My server account has been suspended due to someone getting in and using it to spam. They say I can't have the site back until I give them a plan on how I'm going to stop this. Well I have no idea what to tell them. Any help would be appreciated.

I have a question, how is this dragonflycms related?

Because the server provider told me that the exploit probably came through Dragonfly and has told me to use another CMS. So I guess it doesn't really matter, since I will be dropping this CMS.

RFJ_Pony97 wrote:

Because the server provider told me that the exploit probably came through Dragonfly and has told me to use another CMS. So I guess it doesn't really matter, since I will be dropping this CMS.

Thats funny.
Your provider needs to wake up. DF is the most secure CMS out there. Sounds like your providers sever isnt secure on the smtp end. Try to send out an email using mail.yoursite.xxx without a password. I bet it will work.

I host almost nothing but DF sites on 5 servers and I don't allow phpnuke or postnuke because of security issues that have almost brought my servers down. Ive NEVER had any issues with this wonderful CMS.

SBN-WEB-HOSTING.COM
Is that your host?
I think they have some bad issues themselves. I'd look for another host, fast.

RFJ_Pony97 wrote:

give them a plan on how I'm going to stop this

Try changing your passwords and be sure to use strong password that includes number digits, capital and lower cases.

Also make sure to enable ssl (or any other way to secure your connection) to smpt, pop3 and other tools authentification (ask your provider about this), otherwise you will send a plain password.

Let them know that you are using a secure, stable and optimized cms. Maybe they should ask all other users to use Dragonfly!

This is a start point to fix your/their problem, we all never experienced similar episodes.

If you/they cannot found a solution I'll invite you to change cms to probably have the same problem, an higher server load and maybe an hacked database.

All i know about spam: they filled up my inbox with 1500+ emails, they used my account (and others) to spam emails but in less then 24 hours my provider fixed the problem with some software updates.

I'm not probably the best that could help you and your provider but using using some basics for security, strong passwords, encrypted connections and software and services updates will not be that bad for sure.

RFJ_Pony97 wrote:

Because the server provider told me that the exploit probably came through Dragonfly and has told me to use another CMS. So I guess it doesn't really matter, since I will be dropping this CMS.

I dont'know if that spamming could be somehow related to the following but do you update your cms with the latest security patches? It was announced some time ago through the update monitor that four files were improved on security. Of course you need to have the monitor enabled or watch the security forums to know.

And which cms did you or your host think was more secure than Dragonfly?

Dragonfly is not PHP-Nuke, even if it was derived from it long ago and was once called CPG-Nuke.

bigern75 wrote:

Thats funny. Your provider needs to wake up. DF is the most secure CMS out there. Sounds like your providers sever isnt secure on the smtp end. Try to send out an email using mail.yoursite.xxx without a password. I bet it will work.

Well, they don ´t even need to use the server for spamming ...
Some years ago I registered a domain at a local provider (1 domain was free :-)) and never used it in any way ( catchall mails are forwarded to my normal mailaccount, but thats it) .. but from time to time i get loads of spamreports, saying my domain was used to spam .. so what, it ´s easy to fake the FROM: ...

Quote::

easy to fake the FROM: ...

thats correct

If you check the header and the queue, it will show it went thru the account. And thats how they know it was using that account. Even if they fake the FROM: You can actually see which accounts smtp it went thru.

I truely dont see this being a DF issue.

Don't be so quick to condemn - it could easily be a dragonfly issue for a variety of reasons, like failure to adopt security updates, use of insecure modules (plenty of them around), poor password control.

I guess it's a moot point now, but a host does need to give you some info to go with before ASSuming was Dragonfly security was the issue.

RFJ_Pony97, could you please give us a little more info to go on.
Thanks

I advise you to change to another host supplier. More serious and intelligent.Do they know what is a CMS ?With another CMS? Like phpnuke,for example?


best regards

Don't laugh too loud - Dragonfly has its moments, albeit very brief moments, thanks to DJ and Syama_Dasa's response to security issues.

looks like he's moved to joomla.