Knowledgebase
How to identify security loopholes so that domain name not used to send spam emails?
| Posted by Azam_net, 01-10-2013, 07:26 PM | | I've been informed by our webhost that one of our sites has been hacked. By gaining unauthorised access to the site, hackers have been able to send out spam using our domain name (using from:xyz@ourdomainname.com in the spam).
We've been asked to remove these violated files and close any security vulnerabilities before the webhost can restore the site. We've been able to identify the files and removed them.
However, how can we specifically pinpoint and close any security loopholes so that it doesn't happen again? The site is using lots of scripts etc. so we don't know where the vulnerability could lie.
We've ran lots of sites since the 1990s and never had a single security violation, so this situation is a new one to us.
Thanks a million for any advice.
|
| Posted by mike86, 01-10-2013, 07:43 PM | | Are any of your sites running forums like phpbb or running wordpress sites? Things like these can be easily exploited if not properly updated.
What operating system is your server running?
Where were the files located that were uploaded by the hackers? This could give a clue to how they got in.
Check which ports are open on your server also, because they may have installed a backdoor to your server which they can access at any time.
|
| Posted by BestServerSupport, 01-11-2013, 10:12 AM | | I suggest you to check FTP logs of your server and try to determine how and from which IP address the mail script was uploaded. Immdiately block the suspecious IP address in firewall.
It may also be possible that the password of your email address got compromised. I would suggest you to change all the email accounts password as soon as possible.
|
|
 Add to Favourites
 Print this Article
|
Also Read
