I’m just a bit ill at the moment…..
Yesterday morning I started the day with a check of email —0– 1100 messages… ?? Yes 1100. Most of them were filtered into a folder I set up for delivery failures some time back. (about 950), (about 100 to junk mail and then 50 to the inbox). I started investigating because my usual morning haul is 150 or so with 2/3′s being filtered into a spam folder, the rest being routine messages from scripts on servers I monitor, daily correspondence, mailing list digests/etc….
It appears that most were delivery failures and they apparently had originally been sent from a script in this domain (cgi-bin/cgiemail) I hadn’t remembered installing that script, so I immediately suspected somehow my account had been compromised. I looked into it and found the suspect script. Trying a test run of it through my browser and then about 9-11 AM (Eastern Time) yesterday (May 26th) I disabled it by taking away all read/write/execute privilages. I noticed from my logs that the hits against it stopped several hours later. I’ve still been getting tons of delivery failures (now up to 4000) and now I had a mystery of why the script was there. On investigation I found that all my accounts through my webhost provider had this script. None of the others seemed to be bothered (yet) though. On even further investigation, it appears that my webhost provider installed this script on new scripts at some time in the past. (No longer). I don’t make use of it, and neither do any of my other sites with perhaps 1 exception.
That was certainly annoying, a nuisance and disturbing. So last night I inquired in the forums of my service provider, giving details and asking if anyone else had seen similar behaviour, etc.
Now comes the part that has made me just a bit ill. At 5PM today (May 27th) I receive a rather terse message from my webhost provider. The subject is along the lines of “averyjparker.com TOS warning” (there was a tracking number too). (Terms of service warning.) Basically they say that THEY have disabled a script on my site that has been compromised by spammers and I need to find some other script to use. What irks me is this is a TOS WARNING!! Over a script that my service provider installed apparently by default on all their accounts for a period of time. I’ve suggested that they post an advisory for all account holders to look into replacing the script in question or simply removing it if it’s not used.
It’s also a bit amusing to me that they finally disabled the offending script 36 hours after I discovered and disabled the fool thing MYSELF. I’ve logged in several times since then to doublecheck the permissions/test the script and verify that it was still inactive. AND it was… According to my logs the attempts to use the script stopped around 2-3 hours after it started giving them 403 errors.
To tie this into another point I’ve made in some of the updates I’ve had here on the page. The ip addresses of machines pulling this page are literally ALL over the net. Most seem to be PRIVATE BROADBAND users. Once again we’re seeing more evidence of trojaned/virus infected machines being used as tools in sending junk mail. In fact it wouldn’t surprise me if, in part, the script on this site has been targeted/exploited because I’ve drawn this connection before.
Now, to sum up…. I have received a Terms Of Service Warning, because spammers have used trojaned/viral infected systems that are NOT mine to execute a script on my webserver which I did not install, but which my service provider installed by default probably when I set up my account.
Popularity: 1% [?]
Related Posts - More on the virus/trojan front I have a couple new things to post. One, in my futher investigation of the server logs, from the last big topic.... (read the entries below.) I've discovered at least one MAC, so this should be a warning that no one should take system security for granted. Likely someone has......
- How to Remove ProtectPCs | ProtectPCs Removal Guide ProtectPCs is a rogue antivirus application from the Wini family of rogues. It will push itself through claims of it being a video codec update or flash player update. Usually these appear on a site that shows up in the search results for whatever latest greatest sought after video clip......
- Get paid for the mistakes you make.... It seems that some companies are fortunate enough to be able to make money even from their faults. The Monterey Herald details an account of a woman who was informed by Choicepoint that crooks had accessed some of her personal information. This was apparently due to a lapse in security......
Related Websites - Stairlifts - a Better Help for the Disabled Stairlifts are a supportive innovation of the modern era as they are a better help for the disabled. Stair lifts are therefore more than mere symbols of luxury. They have a wider application in the lives of many individuals. A stairlift is usually a mobility device with a chair safely......
- Credit Sesame: Free Credit Scores & Debt Management Being a personal finance blogger in Silicon Valley is a little bit of a unique experience. For one, the average home in my city goes for over a million dollars. That's one of the major downsides, but today I wanted to write about one of the upsides. There are a......
- Atlanta Tennis Championship Ends with Mardy Fish on Top Many of the best tennis players in the nation descended on Atlanta like they do every year. They come to play in the Atlanta Tennis Championship. This tournament was able to provide a great show of some great tennis skills by some of the most known names in tennis today.......
Similar Posts
- Web Hosting
- Share This Plugin not Working in Some Themes
- Google Analytics Feature Tease
- Sorry for the vanishing act
- Serving up web ads to users with javascript disabled