other sites

If your web area has been compromised, the only totally safe thing to do is delete abolutely everything, including the database, and start from a known uncompromised backup.

If you don't have a good backup you will need to manually look for any suspicious files in your web area by comparing the files to those in a stock install. Delete any you know shouldn't be there.

 

 

Also, do the following:

 

Change your password to your hosts account

Rename the admin folder and then password protect it.

Recreate the database and choose a different password.

Only ever access the Admin side through HTTPS

Make sure you login to your HOST through HTTPS, too.

Link to comment
Share on other sites

If your web area has been compromised, the only totally safe thing to do is delete abolutely everything, including the database, and start from a known uncompromised backup.

If you don't have a good backup you will need to manually look for any suspicious files in your web area by comparing the files to those in a stock install. Delete any you know shouldn't be there.

Also, do the following:

 

Change your password to your hosts account

Rename the admin folder and then password protect it.

Recreate the database and choose a different password.

Only ever access the Admin side through HTTPS

Make sure you login to your HOST through HTTPS, too.

 

Thank you - that is exactly what I have started doing.

though I am still wondering if anyone else had seen this or had this happen.

Link to comment
Share on other sites

It really depends upon what e-mail accounts you set up on your site. All domains get picked up by spam bots and if you have generally used email addresses like [email protected] and [email protected] then spammers will take a punt at sending spoof mail out in the name of those accounts - without knowing if they actually exist or not. They will also send out mail spoofed to e-mail accounts that don't exist on your domain at all.

 

I often get spoof mail at my domains, supposedly coming from my own domains - except that the e-mail accounts don't exist. I have my spam settings set to delete all incoming mail sent to [email protected] - 'yourname' is a favourite spammers e-mail trick.

 

Vger

Link to comment
Share on other sites

I would also try and protect your email addresses. Right now you have one on your main page. They should all be protected in your contact us page and not written anywhere on the site.

Link to comment
Share on other sites

I would also try and protect your email addresses.  Right now you have one on your main page.  They should all be protected in your contact us page and not written anywhere on the site.

 

Thank you I take both your and Vger's points on board. Will remove the address.

I just didn't think I had (until I gave it away above) given katrina@

or for that matter placed my name anywhere so I thought it wasn't merely a guess of luck. Hopefully, I am wrong.

Link to comment
Share on other sites

I would also try and protect your email addresses.  Right now you have one on your main page.  They should all be protected in your contact us page and not written anywhere on the site.

 

"protected" on my contacts page? Can you explain this more???

 

Thanks

Thanks

 

Mike

Link to comment
Share on other sites

Protected was the wrong word. "Displayed" might have been better.

There is no foolproof way to protect your E-mail addresses. You can try using robots.txt to keep them out of contact page, but the "nasty" bots ignore that anyway.

You can use .htaccess to deny access based on referrer, but it'll be a never-ending battle of log-checking and updating.

 

I'm already getting spam on sites that haven't even been made available to the public yet. As soon as you register a domain you are likely to start getting spam - they just add "webmaster", "sales", "returns" to the domain etc.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...