Web site restoration (removed by host!)

( My apologies if this is the wrong group* - if not,
could you point me to a good one? )

A security flaw in my server, my own stupid fault,
has caused my sites to be pulled by the host.

The security flaw resulted in (takes deep breath) Spam
being sent through my mail by person/s unknown.

Evil, horrible, horrid spam. And because I failed to
prevent it, I am responsible for it. I want to do what
it takes to
- fix the damage
- ensure it does not happen again

Also, I want to get my sites back on-line,

...but apart from
a) visiting the obtuse pages of SpamCop[1], and selecting one
of the 'options' from their menu (before being told not to
do that again for 'similar' issues.

b) constantly asking the host for more information/action.
(they seem to be very quiet at the moment - which seems
very strange given previous (20-30 min.) reponse times.

Has anybody had experience with this sort of stuff or can
give me pointers/keywords to search/ links that can explain
to me exactly what it is going to take to get my sites back
on the net?

( I realise there are a number of fine details that might
be relevant. However, there are a lot of them so I though
it better not to spend the bandwidth until either someone
has a better idea *which* are relevant, or points me to the
best group for such questions. )

Any pointers appreciated.

[ * I was searching the groups on "security web site",
"security web site spam", and "webmaster", but could
see no consistent pattern to the groups - and none
seemed as relevant as c.i.w.a.s-d ]

Oh, and you can 'see' the site concerned in my sig.

--
Andrew Thompson
http://www.PhySci.org/codes/ Web & IT Help
http://www.PhySci.org/ Open-source software suite
http://www.1point1C.org/ Science & Technology

Andrew Thompson wrote:

Quote:

( My apologies if this is the wrong group* - if not, could you
point me to a good one? )

A security flaw in my server, my own stupid fault, has caused my
sites to be pulled by the host.

The security flaw resulted in (takes deep breath) Spam being sent
through my mail by person/s unknown.

You had a Contact Us form? What were you using? Matt's FormMail?

Quote:

Evil, horrible, horrid spam. ...

Yup.

--
-bts
-This space intentionally left blank.

On Mon, 04 Jul 2005 13:30:59 GMT, Beauregard T. Shagnasty wrote:

Quote:

Andrew Thompson wrote:
( My apologies if this is the wrong group* - if not, could you
point me to a good one? )

A security flaw in my server, my own stupid fault, has caused my
sites to be pulled by the host.

The security flaw resulted in (takes deep breath) Spam being sent
through my mail by person/s unknown.

You had a Contact Us form? What were you using? Matt's FormMail?

No - I had already heard that one was not recommended.

The host seemed to have no specific warnings re the second,
I installed it from the site tools.

Quote:

Evil, horrible, horrid spam. ...

Yup.

...is there anything you can recommend to resolve
this dilemna, or do you feel I should be
'cast off the net' for my stupidity?
[ c) something else? ]

--
Andrew Thompson
http://www.PhySci.org/codes/ Web & IT Help
http://www.PhySci.org/ Open-source software suite
http://www.1point1C.org/ Science & Technology
http://www.LensEscapes.com/ Images that escape the mundane

Andrew Thompson wrote:

Quote:

On Mon, 04 Jul 2005 13:30:59 GMT, Beauregard T. Shagnasty wrote:

Andrew Thompson wrote:

A security flaw in my server, my own stupid fault, has caused
my sites to be pulled by the host.

The security flaw resulted in (takes deep breath) Spam being
sent through my mail by person/s unknown.

You had a Contact Us form? What were you using? Matt's
FormMail?

No - I had already heard that one was not recommended.

So, what were you using? You say a flaw, 'my own stupid fault' caused
the problem. Worded that way, it means you know what the fault was.

Quote:

The host seemed to have no specific warnings re the second, I
installed it from the site tools.

Why not write your own?

Quote:

..is there anything you can recommend to resolve this dilemna, or
do you feel I should be 'cast off the net' for my stupidity?

Heh!

Quote:

[ c) something else? ]

Maybe someone could help if we all knew what your 'email' or whatever
is supposed to do. Contact Form? "Send a link to a friend?" etc...

--
-bts
-This space intentionally left blank.

On Mon, 04 Jul 2005 13:51:55 GMT, Beauregard T. Shagnasty wrote:

Quote:

Andrew Thompson wrote:
On Mon, 04 Jul 2005 13:30:59 GMT, Beauregard T. Shagnasty wrote:
Andrew Thompson wrote:

A security flaw in my server, my own stupid fault, has caused
my sites to be pulled by the host.

The security flaw resulted in (takes deep breath) Spam being
sent through my mail by person/s unknown.

You had a Contact Us form? What were you using? Matt's
FormMail?

No - I had already heard that one was not recommended.

So, what were you using?

A bit of poking around the darker areas of my local
site back-up suggests it is..
CGIEmail <http://web.mit.edu/wwwdev/cgiemail/>

Quote:

You say a flaw, 'my own stupid fault' caused
the problem. Worded that way, it means you know what the fault was.

My words (or at least tone) were perhpas poorly chosen.

I figured it would not pay to arrive at this group
accepting anything less than complete responsibility.
"It's my server, and I am the only only with access, but
it is someones else's fault".

It is my server and if someone else managed to use
it for bad purposes - it is my fault and my
responsibility to fix it.

