I’m just a bit ill at the moment…..



Yesterday morning I started the day with a check of email —0– 1100 messages… ?? Yes 1100. Most of them were filtered into a folder I set up for delivery failures some time back. (about 950), (about 100 to junk mail and then 50 to the inbox). I started investigating because my usual morning haul is 150 or so with 2/3′s being filtered into a spam folder, the rest being routine messages from scripts on servers I monitor, daily correspondence, mailing list digests/etc….

It appears that most were delivery failures and they apparently had originally been sent from a script in this domain (cgi-bin/cgiemail) I hadn’t remembered installing that script, so I immediately suspected somehow my account had been compromised. I looked into it and found the suspect script. Trying a test run of it through my browser and then about 9-11 AM (Eastern Time) yesterday (May 26th) I disabled it by taking away all read/write/execute privilages. I noticed from my logs that the hits against it stopped several hours later. I’ve still been getting tons of delivery failures (now up to 4000) and now I had a mystery of why the script was there. On investigation I found that all my accounts through my webhost provider had this script. None of the others seemed to be bothered (yet) though. On even further investigation, it appears that my webhost provider installed this script on new scripts at some time in the past. (No longer). I don’t make use of it, and neither do any of my other sites with perhaps 1 exception.

That was certainly annoying, a nuisance and disturbing. So last night I inquired in the forums of my service provider, giving details and asking if anyone else had seen similar behaviour, etc.

Now comes the part that has made me just a bit ill. At 5PM today (May 27th) I receive a rather terse message from my webhost provider. The subject is along the lines of “averyjparker.com TOS warning” (there was a tracking number too). (Terms of service warning.) Basically they say that THEY have disabled a script on my site that has been compromised by spammers and I need to find some other script to use. What irks me is this is a TOS WARNING!! Over a script that my service provider installed apparently by default on all their accounts for a period of time. I’ve suggested that they post an advisory for all account holders to look into replacing the script in question or simply removing it if it’s not used.

It’s also a bit amusing to me that they finally disabled the offending script 36 hours after I discovered and disabled the fool thing MYSELF. I’ve logged in several times since then to doublecheck the permissions/test the script and verify that it was still inactive. AND it was… According to my logs the attempts to use the script stopped around 2-3 hours after it started giving them 403 errors.

To tie this into another point I’ve made in some of the updates I’ve had here on the page. The ip addresses of machines pulling this page are literally ALL over the net. Most seem to be PRIVATE BROADBAND users. Once again we’re seeing more evidence of trojaned/virus infected machines being used as tools in sending junk mail. In fact it wouldn’t surprise me if, in part, the script on this site has been targeted/exploited because I’ve drawn this connection before.

Now, to sum up…. I have received a Terms Of Service Warning, because spammers have used trojaned/viral infected systems that are NOT mine to execute a script on my webserver which I did not install, but which my service provider installed by default probably when I set up my account.

Related Posts

Blog Traffic Exchange Related Posts
  • Vista UAP (User Account Protection) - too much? First let me tell you I have not seen first hand Microsoft's Vista UAP (User Account Protection) I cannot then claim firsthand experience with it, the following is and will be based on what I have read plus how it relates and compares to linux and "run as" functionality. George......
  • More on the virus/trojan front I have a couple new things to post. One, in my futher investigation of the server logs, from the last big topic.... (read the entries below.) I've discovered at least one MAC, so this should be a warning that no one should take system security for granted. Likely someone has......
  • Qemu 0.8.1 (with kqemu 1.3.0pre7) While I was testing out the "single cut and paste" linux vnc remote desktop sharing script and x11vnc binary.... I spent a fair amount of time booting up livecd's n qemu to test various distributions/ages of linux setups to see how compatible things were. I had not checked in at......
Blog Traffic Exchange Related Websites
  • Tips On Affiliate Marketing If you are determined to learn more about marketing of subsidiary company then the most significant method is of one of the sites on line devoted devoted to this type of businesses. However if you intend to be the best, you must strongly find - the information sources considered if......
  • Expedia About Expedia.com Expedia delivers consumers everything they need for researching, planning, and purchasing a whole trip. The company provides direct access to one of the broadest selections of travel products and services through its North American Web site, localized versions throughout Europe, and extensive partnerships in Asia. Serving many......
  • Credit Sesame: Free Credit Scores & Debt Management Being a personal finance blogger in Silicon Valley is a little bit of a unique experience. For one, the average home in my city goes for over a million dollars. That's one of the major downsides, but today I wanted to write about one of the upsides. There are a......
www.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site