Easily's server hacked to send SPAM

  javaBalls 20:20 02 Oct 2005
Locked

I have a website hosted by Easily. My website uses PHP and MYSQL.

Recently my users were complaining that certain features on the website were not working. These features involved automatic emails being sent after a form was submitted.

I searched through my code but I could not find where the error might have been.

Then one day last week I noticed that the server was down. I emailed the helpdesk and asked them what had happened. They replied and confirmed that their sever had been hacked into and was being used to send spam. Until there technicians could fix the problem my website would be unavailable.

Then I put 2 and 2 together. The recent problems with the automatic mails not being sent were due to the hacked server. I contacted Easily again and ask them if this was true. They verify that the hack caused a back log of mails and everything was working again. Eventually I received all the test mails I sent three days earlier!

First of all I am concerned that easily’s server was hacked.

Second of all I am concerned that they never told me. It took me days to conclude that the problem was not with my code but a problem with the server. This caused big problems and went unnoticed for days. Why can’t they post something on their website?

Finally, does anyone know of a method in PHP that will notify me if the mail function is not working?

  Taran 20:50 02 Oct 2005

1. All web servers are potentially vulnerable to compromise.

2. Hosts often don't have an 'own up' policy when things go wrong. This is for anumber of reasons and can include anything from general embarrassment, loss of reputation/face/revenue from irate clients etc

3. You can write a server testing script that will also test the email server and schedule it to fire off at a date/time of your choosing or use a web interface to run the test (a bit like webmail). Alternatively you can use third party server monitoring script - a search will produce tons or click here for one which can be automated to run as a scheduled task from your own PC and will log all findings.

All email servers run by hosts will normally be 'throttled' during difficult times to prevent further load issues compounding the problem at hand and the fix(es) being implemented.

It is perfectly normal, especially where mass emailing is the issue to begin with. Failing to throttle the email servers just makes solving the problem far more difficult and also increases the risk to legitimate email traffic.

What I find worrying here is that Easily had similar issues within the last few months where a major penetration took out most of their resources and many sites were badly affected. Although it can and does happen now and then (even Microsoft have been well and truly hacked into several times) such a serious compromise being repeated in so short a term is hardly inspirational.

I wrote my own server monitoring script some time ago and it fires off from a very, very reliable soucr point to test all sites under my control. It has proven useful in testing for faults over time and has helped me decide who to use for large scale hosting services based on fault-free service delivery over long periods.

Easily have been good to me in the past and it is not my place to either defend them or condemn them The attack could have been direct at the server level or through a user account through a third party script with a nasty security bug in it.

We could speculate on the cause all day.

It's up to you how you want to proceed, but all web servers can fall foul - the safest web server is one that is never connected to the internet...

  phil 20:04 03 Oct 2005

That could explain why I've had dozens of people trying to send me emails but all they were getting was a message something like.

'this message could not be sent because the recipients in box was full'

It could also explain why I had over two hundred emails today!!!

  javaBalls 16:39 17 Oct 2005

thanks Taran for the well written reponse. Sorry I so late in replying.

I understand that all servers are vunverable to attack but I feel that it is Easily's duty to inform me if their server is unable to send mail for days. Eben if there was a messgae within the members area of their website (not too public!)

At the moment the mail server is working fine however I think that I'll try a new hosting company next time.

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

Galaxy Note 8 vs iPhone X

Awful clip art from 1994 is being tweeted every hour by a bot

How to update iOS on iPhone or iPad

Les meilleures applications pour enfants 2017