[ But no, to be honest I am still not certain *how* it
happened. I wish I did. ]

Quote:

The host seemed to have no specific warnings re the second, I
installed it from the site tools.

Why not write your own?

...yeah I could.

But ..it is not an area of great interest to me, nor
an area in which I have a lot of experience.
Do you really think we need *yet* *another* tool for sending
mail, written by a well meaning amateur??

Quote:

Maybe someone could help if we all knew what your 'email' or whatever
is supposed to do. Contact Form? "Send a link to a friend?" etc...

All it was intended, was as a contact form for mail back to me.
There was no way to choose any email address. I still do not
understand exactly how it works ..though I think that is
becoming fairly obvious?

But perhaps I need to clarify - I would prefer to stomp on
(cancel / kill / negate / remove) all email ability and get
the sites back on-line, than spend time now, trying to fix it -
perhaps consider email again in six months*.

My priority is not attaining the perfect and unassailable
email - but to get the sites back on-line.

* This will probably amount to 'email address in page and
spam trap in email client' ..just like the more experienced
advisers were imploring me to do from the start!

--
Andrew Thompson
http://www.PhySci.org/codes/ Web & IT Help
http://www.PhySci.org/ Open-source software suite
http://www.1point1C.org/ Science & Technology
http://www.LensEscapes.com/ Images that escape the mundane

Andrew Thompson wrote:

Quote:

On Mon, 04 Jul 2005 13:51:55 GMT, Beauregard T. Shagnasty wrote:
...
So, what were you using?

A bit of poking around the darker areas of my local site back-up
suggests it is.. CGIEmail <http://web.mit.edu/wwwdev/cgiemail/

Is that an MIT service, or something you installed?

Quote:

Why not write your own?

..yeah I could.

But ..it is not an area of great interest to me, nor an area in
which I have a lot of experience. Do you really think we need *yet*
*another* tool for sending mail, written by a well meaning
amateur??

My sites all use simple PHP code to send the results of a form to me.
There is normally about 70-80 lines of code including validation, not
counting the page's header, menu, footer display.

Quote:

Maybe someone could help if we all knew what your 'email' or
whatever is supposed to do. Contact Form? "Send a link to a
friend?" etc...

All it was intended, was as a contact form for mail back to me.
There was no way to choose any email address. I still do not
understand exactly how it works ..though I think that is becoming
fairly obvious?

But perhaps I need to clarify - I would prefer to stomp on (cancel
/ kill / negate / remove) all email ability and get the sites back
on-line, than spend time now, trying to fix it - perhaps consider
email again in six months*.

Won't they turn on the site if you remove the Contact page?

Quote:

My priority is not attaining the perfect and unassailable email -
but to get the sites back on-line.

* This will probably amount to 'email address in page and spam trap
in email client' ..just like the more experienced advisers were
imploring me to do from the start!

Having an email address is a good thing, and my sites do show one,
though they ask that the visitor use the form. Most all do.

--
-bts
-This space intentionally left blank.

kchayka wrote:

Quote:

Beauregard T. Shagnasty wrote:
My sites all use simple PHP code to send the results of a form to
me. There is normally about 70-80 lines of code including
validation,

Does that validation include checks to thwart attempted bulk mailer
attacks? Just curious.

But of course. <g>

--
-bts
-This space intentionally left blank.

On Tue, 05 Jul 2005 14:22:24 GMT, Beauregard T. Shagnasty wrote:

Quote:

But perhaps I need to clarify - I would prefer to stomp on (cancel
/ kill / negate / remove) all email ability and get the sites back
on-line, than spend time now, trying to fix it - perhaps consider
email again in six months*.

Won't they turn on the site if you remove the Contact page?

This is the exasperating thing!

I would already have deleted it the heck off my site,
but I do not have acces to my account, or my files or
folders on their system, at this time. I am locked out.

( And they do not seem keen to talk to me! :-/ )

--
Andrew Thompson
http://www.PhySci.org/codes/ Web & IT Help
http://www.PhySci.org/ Open-source software suite
http://www.1point1C.org/ Science & Technology
http://www.LensEscapes.com/ Images that escape the mundane

On Tue, 05 Jul 2005 11:45:35 -0500, kchayka wrote:

Quote:

FWIW, if the OP was using one of his hosting service's pre-installed
scripts (unmodified),

To my current understaning 'yes' (pre-intalled) and 'yes' (unmodified).

Quote:

..but a bulk mail relay attempt still got through, I
think the host should take some responsibility, ..

While I accept responsibility for the end effect, I
thank you for your comment.

Now, perhaps the real problem here, to getting my sites
back on-line, is no longer SpamCop or any such thing.
It is lack of action from my own host..

Can anybody advise whether other hosts would balk at hosting
my sites? I would not want to shell out for another (Java
enabled) server only to have SpamCop put pressure on the new
host to remove it again.

Assuming no more spam reports arrive for my domains,
would SpamCop take any interest in the domain's reappearance?

[ Sorry, I would ask SpamCop, but their site's logic
is lost on me. ]

Thoughts?

--
Andrew Thompson
http://www.PhySci.org/codes/ Web & IT Help
http://www.PhySci.org/ Open-source software suite
http://www.1point1C.org/ Science & Technology
http://www.LensEscapes.com/ Images that escape the mundane