INSIDE
Your Web Site Under Attack!
Assimilating you into the spamming
collective
A sinister legion of intruders has invaded the world wide web,
turning millions of sites (like yours) into hapless spamming
automatons. Sound like science fiction? Unfortunately, it's real.
Probe attacks targeted a couple of DTL sites in late August
forcing us to route additional power to our shields.
And here's the kicker: blasts of junk mail go out from your web site with your domain name on it!
What you need to know
Spammers hijack a vulnerable computer for mounting an
email
injection attack
— a method of sending spam
through web forms, like a contact page, using robotic software. By
posting information directly to an email-sending script, they
can insert their own content and spam anyone they please. Outgoing
messages identify the victimized web site owner and hosting server,
and the spammer is virtually untraceable.
Who is vulnerable?
Any web site with a form that sends information via email can be
hacked, regardless of which programming language is used (PHP,
Perl, ASP, C, ColdFusion, shell scripts, etc.). JavaScript
filtering on web pages is ineffective — the attacking
spambots bypass the web page and directly hit the supporting
scripts.
What can happen to you
These attacks often cause the web site owner and other victims to
get spammed. Error messages can be bounced into your mailbox, or
the spam blasts can go out without your knowledge. That puts you
and your web hosting company at risk of being blacklisted by other
service providers attempting to protect their own customers. Being
blocked by a large provider such as AOL or Yahoo can have
disastrous affects on your business (and ours).
Shields up!
DTL immediately developed a web form protection system that detects
over a dozen telltale signs of an email injection attack. If a
posting is deemed to have come from a spambot, it is rejected.
Rejection is good, but extermination is better.
So we integrated this new web protection into DTL's
real-time, adaptive BlockSmith system. This
blocks attackers at our firewall, stopping repeat hijackings by
denying all access to our network. (For more details, read about
BlockSmith and how it protects your email and now your web
site.)
Only customers with DTL-designed sites are fully
protected
The sites for all DTL web design customers were updated in early
September after we became aware of this problem. No action is
required on your part. Your web forms are now part of an active
defense system that helps protect all our customers.
Other DTL customers take evasive action
If your web site is not designed by DTL, uses third party web
applications, or is hosted elsewhere, you must ensure that your web
forms are hijack-proof to avoid potential downtime. Web sites
found to be abused by spambots must be taken offline to protect
your email status and all other DTL customers.
The problem is easily solved with the right technology — and since technology is DTL's middle name (literally) we can help.
Showcase: MaryBeth Brown Marketing
This month, DTL shares the rich chocolaty decadence of MaryBeth Brown Marketing's
new web site. MaryBeth needed a simple but elegant site for her
new marketing consultancy. So with a name like Brown, our
color scheme was obvious and gave us great inspiration. Plus,
this low-calorie DTL design, weighing in at less than 100K of
highly optimized XHTML and graphics, features heavy-duty
expandability when needed. “I love it! You
captured the exact essence I wanted,” says
Brown, “I must call Sheila and thank her for
introducing me to you.” (We do spread the
goodness; Sheila earned a complimentary month of service for her
recommendation.) It may be the simplest site we've created in
a while, but it's pretty sweet all the same.
“DTL enabled me to update my site effortlessly
.... Morgan is one of those guys that won't let go until
it's perfect. I've known him for over 20 years and his ability and
integrity are beyond reproach.”
— Brock Meeks, MSNBC
Brock N. Meeks Photography
Be in our next service update Send us a kind word.
The Most Important Person at DTL...
...is you! Your feedback is extremely valuable. If you have questions or suggestions on how DTL can help you succeed online, please contact me.Sincerely,
Morgan Davis
President, DTL Networx
About DTL Networx
DTL provides design, development, IT, and hosting services for organizations that demand a higher class of web production and management, database administration, Internet operations and marketing support. It is the second-generation Internet services company pioneered by Morgan Davis, author of several computer books and creator of one the first applications to connect personal computers to the Internet in 1984.
Copyright © 2005 DTL Networx. All Rights Reserved.