Jump to content


  • Posts

  • Joined

  • Last visited

Everything posted by leezard

  1. Heres some info i got from cert.com about e-mail spoofing (cloning) It has a few tips on preventing it. http://www.cert.org/tech_tips/email_spoofi...fing.html#III.B I. Description Email spoofing may occur in different forms, but all have a similar result: a user receives email that appears to have originated from one source when it actually was sent from another source. Email spoofing is often an attempt to trick the user into making a damaging statement or releasing sensitive information (such as passwords). Examples of spoofed email that could affect the security of your site include: * email claiming to be from a system administrator requesting users to change their passwords to a specified string and threatening to suspend their account if they do not do this * email claiming to be from a person in authority requesting users to send them a copy of a password file or other sensitive information If, after investigating the activity, you find that there is more to the incident than spoofed email (such as a compromise at your site or another site), please refer to Section IV below. II. Technical Issues * If you provide email services to your user community, your users are vulnerable to spoofed or forged email. * It is easy to spoof email because SMTP (Simple Mail Transfer Protocol) lacks authentication. If a site has configured the mail server to allow connections to the SMTP port, anyone can connect to the SMTP port of a site and (in accordance with that protocol) issue commands that will send email that appears to be from the address of the individual's choice; this can be a valid email address or a fictitious address that is correctly formatted. * In addition to connecting to the SMTP port of a site, a user can send spoofed email via other protocols (for instance, by modifying their web browser interface). III. What You Can Do 1. Reaction 1. You may be alerted to spoofed email attempts by reports from your users or by investigating bounced email error messages. 2. Following relevant policies and procedures of your organization, review all information (such as mail headers and system log files) related to the spoofed email. Examine tcp_wrapper, ident, and sendmail logs to obtain information on the origin of the spoofed email. The header of the email message often contains a complete history of the "hops" the message has taken to reach its destination. Information in the headers (such as the "Received:" and "Message-ID" information), in conjunction with your mail delivery logs, should help you to determine how the email reached your system. If your mail reader does not allow you to review these headers, check the ASCII file that contains the original message. NOTE: Some of the header information may be spoofed; and if the abuser connected directly to the SMTP port on your system, it may not be possible for you to identify the source of the activity. 3. Follow up with other sites involved in this activity, if you can identify the sites. Contact them to alert them to the activity and help them determine the source of the original email. We would appreciate a cc to "cert@cert.org" on your messages; this facilitates our work on incidents and helps us relate ongoing intruder activities. If you have a CERT# reference for this incident, please include it in the subject line of all messages related to this incident. (NOTE: This reference number will be assigned by the CERT/CC, so if you do not have a reference number, one will be assigned once we receive the incident report.) To find site contact information, please refer to http://www.cert.org/tech_tips/finding_site...e_contacts.html You may also want to contact the postmaster at sites that may be involved. Send email to postmaster@[host.]site.domain (for example, postmaster@cert.org) Please include a copy of this document in your message to sites. 4. To provide as much information as possible to help trace this type of activity, you can increase the level of logging for your mailer delivery daemon. 5. Realize that in some cases, you may not be able to identify the origin of the spoofed email. 2. Prevention (Deterrence) 1. Use cryptographic signatures (e.g., PGP "Pretty Good Privacy" or other encryption technologies) to exchange authenticated email messages. Authenticated email provides a mechanism for ensuring that messages are from whom they appear to be, as well as ensuring that the message has not been altered in transit. Similarly, sites may wish to consider enabling SSL/TLS in their mail transfer software. Using certificates in this manner increases the amount of authentication performed when sending mail. 2. Configure your mail delivery daemon to prevent someone from directly connecting to your SMTP port to send spoofed email to other sites. 3. Ensure that your mail delivery daemon allows logging and is configured to provide sufficient logging to assist you in tracking the origin of spoofed email. 4. Consider a single point of entry for email to your site. You can implement this by configuring your firewall so that SMTP connections from outside your firewall must go through a central mail hub. This will provide you with centralized logging, which may assist in detecting the origin of mail spoofing attempts to your site. 5. Educate your users about your site's policies and procedures in order to prevent them from being "social engineered," or tricked, into disclosing sensitive information (such as passwords). Have your users report any such activities to the appropriate system administrator(s) as soon as possible. See also CERT advisory CA-1991-04, available from http://www.cert.org/advisories/CA-1991-04....ngineering.html
  2. The way the AUP has been changed your ok to have the subdomain with someone else updating the content. Where you would run into a problem is if say for instance you set up a subdomain and SOLD that space to someone else.
  3. thats true, also if you set up a user with an account and a default password, the first time they go to ******/webmail they will get the pop up, enter the username and default password you gave them, then they can change it
  4. hmm, your right..there isnt a "log off" button or link
  5. you can set the amount of space each person has but keep in mind, if those 30 people with 20megs each all leave their mail on the server it does cut into your available space. 30 people X 20 MB = 600 MB of space.
  6. Welcome to the family! Everyone here is always willing to help, and i dont mean just the support and moderator folks. Never be afraid to ask a question, in most cases they get answered in a few minutes. As far as OSCommerce goes, it may be in your cpanel in the cgi scripts section under additional scripts as a one click install. If it isnt you can request it be added. Even if you do the manual install its pretty straightforward, if you need a hand just yell.
  7. lol, look at the time of those posts
  8. Thats normal, that is the connection string for the database. It's not really an error.
  9. .rar .zip and .pdf files will send with no problems, and you are correct executables and script files wont be sent, the main body of the message would go through but not the attached .exe file.
  10. leezard


