I have had my site circlef.net for about 5 years.
Latley I have had some problems with attacks on the site.
I have started to use AW stats- when I look at my 404 messages ,
I see a lot of mesages were some one is trying get into my sql data base.
is this normal to have 50 to 150 attempts to get into the data base a mouth
I deleated my sql data base.
I have just put one back on the site with a new pass word.
My site was black-listed for sending spam while looking in to that.
I found It appears that some one is sending spam using my sites name in there header.
This appears to be some one based in the urkaine?
I have the url of who is doing it. not sure what to do with it.
I'm saving the emails so they can be looked into.
Can any one can help me with this out.
I have tried to use westhost support, I still have the same problems
I have not been real happy with the support.
Or the sales department
It's time to fix the problems, our take the site off line.
I would like to be able to fix it. If not I will move it to were it can be fixed.
Right now I'm setting my site back up, I took most of it off line .
I did not have the time to look into this till now
It appears to be more then one person.
I have thought of putting up a wall of shame lising the url and e mails that it is coming from .
that will not stop them but will let site vistiors know what is happing
Results 1 to 10 of 13
Thread: site problems
03-25-2012, 09:45 AM #1
- Join Date
- May 2009
Last edited by ronaldf; 03-25-2012 at 09:50 AM. Reason: spelling
03-25-2012, 03:34 PM #2
It is not uncommon for a site to come under attack and often these attacks come in waves. Nothing you can really do to stop the attacks but you can guard against them sometimes. Since your these are 404 messages it means they where not successful in the attempt and more then likely where looking for a hole in a popular PHP or Pearl program that is out there. It looks like you are using a guest book and perhaps phpBB on this account. Make sure that these programs are kept up to date with the current version. This is very important. phpBB is pretty good about keeping their forum program updated with security fixes. If you don't need a program then don't keep in on the server. This is very important also. People often install a program then decide not to use it and thus it is not kept up to date. If a security problem with the program pops up it can be exploited and you may never know.
Nothing you can do about spammers using your site in email headers. These emails are not coming from your server but theirs so you have no control. What you can do is make sure your site has an SPF record. http://en.wikipedia.org/wiki/Sender_Policy_Framework and http://www.openspf.org/ are references for this. On newer cPanel accounts with WestHost you can add this TXT record yourself via the Advanced DNS Editor. On older Sitemanager accounts you need to contact WestHost and have them add it for you.
If you do get black listed then you need to go to the site that has listed you and check their policy on how to get off the list. They are all a bit different.
A wall of shame will do you know good and just use up your bandwidth for something a real user is not going to pay any attention to.
This situation is something that WestHost support can not really help you with. In fact no hosting company is going to support "fixing" something like this unless you are paying an extra fee of some type. This falls under the realm of a webmaster or site administrator. In this case that would be you. Again there is only so much you can do about this besides what I've mentioned above.
Make sure to look at your site files and make sure you don't have programs or files you don't need or recognize as something you put there. I am talking about in the public_html or /var/www directory. Again make sure your programs are up to date.
03-27-2012, 06:32 PM #3
- Join Date
- May 2009
All of my programs are up to date.
I do use phpbb3. I just up dated all but one forum. That forum ,The style I use is not supported. I coded my christmas pages to match it.
not sure how to update a phpbb3 style.
I have to approve all users. I check to see if they are known spammers before they are approved. If they are spammers I block the url.
and band the email
I do not use a quest book program, I use a form that can be filled out by a quest, it is then sent to a mail box for me to rewiew ,
them I can post the names and comments after review.
03-28-2012, 06:26 AM #4
In terms of email going out from your domain, wildjoker had some great advice about an SPF record. That's really the best thing to combat people spoofing your email address. It tells receiving servers what servers should be allowed to send email from your domain. The receiving server then has the choice to either reject or accept the email. It's not a guarantee to stop spoofing as mail servers aren't required to look at the SPF, but it certainly helps. (Partly because spammers are less likely to use your domain in their headers if they see that you have an SPF record.) I don't see one on your domain yet, so if you'd like us to add one feel free to either PM me or submit a support ticket.
In regards to people trying to crack into your database or site software, the most important things are to make sure your passwords are secure and that all of your software is up to date. If you are doing those things there is not a whole lot else that can be done. If you have the IP addresses of the people trying to crack the site, you can block them in your site manager under the "IP Filtering" section. Always make sure that you have a backup of your files on your local computer as well, in the case that someone does get access and cracks the site.
