I’m just a bit ill at the moment…..



Yesterday morning I started the day with a check of email —0– 1100 messages… ?? Yes 1100. Most of them were filtered into a folder I set up for delivery failures some time back. (about 950), (about 100 to junk mail and then 50 to the inbox). I started investigating because my usual morning haul is 150 or so with 2/3′s being filtered into a spam folder, the rest being routine messages from scripts on servers I monitor, daily correspondence, mailing list digests/etc….

It appears that most were delivery failures and they apparently had originally been sent from a script in this domain (cgi-bin/cgiemail) I hadn’t remembered installing that script, so I immediately suspected somehow my account had been compromised. I looked into it and found the suspect script. Trying a test run of it through my browser and then about 9-11 AM (Eastern Time) yesterday (May 26th) I disabled it by taking away all read/write/execute privilages. I noticed from my logs that the hits against it stopped several hours later. I’ve still been getting tons of delivery failures (now up to 4000) and now I had a mystery of why the script was there. On investigation I found that all my accounts through my webhost provider had this script. None of the others seemed to be bothered (yet) though. On even further investigation, it appears that my webhost provider installed this script on new scripts at some time in the past. (No longer). I don’t make use of it, and neither do any of my other sites with perhaps 1 exception.

That was certainly annoying, a nuisance and disturbing. So last night I inquired in the forums of my service provider, giving details and asking if anyone else had seen similar behaviour, etc.

Now comes the part that has made me just a bit ill. At 5PM today (May 27th) I receive a rather terse message from my webhost provider. The subject is along the lines of “averyjparker.com TOS warning” (there was a tracking number too). (Terms of service warning.) Basically they say that THEY have disabled a script on my site that has been compromised by spammers and I need to find some other script to use. What irks me is this is a TOS WARNING!! Over a script that my service provider installed apparently by default on all their accounts for a period of time. I’ve suggested that they post an advisory for all account holders to look into replacing the script in question or simply removing it if it’s not used.

It’s also a bit amusing to me that they finally disabled the offending script 36 hours after I discovered and disabled the fool thing MYSELF. I’ve logged in several times since then to doublecheck the permissions/test the script and verify that it was still inactive. AND it was… According to my logs the attempts to use the script stopped around 2-3 hours after it started giving them 403 errors.

To tie this into another point I’ve made in some of the updates I’ve had here on the page. The ip addresses of machines pulling this page are literally ALL over the net. Most seem to be PRIVATE BROADBAND users. Once again we’re seeing more evidence of trojaned/virus infected machines being used as tools in sending junk mail. In fact it wouldn’t surprise me if, in part, the script on this site has been targeted/exploited because I’ve drawn this connection before.

Now, to sum up…. I have received a Terms Of Service Warning, because spammers have used trojaned/viral infected systems that are NOT mine to execute a script on my webserver which I did not install, but which my service provider installed by default probably when I set up my account.

Related Posts

Blog Traffic Exchange Related Posts
  • More on the virus/trojan front I have a couple new things to post. One, in my futher investigation of the server logs, from the last big topic.... (read the entries below.) I've discovered at least one MAC, so this should be a warning that no one should take system security for granted. Likely someone has......
  • How to Remove Win Security 360 | Win Security 360 Removal Guide Win Security 360 is a rogue antivirus application that is promoted through the use of trojans and other malware as well as sites that claim to do malware scans of your computer. Among the things that it will do is schedule itself to run when the system boots and it......
  • Google trying to warn about dangerous pages SunbeltBlog is talking about a new sign that Google is stepping up to try to protect users against potentially malicious sites. They have a screenshot, which I was able to verify, that gives a warning before allowing a user to proceed to a page that "Warning - the site you......
Blog Traffic Exchange Related Websites
  • When Money is Tight, the Government Keeps Hiring I just had to share an article summarizing the collective hiring and firing practices of our state and local governments during this Great Recession. They are willing to raise taxes and fees and accept federal (our) dollars in a futile attempt to close their budget gaps. They are not so......
  • Digital TV Aerial Installers - Get Your Aerial Installed Are you like the many other people who are looking for digital TV aerial installers who can deliver quick high quality service? If you need an aerial installed in either your home or business it's important that the company you choose not only provide a competitive price but also......
  • Expedia About Expedia.com Expedia delivers consumers everything they need for researching, planning, and purchasing a whole trip. The company provides direct access to one of the broadest selections of travel products and services through its North American Web site, localized versions throughout Europe, and extensive partnerships in Asia. Serving many......
www.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site