As I discovered this week, keeping software up to date, including that which powers one’s websites, has many benefits. Included in those benefits is reducing spam. Yesterday, I received an email from my web host informing me that one of my sites (not disparate.info, thankfully) had been disabled because it had been hijacked and used to deliver spam. The site in question was running outdated software, which allowed some malicious individual to exploit a known vulnerability in that version, install a spam bot, and crash the rest of my sites in the process. After spending days trying to identify why I was exceeding my allotted server resources, thereby causing all of my sites to cease functioning, I had my answer. Needless to say, I’ve learned my lesson. Updating online software is as important as keeping desktop software up to date, and the implications can be much farther reaching. Not only did I potentially lose readers (and revenue) because my sites were inaccessible, but I also inadvertently helped some ill-intentioned individual pollute email inboxes with more ads for cheap Viagra. Then, of course, there is the lost sleep and wasted time spent cleaning up the mess.
Below are excerpts of the message received from my host:
URGENT: Account Exploit
Hello,
We have received a report of what appears to be a spam email message that
has originated from your ‘XXXXXXXX’ account, as well as evidence of a
spam bulk emailer uploaded to the following location:http://XXXX.XX/images/stories/food/hoksha.php
We have deleted the page in question…
Note that I’ve disabled the domain until you can complete the upgrades.
Please do not re-enable it until it is secure.
As surely as this site is now accessible, the problem has been corrected.