Yesterday morning I started the day with a check of email —0– 1100 messages… ?? Yes 1100. Most of them were filtered into a folder I set up for delivery failures some time back. (about 950), (about 100 to junk mail and then 50 to the inbox). I started investigating because my usual morning haul is 150 or so with 2/3′s being filtered into a spam folder, the rest being routine messages from scripts on servers I monitor, daily correspondence, mailing list digests/etc….
It appears that most were delivery failures and they apparently had originally been sent from a script in this domain (cgi-bin/cgiemail) I hadn’t remembered installing that script, so I immediately suspected somehow my account had been compromised. I looked into it and found the suspect script. Trying a test run of it through my browser and then about 9-11 AM (Eastern Time) yesterday (May 26th) I disabled it by taking away all read/write/execute privilages. I noticed from my logs that the hits against it stopped several hours later. I’ve still been getting tons of delivery failures (now up to 4000) and now I had a mystery of why the script was there. On investigation I found that all my accounts through my webhost provider had this script. None of the others seemed to be bothered (yet) though. On even further investigation, it appears that my webhost provider installed this script on new scripts at some time in the past. (No longer). I don’t make use of it, and neither do any of my other sites with perhaps 1 exception.
That was certainly annoying, a nuisance and disturbing. So last night I inquired in the forums of my service provider, giving details and asking if anyone else had seen similar behaviour, etc.
Now comes the part that has made me just a bit ill. At 5PM today (May 27th) I receive a rather terse message from my webhost provider. The subject is along the lines of “averyjparker.com TOS warning” (there was a tracking number too). (Terms of service warning.) Basically they say that THEY have disabled a script on my site that has been compromised by spammers and I need to find some other script to use. What irks me is this is a TOS WARNING!! Over a script that my service provider installed apparently by default on all their accounts for a period of time. I’ve suggested that they post an advisory for all account holders to look into replacing the script in question or simply removing it if it’s not used.
It’s also a bit amusing to me that they finally disabled the offending script 36 hours after I discovered and disabled the fool thing MYSELF. I’ve logged in several times since then to doublecheck the permissions/test the script and verify that it was still inactive. AND it was… According to my logs the attempts to use the script stopped around 2-3 hours after it started giving them 403 errors.
To tie this into another point I’ve made in some of the updates I’ve had here on the page. The ip addresses of machines pulling this page are literally ALL over the net. Most seem to be PRIVATE BROADBAND users. Once again we’re seeing more evidence of trojaned/virus infected machines being used as tools in sending junk mail. In fact it wouldn’t surprise me if, in part, the script on this site has been targeted/exploited because I’ve drawn this connection before.
Now, to sum up…. I have received a Terms Of Service Warning, because spammers have used trojaned/viral infected systems that are NOT mine to execute a script on my webserver which I did not install, but which my service provider installed by default probably when I set up my account.
Related PostsRelated Posts
- Vista UAP (User Account Protection) - too much? First let me tell you I have not seen first hand Microsoft's Vista UAP (User Account Protection) I cannot then claim firsthand experience with it, the following is and will be based on what I have read plus how it relates and compares to linux and "run as" functionality. George......
- Google trying to warn about dangerous pages SunbeltBlog is talking about a new sign that Google is stepping up to try to protect users against potentially malicious sites. They have a screenshot, which I was able to verify, that gives a warning before allowing a user to proceed to a page that "Warning - the site you......
- The basics Well to start out, this might should be crosslinked in the computer security section, but I'm putting it in commentary primarily to catch those who might not typically look at computer security. First, why should you care about keeping your computer secure? I've heard people ask something like this. Usually......
- Tips On Affiliate Marketing If you are determined to learn more about marketing of subsidiary company then the most significant method is of one of the sites on line devoted devoted to this type of businesses. However if you intend to be the best, you must strongly find - the information sources considered if......
- Memorial Day 3-Legged Race = FAIL (Comic #14) A Slight Deviation from the Norm I normally post a comic and relate it back to some education, career, or finance issue. The posts are never very substantive, but they do have some substance and I think they are a great light-hearted way to go into the weekend. As we......
- Make Money Online: Quality of Service In addition to the size of your market and existing competition, the quality of service you provide is a very important factor in making money online. High quality will provide credibility for your content or service, and result in repeat visits and referrals. If your site is low quality,......
- Web Hosting
- Share This Plugin not Working in Some Themes
- Google Analytics Feature Tease
- Sorry for the vanishing act