Author Topic: Am I being attacked by Russian Hackers and SPAMMERS???  (Read 3594 times)

ruben

  • Posts: 25
    • View Profile
Am I being attacked by Russian Hackers and SPAMMERS???
« on: December 28, 2013, 06:24:06 pm »
The very day I set up LMP on my website, I noticed a big spike in traffic (about 100 visitors a day).

Looking through the AWSTATS, I find that they are almost all "links from an external page" - all from Russia.

What is going on? Why would they do this?

Russian sites are known spammers and hackers.

Are they using my server to send SPAM through LMP? Are they trying to hack into my server from some reason?

How do I plug up the vulnerabilities in LMP to keep these 100's of Russian sites from spamming or hacking my server?


DW

  • Administrator
  • Posts: 3787
    • View Profile
    • https://legacy.listmailpro.com
Re: Am I being attacked by Russian Hackers and SPAMMERS???
« Reply #1 on: December 28, 2013, 06:57:41 pm »
I can't think of any way installation of ListMailPRO would be related to incoming traffic or links from unknown sites.

There are no known vulnerabilities in the latest version available from the members area.

I don't see how any SPAM or messages sent by ListMailPRO could cause such traffic.  Typically when people spam they send email with links to their own sites, not the site they're spamming from.. If someone managed to break into ListMailPRO and was using it to send email you should see some evidence of their activity, such as users on lists, messages in Sent Messages, bounced messages coming from your server, spam reports against your IP, etc.  Make sure you have a strong admin password and enable the option "Notify admin when a bad password is entered" on the Configuration page for best results.  It's also a good idea to have a strong FTP password as dictionary or brute force attacks against those are a common way in for hackers.

If it's just traffic you're seeing I would say it's most likely harmless.  Perhaps if you look at the external pages linking to your site you will find the cause or reason.

I have a fair amount of experience on the internet, so if you want hands-on assistance you could order General Support from http://listmailpro.com/support and I would spend some time investigating and do my best to explain what's going on, but I can't guarantee anything can be done because it sounds like it's the activity of a third party site we have no control over.

Regards
« Last Edit: December 28, 2013, 07:10:19 pm by DW »
Dean Wiebe
ListMailPRO Author & Developer - Help | Support | Hosting

ruben

  • Posts: 25
    • View Profile
Re: Am I being attacked by Russian Hackers and SPAMMERS???
« Reply #2 on: December 29, 2013, 09:18:24 pm »
Dean,

Thanks for your prompt reply!

We have not sent any emails or messages using LMP as of yet... we just installed it.

The same day that we installed LMP is when we got 100's of links from Russian sites linking to us.

I looked into these Russian sites that are linking to my server and a large number of them are porn sites. This never happened before installing LMP.

I did some research on autoresponders and found that hackers are finding their way into the SQL on the servers.

Does LMP use a perl script that's installed in the cgi bin or directory?

What mechanism does LMP have to prevent SQL Injection attacks?

Thanks

DW

  • Administrator
  • Posts: 3787
    • View Profile
    • https://legacy.listmailpro.com
Re: Am I being attacked by Russian Hackers and SPAMMERS???
« Reply #3 on: December 30, 2013, 11:33:27 pm »
Hi,

Quote
The same day that we installed LMP is when we got 100's of links from Russian sites linking to us.

I looked into these Russian sites that are linking to my server and a large number of them are porn sites. This never happened before installing LMP.

I'd say it was a coincidence.  For LMP to "trigger" anything a third party would need to know you installed it.  LMP does not show itself to search engines by default - all pages use a meta "robots" tag with a value of "noindex,nofollow" - and even if it did a search engine would need to find a link to it somewhere to find it.  The only way a third party could find LMP is if they browsed to the installation web address manually or were already accessing and monitoring the files on your web server, both of which I would say are unlikely, especially in as short amount of time as you suspect.  Plus, I don't see why a third party would care about an LMP installation or how they would find any benefit from linking to your site. It might be a deliberate or random attack against your web reputation.  You may want to look into disavowing the links at Google.

Quote
I did some research on autoresponders and found that hackers are finding their way into the SQL on the servers.

This can be true for any poorly-programmed web-based script that passes user-entered data to MySQL.

Quote
Does LMP use a perl script that's installed in the cgi bin or directory?

There are a couple optional CGI scripts included with the program.  They are normally accessed via an email address set up on your web host to "pipe" email to them to facilitate instant bounce processing or email signup.  The help files are at http://listmailpro.com/help/cgi

Quote
What mechanism does LMP have to prevent SQL Injection attacks?

Great care is taken to prevent injection attacks.  All queries with user-entered data are escaped to prevent MySQL injection, and have been since as far back as 2002.  With thousands of users, I have never had a report of anyone being hacked or exploited successfully through LMP.

In general, links from other sites do not indicate a vulnerability or exploit on your server.  ListMailPRO does not make any calls to external sites.

Regards
« Last Edit: December 31, 2013, 12:14:35 am by DW »
Dean Wiebe
ListMailPRO Author & Developer - Help | Support | Hosting