Provider Notifications

All of my web sites ended up suspended for perhaps as much as twelve hours due to someone hacking into one of my email accounts and using that account to send spam.

The hosting provider received a notification of the email account being used to send spam and suspended the email account. They then sent me an email to let me know what had happened so I could fix it. When they didn't receive a response to that email within a reasonable amount of time they suspended the entire hosting account.

Unfortunately the reason they didn't get a response to the email was that I never got it because it was sent to the email account they had just suspended. Apparently they allow exactly one email account to be designated for receipt of abuse messages (although they do allow you to set up additional email addresses to use with the billing department).

When I finally discovered that my account had been suspended it then took about five hours with a support ticket and four or five chats with support to get the account working again. All I got with respect to the account having been suspended was an apology since it was only one email account that was compromised and this was the only time anything on my account has had such issues - they actually scanned everything and confirmed that only the one email was affected. Had the problem occurred on any email account other than the one they sent the abuse report to, I'd have received that email and been able to rectify the problem before they suspended the entire account as all it needed to fix it was to change the password on that one email account from one complex string of letters and numbers to a completely different string. Of course I changed a lot of my other passwords at the same time.

I had further discussions with the abuse department regarding where they send the emails and got nowhere. Apparently it seems that while you can have as many email addresses as you like for billing to use, the abuse department only send abuse notices to the primary email address even when that's the one email address that has problems.

A bit more thought and I came up with a solution which I am now going to share with you so that you will never have the issue of your entire account being suspended due to the one email address they notify you of problem being the one with the problem.

To resolve this I set up two email forwarders. Both are forwarding emails sent to a new email address I just created in the forwarders to two different existing email addresses. So any emails sent to that address will land in two of my email accounts instead of just the one. I then changed the email address on my account with the hosting provider to this new forwarder email address. I then tested it using the reset password link on their site. This delivered two copies of the password reset email to me - one in each of the two email accounts that the forwarders were set to.

So should I ever suffer the misfortune of having one of my email accounts hacked and used to send spam again with hosting support suspending the email account then no matter which email account they suspend I will still receive at least one copy of their email advising of the problem so that I can fix it immediately and not have to spend hours while they confirm that nothing else on my site is compromised (and if something else had been compromised to send spam emails then the tracking headers I have built into my scripts would quickly identify which script was compromised so it was obvious to me from the start that nothing on the site itself was affected).

As my primary email address for such notices is now only a forwarder and not an actual account, it can't be compromised. Only if both of the email addresses that it forwards to get suspended at the same time would I not receive at least one notice.

 

This article written by Stephen Chapman, Felgall Pty Ltd.

go to top

FaceBook Follow
Twitter Follow
Donate