Jamit Software Forum
Welcome, Guest. Please login or register.
July 05, 2020, 01:09:16 pm

Login with username, password and session length
Search:     Advanced search
May 5th, 2010 - Jamit Software Launches the Market!
3,080 Posts in 791 Topics by 1,658,450 Members
Latest Member: lxxzyhihoqx
* Home Help Search Login Register
+  Jamit Software Forum
|-+  Jamit Job Board Customers
| |-+  User-to-User Support
| | |-+  My site has been Hacked!
« previous next »
Pages: [1] 2 Print
Author Topic: My site has been Hacked!  (Read 12405 times)
SecureAspects
Jammers
Sr. Member
*
Posts: 54


« on: October 17, 2011, 04:52:32 am »

My site is sending out thousands of these e-mails Everything has worked fine with NO problems at all for 5 years  :

Template ID:    46
To Name:    [email protected]
To Address:    [email protected]
From Name:    Secure Aspects Group Job Board
From Address:    [email protected]
Subject:    (NEW) $134,382 on auto-pilot & only 22-years old...
Message (text)    

To: [email protected] <[email protected]>
From: Kieth  <[email protected]>

I thought you'd be interested in this page from Secure Aspects Group Job Board

Link:
http://secureaspects.com/...... [We are sorry, Jamit has censored this content because it contained SPAM links.]

« Last Edit: October 17, 2011, 09:40:10 pm by Peter » Logged
Imran
Global Moderator
Hero Member
*****
Posts: 255


WWW
« Reply #1 on: October 17, 2011, 05:58:06 am »

You should monitor which script is sending emails, most probably there some script which is compromised you should remove that script.
Logged
SecureAspects
Jammers
Sr. Member
*
Posts: 54


« Reply #2 on: October 17, 2011, 11:05:32 am »

How do I monitor and determine which script?
Logged
Imran
Global Moderator
Hero Member
*****
Posts: 255


WWW
« Reply #3 on: October 17, 2011, 12:03:51 pm »

You might want to read this thread: webhostingtalk.com/showthread.php?t=128839
Logged
SecureAspects
Jammers
Sr. Member
*
Posts: 54


« Reply #4 on: October 17, 2011, 12:23:45 pm »

Thanks Imram, that has no application to my problem. I have tried everything including security scan, my host is doing their own security system scan and yet the emails keep generating. I have everything thing shut down at this point so no e-mails can be sent from the system.
Logged
SecureAspects
Jammers
Sr. Member
*
Posts: 54


« Reply #5 on: October 17, 2011, 01:16:00 pm »

Found it, phpshell script.  Dont know where it came from or how it got there, will be doing a complete system evaluation and scrub.
Logged
Imran
Global Moderator
Hero Member
*****
Posts: 255


WWW
« Reply #6 on: October 17, 2011, 02:05:12 pm »

Glad your problem is solved, some times a third part script with in appropriate permissions results in downloading of unwanted scripts or we upload scripts without testing and know what they actually do.
Logged
SecureAspects
Jammers
Sr. Member
*
Posts: 54


« Reply #7 on: October 17, 2011, 02:07:25 pm »

Well the problem is back and it appears that the job board is being used as a mailer, the spam being sent is also addressed to non-members and emails not associated with anyone on the site, which I am hoping means that they do not have access to the DB.
Logged
CompuDave
Global Moderator
Hero Member
*****
Posts: 173



WWW
« Reply #8 on: October 17, 2011, 02:31:28 pm »

It seems to be using your "Email this job" feature to send from. How many are being sent?
Logged
SecureAspects
Jammers
Sr. Member
*
Posts: 54


« Reply #9 on: October 17, 2011, 02:39:40 pm »

I shut that feature off and only made it available to members, there were 67 thousand emails in que and they were not addressed to members of the site, thankfully. That was last night. I disabled the smtp mailing and when I got back on this morning there were 14 thousand in que. I have been through everything on my site and it is much cleaner now than it ever was Wink I am just glad they did not get into the DB. Non registered visitors seem to legitimately use the email job feature and putting a captcha on it may be a good idea to keep it from being exploited?
« Last Edit: October 17, 2011, 02:47:36 pm by SecureAspects » Logged
Imran
Global Moderator
Hero Member
*****
Posts: 255


WWW
« Reply #10 on: October 17, 2011, 04:00:01 pm »

I suggest you to put Face book Send button feature for sending jobs to user's friends, this way facebook will take care about the sending emails to friends...
Logged
SecureAspects
Jammers
Sr. Member
*
Posts: 54


« Reply #11 on: October 17, 2011, 05:37:48 pm »

Is that one of their developer aps?
Logged
Imran
Global Moderator
Hero Member
*****
Posts: 255


WWW
« Reply #12 on: October 17, 2011, 05:49:49 pm »

You can get it here http://developers.facebook.com/docs/reference/plugins/send/
You can leave url field blank so that it picks up from address bar
Logged
SecureAspects
Jammers
Sr. Member
*
Posts: 54


« Reply #13 on: October 17, 2011, 08:51:37 pm »

Thats great, thanks. I am still sending out sporadic mailings and do not know how they can keep being generated.
Logged
Peter
Administrator
Hero Member
*****
Posts: 248



« Reply #14 on: October 18, 2011, 02:16:35 am »

One of the things that will avoid this from happening is to get TRAFFIC COP and UA POLICE PRO before your site gets compromised.  Wink
Logged

SECURE your site BEFORE you wish you had! Use plugins by COLOSSAL MIND!
Pages: [1] 2 Print 
« previous next »
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2013, Simple Machines Valid XHTML 1.0! Valid CSS!
Page created in 0.042 seconds with 17 queries.