trinucc Posted May 25, 2014 Posted May 25, 2014 For some reason the account for trinucc has been suspendedThis is on the Stevie serverThe domain name is www.trinityskippack.org Note: This happened to us once before when somebody broke into our account and sent out spam. This is actually a church account and we definitely are NOT spamming anyone, if that turns out to be the case. Obviously, we are asking that the account be unsuspended and some support be given to us to help us to avoid the problem in the future. Thanks
hussam Posted May 26, 2014 Posted May 26, 2014 what script do you use? most cms/forums have options to disable email sending.
wolstech Posted May 26, 2014 Posted May 26, 2014 Suspension is for 2500+ emails in under 12 hours...your problem is back. I'm not going to unsuspend this just yet because we can't have accounts spewing mail like that. We need to figure out the cause first. As hussam asked, what software do you have in the account? Things like Wordpress or joomla are commonly exploited by hackers to install spam bots or other malware to let them abuse the account. Also do you actually use email on your account?
trinucc Posted May 26, 2014 Author Posted May 26, 2014 We never use the email on the account at all--in fact, I never took notice of the fact that we had an email account within Heliohost until after the first problem occurred. As to your question about what software we have in the account, I'm afraid I cannot answer your question. A group of students at a local university created the website for us a year ago as their senior project and all I do is update the content ... while my technical skills are more than sufficient to keep up the site in that way, I do not have the expertise in how the site was created in the first place. If Hussam's question would lead to a solution, that would be great. Obviously from what I said above, we don't need the email account at all, so if there is some way to disable it and if this would take care of the issue, we are all for doing so. After all, we really want and need the church website up and operational. Thanks
wolstech Posted May 26, 2014 Posted May 26, 2014 I'll be willing to bet you have an outdated Wordpress install or something on your account. Since you don't know how it was built, I'll assume you don't know how to update the software either. Web software, especially popular content management software (which i'll bet you're using, even if you're unaware of it) usually requires updates to be installed in order to stay secure. An admin might be able to disable the email functions...I know we can throttle it to like 1 mail an hour, so I don't see why 0 would be impossible.
trinucc Posted May 26, 2014 Author Posted May 26, 2014 You are right....I have no idea if Wordpress (or similar) is on the account and I don't know how to update the software. Unfortunately, the students who built the website) graduated a year ago, and I don't know if there is any way to get in touch with them (not that they have any obligation this point anyway) So how can we proceed from here? I certainly am sensitive to Heliohost's realities, but obviously the church wants its website up an operational again. Thanks
hussam Posted May 26, 2014 Posted May 26, 2014 google's cache suggests you use simplemachine forums.http://wiki.simplemachines.org/smf/MailYou can switch to smtp (for example, your gmail account SMTP settings) to get around the restriction. However, this won't stop the spam. To disable mail completely you will have to go through smf settings and disable things like email notifications on personal messages, etc... Another thing is since this is a church website and you don't need the bad publicity from spammers anyway, I suggest using cloudflare. It protects your website from spammers and many other attacks.Cloudflare is free. If you decide to use it, let me know on irc and I will walk you through it.
trinucc Posted May 26, 2014 Author Posted May 26, 2014 Thanks, hussam, although I must admit I only know a whole lot of what you are talking about. (I set up my personal email with an SMTP account, but I don't think that's going to help with this situation anyway.) I am going to have to put this problem on hold, now, for personal reasons which interfere with my being able to do anything about this on Tuesday anyway (and possibly for a couple days afterwards, depending on how things unfold tomorrow).....and obviously to do anything about this, the account has to be unsuspended first anyway, which I hope can take place once I'm back into action. I'll post here again when I'm able to, so something can be sorted out here.
trinucc Posted May 28, 2014 Author Posted May 28, 2014 OK....personal conflict (hospital testing!) is taken care of and I'm back home. Again steps to get the trinucc site unsuspended. If I understand the earlier postings/suggestions correctly, disabling the heliohost email capability for our site (or at least changing a setting to just a maximum of one email per day) should take care of the problem that Heliohost is concerned about--at least that way we will not have a potential spam bot sending out thousands of emails. Am I correct in that assumption? If so, then I would like to request that our account be unsuspended--and I would hope for a bit of guidance as to how to make the necessary email changes. (By the way, if it helps I was able to get in touch with one of the university students who helped build the site in the first place. He indicated that "We didn't use any of the common hosting systems on the website, although i think we did use a plugin called "softaculous" for the forum system. If any emails are being sent exploiting an added on software, it would have to be through softaculous.....we didn't program anything into the website to send emails, but that doesn't mean that there isn't anything in our code that could somehow backdoor into the email....) Thanks
wolstech Posted May 29, 2014 Posted May 29, 2014 You can't throttle/disable the email yourself. An admin needs to do that. (You can and should disable any email functions in your forum settings though once you get unsuspended). As for the source, it's likely coming from SMF (your forum software). Someone or something is abusing it, likely due to it not being set up improperly or not being updated to fix security holes. Softaculous is a tool that lets you install software easily. It won't send spam (or any mail for that matter except update notifications). It sounds like the folks who made the site for you used it to set up the forum.
Byron Posted May 29, 2014 Posted May 29, 2014 This support request is being escalated to our root admin.
trinucc Posted May 29, 2014 Author Posted May 29, 2014 Thanks, everybody! Looking forward to getting our website reactivated.
Krydos Posted May 29, 2014 Posted May 29, 2014 The account trinucc has been unsuspended. @admins/moderators, when an account is suspended for sending too many emails it will already be throttled to 1 email per hour anyways. Once the issue is fixed then we can restore the default email sending limit if needed. @trinucc, my guess is that spambots are creating thousands of accounts on your website, and the emails are just a symptom of the bigger issue. It doesn't matter if you disable email sending or get your email throttled, if you don't do something to prevent the bots from creating accounts eventually they will create so many accounts each day that you will get suspended for high load anyways. Do you really need a login system on your website? Can you disable account creation entirely? If you do need to have a login system for users you should at least add a creative captcha type question that will prevent the bots from creating their accounts.
hussam Posted May 29, 2014 Posted May 29, 2014 You are running SMF 2.0.42.0.7 is the latest security/bugfix release.Try updating if possible I also strongly suggest cloudflare.
trinucc Posted May 29, 2014 Author Posted May 29, 2014 Krydos and Hussam, Thanks for reactivating our site......and since we really don't need the the SMF (the forum software), I have uninstalled it, rather than updating it....this was under the advice of one of the university students. However, we now have some coding issues, which is up to us to resolve, not heliohost. I wanted to go into the heliohost email system to delete all of the spam that accumulated there from before, but can't log in for some reason. I'm guessing it's a password issue, but that is a minor problem for now. Thanks for all you've done and your suggestions---now I'm working on getting the student designer of our page to help restore the functionality of the coding, now that references to the SMF are creating a problem. Your help has been very much appreciated.
Recommended Posts