As a web hosting company running thousands of websites and even more email accounts, we are constantly battling spam. Usually the spam is incoming (sent to our customers), but sometimes our customers unknowingly send out spam. When we are made aware of a customer sending spam, we open a support ticket with our customer in order to determine the cause and a resolution. The majority of outgoing spam is because of a compromised email account (stolen password), server, or vulnerable website that is being exploited by a spammer in order to mask their activities. Even though our customer didn’t directly send the spam, their account was involved in one way or another.

Spammers try and send spam through unsuspecting victim accounts in many ways, and we will cover the most common methods in this article. The methods below can target shared, reseller, VPS, and dedicated servers. It’s worth mentioning that when a website or server is compromised or ‘hacked’, an automated [tooltip title=”Botnet: A network of private computers infected with malicious software and controlled as a group without the owners’ knowledge, e.g., to send spam.”]botnet[/tooltip] is usually involved – many victims assume their website has been attacked by a specific person for a specific reason, however it’s usually due to a known and easily exploitable vulnerability on a website.

Software Exploits

This category encompasses a vast range of possible entry points for spammers, including the operating system, server software (like Exim), and website software like WordPress.

For shared, reseller, and managed VPS/dedicated customers, the main concern is the software used to manage your website. This includes WordPress, Joomla, Drupal, forum software, and anything else that uses PHP. It is important to keep this type of software updated, including any plugins or themes you may have also installed. Over time, vulnerabilities are discovered in software, and updates or patches are released. There are many reasons people don’t upgrade their software – sometimes the process can be time consuming, or the website may no longer be maintained. But choosing not to upgrade, there is a greater risk of a spammer taking advantage of the security holes, leaving your website and web hosting account at risk.

WordPress Exploits

We’ve dedicated a category specifically to WordPress, because it’s one of the most popular content management systems, which means it’s most often exploited. Since WordPress features one-click upgrades within the administrator dashboard, we usually don’t see too many issues with the base software or plugins alone (as long as they’re kept up-to-date). The number one WordPress vulnerability is due to outdated 3rd party themes. Many themes include code called TimThumb, which makes it easy to resize images on the fly. In 2011, a major vulnerability was discovered in TimThumb that allowed malicious code to be uploaded to a hosting account. Once uploaded, the attacker could easily send spam upload malware. The code was quickly patched, but many theme developers didn’t release updates, so vulnerable websites were not patched by their owners.

[four_fifth]An easy-to-use plugin that checks your WordPress theme for vulnerable TimThumb code is called ‘TimThumb Vulnerability Scanner’, and can be installed directly within the WordPress plugin manager. Once the plugin is installed, you can run a scan and replace any outdated code with one click. As of today, any TimThumb versions 2.8.2 or later are currently safe, but 2.8.10 is the current version.[/four_fifth] [one_fifth_last]Timthumb Vulnerability Scanner - WordPress[/one_fifth_last]

SMTP ‘Auth Login’

An SMTP Auth Login occurs when a legitimate username and password are used to log into a mail server and send mail. Every time someone sends an email from software like Outlook or Thunderbird, their mail server checks the username and password to make sure they’re authorized to send the email. If a spammer gains access to a username and password, they use it to relay spam. Spammers commonly gather passwords by spreading a virus or malware, which can steal saved email passwords. The best way to prevent this scenario is by installing antivirus & antimalware software on your local computer(s) – make sure the software is configured to update daily.

Spamming Scripts

If an attacker gains access to one of your accounts, they may upload files that are used to send or relay a large amount of emails. Often, it can be difficult to track down the scripts. For unmanaged VPS and dedicated server customers, it’s important to configure your mail server (such as Exim) to add headers that identify which account an email was sent from.

Preventive Actions

As we’ve already mentioned, one of the best ways to prevent spammers from taking advantage of your web hosting account is by regularly keeping your website up to date. On your local computer, it’s important to make sure your antivirus software is kept up to date. In addition, a free malware scanner like MalwareBytes can be used in tandem with your antivirus software to provide increased protection.

CloudFlare

CloudFlare is a website performance and security solution. CloudFlare offers two main benefits for webmasters:

[four_fifth]CloudFlare serves your website from 23 different data centers around the world, decreasing load times for your visitors and reducing your bandwidth usage. While doing this, it’s also protecting your website from attacks, such as Distributed Denial of Service (DDoS) attacks and SQL injection.

We are currently rolling out CloudFlare on all of our shared and reseller servers. See the CloudFlare introductory video for more information.[/four_fifth] [one_fifth_last]CloudFlare in cPanel[/one_fifth_last]

Although not an exhaustive list of threats and preventive actions, the above methods that spammers use are the most common. It’s important to follow the tips above, to help prevent your server from becoming a source of spam. If you have any questions about the security of your server, feel free to open a support ticket.

Leave a Reply