Community Q&A:
Have I been hacked or has a hacker been captured?
I have an installed, but undeveloped Drupal site. I have the User module configured such that the Administrator must verify the email address of a visitor for the visitor to gain access to the site.
Even though the site is empty and not advertised I have received THIRTY requests for accounts. All of these look like spam and/or virus bots.
My first question is is there any place to turn over the details of these 30 requests? (I have domain and IP address info if that is of any value)
My second question is I am now receiving automated emails from webhostinghub.com that messages from users who are blocked are not being sent to domains that do not exist. (See example below). Does this message mean that someone has gained access to my server to use it as a spam site? Or has the security worked as expected and what is happening is the message from my server (Account details for claymatzaib at www.edswartz.com (pending admin approval)) is trying to get back to the sender ("claymatzaib") but either "Clay" is no longer at the address obama4@dumbdemocrat.info or the server dumbdemocrat.info is no longer available?
Thank you for your help!
-Ed
Message I (Administrator) received:
This message was created automatically by mail delivery software.
A message that you sent has not yet been delivered to one or more of its
recipients after more than 48 hours on the queue on ehub26.webhostinghub.com.
The message identifier is: 1T7hah-0003iS-CU
The subject of the message is: Account details for claymatzaib at www.edswartz.com (pending admin approval)
The date of the message is: Sat, 01 Sep 2012 02:53:59 -0400
The address to which the message has not yet been delivered is:
obama4@dumbdemocrat.info
Delay reason: SMTP error from remote mail server after RCPT TO::
host dumbdemocrat.info [184.173.91.226]: 451 Temporary local problem - please try later
No action is required on your part. Delivery attempts will continue for
some time, and this warning may be repeated at intervals if the message
remains undelivered. Eventually the mail delivery software will give up,
and when that happens, the message will be returned to you.
Even though the site is empty and not advertised I have received THIRTY requests for accounts. All of these look like spam and/or virus bots.
My first question is is there any place to turn over the details of these 30 requests? (I have domain and IP address info if that is of any value)
My second question is I am now receiving automated emails from webhostinghub.com that messages from users who are blocked are not being sent to domains that do not exist. (See example below). Does this message mean that someone has gained access to my server to use it as a spam site? Or has the security worked as expected and what is happening is the message from my server (Account details for claymatzaib at www.edswartz.com (pending admin approval)) is trying to get back to the sender ("claymatzaib") but either "Clay" is no longer at the address obama4@dumbdemocrat.info or the server dumbdemocrat.info is no longer available?
Thank you for your help!
-Ed
Message I (Administrator) received:
This message was created automatically by mail delivery software.
A message that you sent has not yet been delivered to one or more of its
recipients after more than 48 hours on the queue on ehub26.webhostinghub.com.
The message identifier is: 1T7hah-0003iS-CU
The subject of the message is: Account details for claymatzaib at www.edswartz.com (pending admin approval)
The date of the message is: Sat, 01 Sep 2012 02:53:59 -0400
The address to which the message has not yet been delivered is:
obama4@dumbdemocrat.info
Delay reason: SMTP error from remote mail server after RCPT TO::
host dumbdemocrat.info [184.173.91.226]: 451 Temporary local problem - please try later
No action is required on your part. Delivery attempts will continue for
some time, and this warning may be repeated at intervals if the message
remains undelivered. Eventually the mail delivery software will give up,
and when that happens, the message will be returned to you.
ANSWERS
|
0
|
Hello Ed, Sorry to hear about the bots hitting your site. The unfortunate fact is that many spammers/hackers look for open registration sites. This happens with many of the popular blog/cms programs like Drupal, Wordpress, Joomla, etc. The best you can do to stop it is to simply NOT allow open registration. You can also implement a RECAPTCHA system to make it so that robots can't simply autologin to your site. I'll give you a way to block outside IPs, if you wish to use it, and also the link to Drupal's module of RECPATCHA that you can implement - to stop the robtos. The email issue is also related to this. They've created users that are on your site that won't verify. I myself have a test Wordpress site that received over 500 anonymous logins when I set open registration, so I do understand what you're seeing. Close open registration (or remove the link) for now until you can implement verification procedures (using recaptcha or other system) to stop the bots. This will help with the both issues you're seeing. How to block an IP from website Recaptcha Drupal Module If you have any further questions, please contact technical support or leave a comment at the bottom of the page. Regards, Arnel C. |
Want to share this Question?
Tweet
Help Center Login
Related Articles
It looks like there are no related articles.
Would you like to ask a question about this page? If so, click the button below!