    I'm not in a band or involved in the music industry, BUT I do have close friends in two bands that are signed to major record labels, and speaking from experience (I have a TON of live recordings, unreleased stuff from both bands) The majority of bands and record labels dont like you sharing bootleg material.
  11. ok, nevermind...mitch to the rescue!
  12. hmmm, I kind of forgot about that...theres a couple of the support staff online right now, i'm sure one of em will get to this thread in a few minutes and be able to help.
  13. submit a help desk ticket and they can get ya fixed up. https://ssl.totalchoicehosting.com/supportdesk/
  14. lol I'd mess with them all, I've had to talk to Rick a time or two because I was "researching" cpanel features even tho i didnt need them
  15. I'm guessing you mean a domain name other then your sites domain name? you can have multiple domain names for your site but they must ALL point to the main page of your site. for example, you have mysite.com as your main site, but you also have mysite.org,us,biz,cc and net you can park all of those domain names as long as they are all pointing to your sites main page. you cant have mysite.net point to one subdomain and mysite.org point to another. Hope that makes sense
  16. I've used PHPNuke both the auto install and a self install version and all of the hacks,add ons, plug ins etc were just as easy to install on the auto installed versions as they were on the self install. I would think it would be the same for mostof the other scripts that have add ons available, at least i would hope so....thats a good point you bring up.
  17. thats an awesome list! Just another reason why Rock Sign
  18. 0x800CCC90, Error Number: 0x800CCC92 are username and password errors. Delete your username and password from the account settings and reenter them, make sure you use username@****** as the isername, also they are case sensative. If that doesnt work your password may have gotten corrupt somehow,(not likely since you can access it via webmail) try changing the password in cpanel and try again.
  19. Also, if you are using mail.yourdmain.com for outgoing mail, most ISP's require you have "My server requires authentication" checked on the server tab of your account properties.
  20. I started using mailwasher, i just boune every piece of spam mail i get back to the sender, after a whle they give up.
  21. ok your cpanel is where you control all of your sites functions. If you already ave an account with TCH to access the cpanel go to www.yoursitename.com/cpanel it will ask you for a username and password (these were provided in the welcome e-mail you recieve when you sign up) there is a LOT of info in cpanel but it is broken down into groups like e-mail, subdomains, add on scripts etc. the part you'll want to lok at is the CGI scripts, thats where all the cool stuff is like that online store i showed you. Everything you see in cpanel is included in your monthly plans fee...so you can install ANY of the scripts there at no extra charge.
  22. just move them all around and play guess where that post went
  23. the store i showed you is free, its installed from the control panel for your site here at TCH, its under additionl scripts in the CGI scripts section and its called OS commerce. If it doesnt happen to be there, one of the support gurus can install it on your server. Installation is easy, it asks you to put it an admin username and password (which you choose) then it asks you for a directory to install it to (i used sample as the directory) then you click install and its done.
  • Create New...