Hello,
I wonder if anyone else has experienced the following phenomenon, and whether or not it is Drupal-related, and might possibly have an idea as to the next course of action to take...
The following did not occur until AFTER I started using Drupal (a few months ago), though I have had my site and domain name for several years.
Essentially, what I keep getting on a more-than-daily basis is emails with
SUBJ: Delivery Status (failure) FROM: postmaster@
Following the @ would be the domain of NUMEROUS domains that were hit, with attempted delivery to hundreds of email addressees. And that's just the bogus ones--who knows what actually got through.
My domain is now being filtered by MSN's anti-spam and who knows how many others. I am angry enough to offer any interested lawyer 100% of the awarded fines in return for assistance in tracking these people down and filing a lawsuit.
As to Drupal... at first I thought it might be that one of the add-on modules I'd installed was insecure. Before diving into the code, I simply disabled Email-This-Page module and Subscribe module. And the problem still persists. My next idea would be to pull down the entire site and put up a simple "Down for Maintenance" page and see if the problem persists.
Any ideas, folks?
PS if you feel this is too off-topic and not Drupal related, go ahead and email me privately instead.
The first thing you need to do is examine the mail headers and possibly your mail logs, and see if the messages are coming internally or externally. If you're running older software or have not secured your software properly, you might simply have left an open relay and then just about any joker could do it.
From your message it may also be possible that people are just using your domain and not using your server at all. If that's actually happening there is little you can do about it. It's very easy to forge a domain. But generally that doesn't get domains black-listed.
The next possibility is that hack has been installed on your machine through some vulnerability or other, and that you could disable Drupal entirely and still have this problem. Those can be difficult to find; I recommend google searching on the topic for tools and ideas on how to track that sort of thing down.
Gunther Herzog wrote:
Hello,
I wonder if anyone else has experienced the following phenomenon, and whether or not it is Drupal-related, and might possibly have an idea as to the next course of action to take...
The following did not occur until AFTER I started using Drupal (a few months ago), though I have had my site and domain name for several years.
Essentially, what I keep getting on a more-than-daily basis is emails with
SUBJ: Delivery Status (failure) FROM: postmaster@
Following the @ would be the domain of NUMEROUS domains that were hit, with attempted delivery to hundreds of email addressees. And that's just the bogus ones--who knows what actually got through.
My domain is now being filtered by MSN's anti-spam and who knows how many others. I am angry enough to offer any interested lawyer 100% of the awarded fines in return for assistance in tracking these people down and filing a lawsuit.
As to Drupal... at first I thought it might be that one of the add-on modules I'd installed was insecure. Before diving into the code, I simply disabled Email-This-Page module and Subscribe module. And the problem still persists. My next idea would be to pull down the entire site and put up a simple "Down for Maintenance" page and see if the problem persists.
Any ideas, folks?
PS if you feel this is too off-topic and not Drupal related, go ahead and email me privately instead.
I assume you have taken all the XML-RPC stuff out? there were some vulnerabilities in that recently; one of my servers was also hacked, and i believe temporarily used for sending emails out also.
/dc
-----Original Message----- From: support-bounces@drupal.org [mailto:support-bounces@drupal.org] On Behalf Of Earl Miles Sent: Thursday, December 08, 2005 2:41 AM To: support@drupal.org; Gunther Herzog Subject: Re: [support] Hi-Jacked Email Identity (possibly OT?)
The first thing you need to do is examine the mail headers and possibly your mail logs, and see if the messages are coming internally or externally. If you're running older software or have not secured your software properly, you might simply have left an open relay and then just about any joker could do it.
From your message it may also be possible that people are just using your domain and not using your server at all. If that's actually happening there is little you can do about it. It's very easy to forge a domain. But generally that doesn't get domains black-listed.
The next possibility is that hack has been installed on your machine through some vulnerability or other, and that you could disable Drupal entirely and still have this problem. Those can be difficult to find; I recommend google searching on the topic for tools and ideas on how to track that sort of thing down.
Gunther Herzog wrote:
Hello,
I wonder if anyone else has experienced the following phenomenon, and whether or not it is Drupal-related, and might possibly have an idea as to the next course of action to take...
The following did not occur until AFTER I started using Drupal (a few months ago), though I have had my site and domain name for several years.
Essentially, what I keep getting on a more-than-daily basis is emails with
SUBJ: Delivery Status (failure) FROM: postmaster@
Following the @ would be the domain of NUMEROUS domains that were hit, with attempted delivery to hundreds of email addressees. And that's just the bogus ones--who knows what actually got through.
My domain is now being filtered by MSN's anti-spam and who knows how many others. I am angry enough to offer any interested lawyer 100% of the awarded fines in return for assistance in tracking these people down and filing a lawsuit.
As to Drupal... at first I thought it might be that one of the add-on modules I'd installed was insecure. Before diving into the code, I simply disabled Email-This-Page module and Subscribe module. And the problem still persists. My next idea would be to pull down the entire site and put up a simple "Down for Maintenance" page and see if the problem persists.
Any ideas, folks?
PS if you feel this is too off-topic and not Drupal related, go ahead and email me privately instead.
-- [ Drupal support list | http://lists.drupal.org/ ]
-
dc -
Earl Miles -
Gunther Herzog