Article Directory Cash Generates Spam
The last couple of days I have been receiving loads of ‘mail delivery failed’ emails returned from this site. Much to my surprise I found that they were caused by a blacklisting issue.
Being pretty positive about the fact I don’t generate spam ever I contacted my host and searched the blacklists for what was causing the problem. The sendmail settings on my server are set to send out the emails over a different IP which was the one that got blacklisted - not my own IP address…
Here’s the message I received just a minute ago from my host:
OK, I think we found a problem with SPAM! I’m one of the culprits too…
There is a script called Article Directory Cash that has a huge security hole allowing the creator of the script to send email (SPAM) from anywhere using any installation of his script!
C.H. had several clients using the script … including me! He called me about server load earlier today and I told him that I was not sending from that domain at all. We put our heads together and discovered the script responsible for the sending.
He had a call from Planet last night about the issue. That script came from one of the self proclaimed marketing Guru’s! Anyway, Chris is handling the complaints and says it takes about 10 hours for the issue to resolve over the Internet. My own domain had been generating 250,000 emails daily the last five days!
Sorry about the problems but this ’stuff’ happens all the time. We were one of the many victims of this situation…
This is a very serious issue!
If you ever installed “Article Directory Cash” on your site, remove it NOW!
It’s only a matter of time before this malicious person will be using your domain to send spam around the world. Depending on your host’s spam policy, in worst-case scenarios this can mean your site goes down. With some (well-known) registrars it could even mean your domain name gets frozen…
(Owners of the Thin Electrons package - listen to the Joyner/Filsaime mp3 recording to learn all about registrars and webhosts and how they can hijack your business while you never sent out spam for the life of you…)
I did some research about the script and one thing which stood out is that the installation instructions online tell you the script requires CHMOD 777 for this script - these settiings allow anyone to write inside the script.
This could mean that the person who originally wrote the script never had the intention to use it for spamming. But that malicious hackers discovered the script vulnerability and rewrote the code.
In other words - don’t start a witch hunt for the programmer. The fact his script has been used to spam doesn’t mean he’s guilty of spamming himself by any means!
Otherwise please do let all your webmaster friends know about this script vulnerability so they can remove it or take security measures a.s.a.p.!
Thanks!
Patricia Ritsema van Eck