Mike
06-24-2009, 01:36
Two of our servers got blacklisted in the past 30 days. One of them blacklisted for the second time due to constant abuse. Most spammers use already compromised accounts. How do they do this?!
1. Customer left old php or cgi scripts (Joomla, wordpress, nuke, phpbb etc).
2. Customer installed addons (hacks) or modules (for Joomla, wordpress etc) and forgot to update it.
3. Password was easy to guess.
4. Username was easy. We noticed that most compromised accounts were created under very easy usernames - for example: "info", "test123", "shop", "school", "website" etc. If we add easy password, we get compromised account. We're going to change all easy usernames and also check password length. If password is less than 10 chars, it will be reset with complicated one.
5. Microsoft Frontpage is insecure. In fact, this project was abandoned few years ago (no releases for Linux) so we're going to remove it completely on all old servers (new servers already built without FP).
6. Username and password being sent via insecure FTP protocols. Please install FTP program with SFTP compatibility then contact us (https://support.westnic.net) for SFTP server name, ports.
7. Customer was using insecure mail servers (like mail.domain.com) and protocols (25 and 110). Please contact us about secure mail protocols.
What will change:
1. Users will be forced to use SSL channels (for cPanel, webmail logins etc). We had never used self issued SSLs. We use Geotrust SSLs on all servers so it won't cause any issues.
2. Easy usernames will change. We will contact each customer individually via email prior changes.
3. Insecure ports will be dropped (for example 25). It won't interfer with mail communications.
4. Current server firewalls will be replaced, in addition to that, all shared, reseller and semi-dedicated servers will be protected by double firewall - hardware and software.
5. PHP and Apache will be reconfigured. Some functions (not being normally in use) will be dropped.
6. All servers will be audited nightly.
7. Autoresponder will be disabled completely (spam relay).
8. All mail sent to "full mailbox" will be silently discarded (no bounce back error and no mail queue storage). PLEASE check mail usage via cPanel > Mail to avoid mail data loss!
Security updates should be completed by the end of July. If you started to experience any issues (broken script, cannot send/receive etc), please submit support ticket: https://support.westnic.net/index.php?_m=tickets&_a=submit
1. Customer left old php or cgi scripts (Joomla, wordpress, nuke, phpbb etc).
2. Customer installed addons (hacks) or modules (for Joomla, wordpress etc) and forgot to update it.
3. Password was easy to guess.
4. Username was easy. We noticed that most compromised accounts were created under very easy usernames - for example: "info", "test123", "shop", "school", "website" etc. If we add easy password, we get compromised account. We're going to change all easy usernames and also check password length. If password is less than 10 chars, it will be reset with complicated one.
5. Microsoft Frontpage is insecure. In fact, this project was abandoned few years ago (no releases for Linux) so we're going to remove it completely on all old servers (new servers already built without FP).
6. Username and password being sent via insecure FTP protocols. Please install FTP program with SFTP compatibility then contact us (https://support.westnic.net) for SFTP server name, ports.
7. Customer was using insecure mail servers (like mail.domain.com) and protocols (25 and 110). Please contact us about secure mail protocols.
What will change:
1. Users will be forced to use SSL channels (for cPanel, webmail logins etc). We had never used self issued SSLs. We use Geotrust SSLs on all servers so it won't cause any issues.
2. Easy usernames will change. We will contact each customer individually via email prior changes.
3. Insecure ports will be dropped (for example 25). It won't interfer with mail communications.
4. Current server firewalls will be replaced, in addition to that, all shared, reseller and semi-dedicated servers will be protected by double firewall - hardware and software.
5. PHP and Apache will be reconfigured. Some functions (not being normally in use) will be dropped.
6. All servers will be audited nightly.
7. Autoresponder will be disabled completely (spam relay).
8. All mail sent to "full mailbox" will be silently discarded (no bounce back error and no mail queue storage). PLEASE check mail usage via cPanel > Mail to avoid mail data loss!
Security updates should be completed by the end of July. If you started to experience any issues (broken script, cannot send/receive etc), please submit support ticket: https://support.westnic.net/index.php?_m=tickets&_a=submit