Let me know if you have any other questions.Nathan Collings
Level 2 Technical Support Rep
03-28-2012, 07:56 AM #5
Well I was going to say you should make sure that the program you where using to handle the contact emails was up to date but I see you are simply using mailto in your action of the form. Do be aware that may not work for everyone. http://apptools.com/rants/mailto.php
In regards to your theme for phpBB, you need to check and see if there has been an update of the theme. Do you remember where you got it? More then likely there is some indication of where you got it at the bottom of the page or maybe in the admin section or the files itself. You would need to follow links to the original author and see if they have a newer version. It might be easiest to just see if you can find a new style that is close to what you are using now. http://www.phpbb.com/customise/db/st...ard_styles-12/ You would then go to the board in question and switch over the the default phpBB style then do the upgrade to the program. Then install this new style and activate it after you have upgraded.
It has been some time since I worked with phpBB, but if you need some help let me know and I'll see what I can do.
03-31-2012, 06:43 AM #6
- Join Date
- May 2009
I sent a pm to see if we can set up a spf record.
It seams to be a place to start.
One of the problems is that I have recieved, some bounched back emails.
It seams that I have some one is sending email using.
horning@circlef =url 18.104.22.168 ( if I read the mail log right)
Any way you can read the mail log.
I have saved the arcives to my machine.
To look and see if I can make sence out of them.
I do not like anyone using my sites name ,our saying they are connected to the site when they are not
They are using my name saying they are part of the staff.
I have not found any thing that should not be on the site.
I did have a arcade , but I have deleated the data base for it.
untill I get things cleaned up.
I have though of putting up a page with a disclaimer about this.
Not sure how to handle it.
There is no staff just me
Last edited by ronaldf; 03-31-2012 at 08:41 AM. Reason: spelling add data
03-31-2012, 10:56 AM #7
Just to reiterate, even with the SPF record there is no way you can keep people from spoofing your site. The emails you listed above are common attempts by spammers to make it look like mail is coming from your site even when it is not. They trick the mail servers on other sites into thinking the email is from you by modifying the email headers. For example there is one header called Return-Path. They can set this to admin@circlef even if you don't have that as an email address. Now as a rule you should not get bounce back emails when they do that unless you have the catch all enabled on your account. To turn of catch all see this page: http://www.helpdocs.westserver.net/v...er/Aliases.htm
Since you seem to be really digging into this stuff and learning, you might want to check this article out. http://www.emailaddressmanager.com/tips/header.html It helps you understand email headers and how to read them so you really know where email is coming from.
04-03-2012, 06:18 PM #8
- Join Date
- May 2009
I do have a catch
I do have a catch all email address.
I set it up in case some one missed typed the email.
I'm dylstic myself and know how easy it is to miss type data.
I have to check what I type many times to see if it's right.
I do not like spam, I was setting up a forum were others like my self could come and talk,
When it went live the frist users, to sign up put links to a porn site on it.
It had gotten were that was all I was getting was spamers,
I took it down, It was a good ideal but it takes staff that I do not have,
Thats the problem with diong a forum is the spam.
My site has had more then it's share. the christmas forum had over 3000 user sign up , on post just spam ,
and a lot of back links to sites that I would not view.
I can say I have a forum but if you can not get. user why have it.
It the same way with the web site if some one going to use my name to spam, I want to do eveything I can to stop it
If I can not I will take it down.
04-03-2012, 07:57 PM #9
Well I understand why you might want a catch all but it really is a bad idea. It is just an invitation to spammers. Remember if someone where to miss type your email address they would know they did because they would get a notice back that the email was not delivered and then they could check the address.
In the case of forums you really it can be a bit of a job to keep the spammers out but with a little bit of effort it can be managed. The first thing is to always have what Captcha set up for your forums. Most make this really easy and for the most part it is a built in feature you just activate. The second thing is to use a service like http://www.stopforumspam.com/ or Askimet. Both have mods with most forums that can be added to set up the forum to use them. One last thing you can do is install a challenge question mod. This forum has that. It ask a very simple question on sign up that the user has to answer. I have all three options set up on the fourms I run and get very little spam. I have maybe one or two spammer a month if that I have to deal with.
04-22-2012, 08:39 AM #10
- Join Date
- May 2009
We now have a spf file installed email looks good. using the email log and the http log i have blocked some url that I believe were trying to do a sql injection, and some that were using my e mail.
I would like to install zz bloick on my site , can that be done for the whole site our do I have to do if for each forum.