Spam sending script

Hi,

I have a website on arvixe, and they suspended me two times because of the following:

''We've identified that a script /home/.../public_html/engine/handlers/action_handler.php (on hosting account websiteowner - dotforexample.com) has been sending spam (or emails that resemble spam) in large quantities. To protect yourself as well as others on the same platform, we have been forced to disable this script.''

 

what is spam sending script? (I dont know much of coding) and how come a script run without my permission?

I replaced action_handler.php, handlers...all of them but still the same

I only have elgg, facebook theme, and a captcha installed.

So does anybody know anything about this issue?

Regards

 

  • Hi Ssahin

    Please check your Private Message

    Rodolfo Hernandez

    Arvixe/Elgg Community Liaison

  • It's not action_handler.php itself that is sending anything. Briefly speaking, this file handles processing of actions in Elgg, so it might appear that this file is doing someting that is actually performed by other actions within Elgg.

    In your case I suspect that the "spam emails" are not really spam but notifications emails (notifications on new content, validation emails etc.). The notification emails are quite similar regarding content, so they might be (wrongly) seen as spam.

    By default, notifications are enabled for new accounts in Elgg. And a lot of people might be too lazy to turn them off (even if they don't really want them) or don't even know how to turn them off. You might want to give this plugin a try: http://community.elgg.org/plugins/869366/1.8.2/elgg-1819-set-no-notifications. It turns of the email notifications for new accounts (or at first login of existing accounts after the plugin has been enabled). This way the "default" is no email notifications which will reduce the amount of emails sent. Of course, people can still turn on the notifications again, if they really want them.

    If Arvixe is really only trying to protect you from your server sending spam, you can tell them, that the email notifications are perfectly okay. But I suspect they also want to reduce the server load caused by your site (shared server?). If your server really produces too much load due to the amount of emails sent I'm afraid you will have to switch to a VPS instead of shared server sooner or later.

  • @sshain Please check your email and the status of the support ticket.

    @iionly Due to security and privacy reasons, right now I can't share in public how this was solved.

    Regards,

    Rodolfo Hernandez

    Arvixe/Elgg Community Liaison

  •  @Rodolfo That's a political statement if ever I heard one.

    The question is . . .  Was it solved, and who won?

  • Problem.

    The network was being targeted by spammers heavily, with automated account creation.

    Solution:

    Using the available tools found here (Spam Login Filter, Honeypot, Akismet) will solve the issues.

    There's a big reason to not share every detail of the problem/solution in public, to avoid spammers bypassing the anti-spam plugins provided by developers.

    Rodolfo Hernandez

    Arvixe/Elgg Community Liaison

  • There's a big reason to not share every detail of the problem/solution in public, to avoid spammers bypassing the anti-spam plugins provided by developers.

    This is a fallacy. Spammers likely know more about the anti-spam techniques than we do. Sharing techniques is the way to improve them, and truly effective techniques won't be affected by spammers knowing they're being used. This is why heuristic tools are so effective.

  • @Brett Besides plugins, there are other methods that are being implemented to avoid this situation.

    Also, if you have any demo elgg site, make sure that registration is disabled. Sometimes you forget about those demo sites and then you have a spammer problem. (Which was part of the problem)

    Rodolfo Hernandez

    Arvixe/Elgg Community Liaison

  • @Brett Besides plugins, there are other methods that are being implemented to avoid this situation.

    Yes, I assumed so. The same still applies. Secrecy won't solve this problem. It's similar to security through obscurity; it's a response by inexperienced developers and it just doesn't work in the long run.

  • @Brett I just try to answer while keeping any details about the customer details private. I hope that we can share what we did this week, so everybody can benefit from it.

    Also, I shared an effective solution against spammers. One of the most effective ways, for my elgg network, against spammers was to remove (via plugin/theme) the registration page and create a registration form via ajax/jquery. It has been working extremely well.

    http://community.elgg.org/discussion/view/1570790/fake-users-registration-attack?annoff=50