Email Issues 24/1/19

EMAIL SEND ISSUES

We have been experiencing email sending issues over the last few days. On receipt of an unusual activity alert from the mailserver, a support request was lodged with our tech support company as the activity was recognised as a significant volume of email being sent from a client domain.

The situation we discovered was that a client website had been re-developed using a freelancer and the site was compromised by either uploading a compromised WordPress file or plugin and allowing an external operator to control sending spam mail from the site. The website sent just over 4000 spam email in the first few minutes. This triggered the server spam control systems which limit sending mail based on rejection/deferral (to avoid our server being blacklisted). While most of the spam emails were diverted and controlled internally, the activity triggered spam systems at major ISPs which started rejecting email. ISPs have deferral periods before they start accepting mail again.

Most services returned to normal yesterday with Bigpond now accepting email but Microsoft (Hotmail, Outlook.com and Live.com) and Yahoo/ymail.com still rejecting email.

There is a simple fix to overcome problems experienced with sending email from your domain. it is a simple change in your email program to change your outgoing server settings from mail.yourdomain.com (e.g. mail.gympiewebsites.com.au to mail.your-ISP-mailserver.com (e.g. mail.bigpond.com or mail.tpg.com.au).

INSTRUCTIONS TO CHANGE OUTGOING MAILSERVER

How to change your outgoing mailserver to your ISP -PDF File 279KB

CURRENT ACTION – COMPROMISED WEBSITE

The compromised website was shutdown on receipt of the alert. Following communication with site owner, the site was re-opened without any email services to allow the compromised site to be deleted and clean site re-stalled. Unfortunately, 24 hours later more malicious files were uploaded to the server. The compromise did not send any spam (or the email sending issues) but had a serious negative impact on CPU usage while trying to send spam. Again, the server protection arrangement commenced immediately with our server technicians killing the malicious processes and alerting me to the issue. The whole client account was suspended at that time and is in the process of being removed from the server.

EMAIL SERVICE POLICY CHANGE

All Cooloolabusiness.com clients will be informed that outgoing mail services will be ceasing. Clients will be required to use their ISP mail servers for sending email from hosted domain email accounts from 1/2/19.

HOSTING SERVICE POLICY CHANGE

In addition, this situation has identified that one compromised client website can cause issues for other clients.

From 1/2/19, hosting accounts for clients with externally developed websites will not be renewed.

The only exception to this will be where a site owner enters into a website management agreement with Cooloolabusiness.com to ensure that WordPress sites are kept up to date and have capable security plugins installed to protect against hacking and compromise. This agreement will be $50 ex GST per month and include installation of security plugins and full backup of the WordPress install for your protection. This payment will be included as an annual charge of $550 on renewal invoices (providing an annual discount). Alternatively, payment can be arranged monthly via PayPal.

CONCLUSION

It is unfortunate that these decisions have had to be taken. In the end, they are simple but necessary decisions required to protect the integrity of our servers and the client sites we develop, host and manage.