Site email = Spam?
Site email = Spam?
I've been switching a lot of my email over to spamgourmet, and just noticed that I'm getting spam through the disposable address I made for neocolours. I'm not sure, but this means that Neocolours could have been hacked at some point. Thought you might want to know. :|
-
- Devil's Advocate
- Posts: 2038
- Joined: 04 Jan 2006 06:06 pm
- Gender: Female
- Location: a g-orbital
- Contact:
Re: Site email = Spam?
Thanks for letting us know - apologies for not responding sooner, but we've been away all of last week. Miguel has looked at his spam emails (he runs a similar thing to you) and has said that his NC-only email has also received some spam.
I need to have a chat with our webhosts to find out what's caused this. The admin panel does not show any logins from any IP other than my own, so it does not appear that an admin account has been compromised - that was my first thought, since admin accounts are able to see anyone's email address*. I don't have a recent copy of the database stored locally, so my own computer being compromised by malware wouldn't have caused this. I can't find much information online about email harvesting from phpBB forums, but there may be a specific way that spambots are able to do that (it's hard to search for - most of the results are about spam posts by bots, not spam emails).
(*I will also state here that while I have full access to everyone's email addresses, I would never repost them or pass them on to anyone else...that would be a) a really nasty thing to do and b) illegal in my jurisdiction.)
I need to have a chat with our webhosts to find out what's caused this. The admin panel does not show any logins from any IP other than my own, so it does not appear that an admin account has been compromised - that was my first thought, since admin accounts are able to see anyone's email address*. I don't have a recent copy of the database stored locally, so my own computer being compromised by malware wouldn't have caused this. I can't find much information online about email harvesting from phpBB forums, but there may be a specific way that spambots are able to do that (it's hard to search for - most of the results are about spam posts by bots, not spam emails).
(*I will also state here that while I have full access to everyone's email addresses, I would never repost them or pass them on to anyone else...that would be a) a really nasty thing to do and b) illegal in my jurisdiction.)
-
- Zombie Queen
- Posts: 5251
- Joined: 08 Jan 2006 05:20 am
- Gender: Female
- Human Avatar: 89833
- Location: Tyland
- Contact:
Re: Site email = Spam?
Bit of a silly question, but is it your public email? I see that you have one listed. A crawler could conceivably be harvesting that, yes?
Re: Site email = Spam?
I'm not sure what you mean - I don't see one listed on my profile, unless you mean something else. I do have a gmail address that is probably searchable, which is why I'm going through the pains of changing it now (that wasn't the one that was just spammed, it was right after I'd changed to spamgourmet).
-
- Devil's Advocate
- Posts: 2038
- Joined: 04 Jan 2006 06:06 pm
- Gender: Female
- Location: a g-orbital
- Contact:
Re: Site email = Spam?
Ty - we can see Aqua's email, but no-one else can. This caused me headaches too
I'm still looking into potential options. The people at phpbb.com think it is unlikely, but not impossible, that it was caused by phpbb, but I'm looking into suggestions made by our webhost.
I'm still looking into potential options. The people at phpbb.com think it is unlikely, but not impossible, that it was caused by phpbb, but I'm looking into suggestions made by our webhost.
-
- Zombie Queen
- Posts: 5251
- Joined: 08 Jan 2006 05:20 am
- Gender: Female
- Human Avatar: 89833
- Location: Tyland
- Contact:
Who is online
Users browsing this forum: No registered users and 5 guests