Announcement

Collapse
No announcement yet.

test email from Actinic Catalog - HACKED?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    test email from Actinic Catalog - HACKED?

    I've been getting these test emails fairly randomly for years, and a while back I thought I'd linked it to google spidering the site (I happened to notice googlebot had visited one of the perl files at roughly the same time as I got a test email), so I figured googlebot was accidently triggering the emails thought no more about it.

    However, I've just received a "This is a test email from Actinic Catalog" email followed almost imediately by a failure notice telling me that my email "This is a test email from Actinic Catalog" could not be delivered to 12 different recipients (in the same failure email). Very suspiciously all of the emails start with the letters FE (ie. it looks like an email was sent to a subset of a large number of emails sorted in alphabetical order).

    So it looks like something has been hacked somewhere....?

    What settings do I need to change to fix that? Currently it's set to "localhost" in the email settings.
    John

    #2
    You could try the options suggested in this thread.

    https://community.sellerdeck.com/showthread.php?t=40437

    Mike
    -----------------------------------------

    First Tackle - Fly Fishing and Game Angling

    -----------------------------------------

    Comment


      #3
      oh crap. just received 2 more failure notices - but this time for customer orders!

      so, the customer has placed the order and the confirmation receipt has gone to them (presumably), with a copy to us (as usual), but also apparently it's been sent out to a bunch of random emails (this time starting with DE).

      So what's going on?

      Firstly, how is that happening?

      Secondly, why??? I'm mean what possible reason would there be to spam out test emails and customer orders to a bunch of strangers? (unless it's an underhanded competitor hiding their geniune email amongst a bunch of random ones). But other than that I don't see what anyone would gain from hacking it in that way. I mean hacking an email server to send spam on behalf the hacker - that makes sense, but sending order receipts to random people?

      Thirdly, how do I stop it?

      Does it mean one of the perl files has been compromised?
      John

      Comment


        #4
        Originally posted by Mike Hughes View Post
        You could try the options suggested in this thread.

        https://community.sellerdeck.com/showthread.php?t=40437

        Mike
        hmm... there was a ts0000... file so I've deleted that. But I don't think that explains how the customer receipts are being sent out to a bunch of random emails.

        I'm thinking the other thread is more of a glitch, where-as this seems much more like a hack. I mean I've had the random test emails for years with no problems, it's only suddenly today that I'm getting these failure notices...
        John

        Comment


          #5
          It does sounds as if one of your scripts has been hacked to include other addresses when sending out emails.

          Change the script number and do a purge & refresh. That should remove the hacked one and upload a clean version of the scripts to the server.

          Not sure they got access, but I'd also check the server for hacked .htaccess files and anything else you don't recognise.

          Mike
          -----------------------------------------

          First Tackle - Fly Fishing and Game Angling

          -----------------------------------------

          Comment


            #6
            Originally posted by Mike Hughes View Post
            It does sounds as if one of your scripts has been hacked to include other addresses when sending out emails.

            Change the script number and do a purge & refresh. That should remove the hacked one and upload a clean version of the scripts to the server.

            Not sure they got access, but I'd also check the server for hacked .htaccess files and anything else you don't recognise.

            Mike
            I'm not sure which one though, none of them seem to have been modified since 2010... I'll do the purge but I'll have to dig out a copy of ms access - I have the /acatalog/ url fix, so every time I make a change in the network settings I have to go back in and edit the mdb manually...
            John

            Comment


              #7
              Accidentally clicking send emails icon?

              A while ago I accidentally clicked the Send Emails to All Customers icon on Sellerdeck (then Actinic) and it started sending out emails, and by the time I realised and could stop it a number had been sent. Is it possible that somebody at your end could have done this or something similar without realising?

              My own experience regarding any problems is that hacking is unlikely and there is some other reason.

              Sarah

              Comment


                #8
                Originally posted by saucysal View Post
                A while ago I accidentally clicked the Send Emails to All Customers icon on Sellerdeck (then Actinic) and it started sending out emails, and by the time I realised and could stop it a number had been sent. Is it possible that somebody at your end could have done this or something similar without realising?

                My own experience regarding any problems is that hacking is unlikely and there is some other reason.

                Sarah
                No - firstly, the failure notices were in response to 2 specific automated emails (a test email and a customer confirmation email); secondly, in each case the email was sent to one email address but resulted in failures to multiple different email address; thirdly, none of the failed email addresses are previous customers...
                John

                Comment

                Working...
                X