I also got one of those.
yep looks like someones got in there, got same email
I also got one of those.
Me too. I got two identical copies of the same email, one at 02:38, one at 08:00.
Old Systems retired due to new car
New system at design/prototype stage on BeagleBoard.
I haven't been on this site in years and I got one as well. Have the admins taken a look at the server yet?
First of all, we have not sold the list. So if our server did this, it is a problem with our server. I agree the header files certainly point to us.
As of around 9am est we shut off the forum mail server so it can't send more mail until we get this figured out. We have tickets into support at wiresix to help us figure out how this happened. Replies might be slow due to the thanksgiving holiday.
This also means e-mail notification will be off until we fix the problem.
As far as updates are concerned, all of our apps and plugins have all the updates so we are having a tough time figuring out where the penetration occurred. We have several people working on it as I write this. If any forum members are experts on penetration testing and don't mind volunteering some advice, we would love to hear from you.
I apologize if our server sent you spam. Spam is one of the worst evils of the internet, we will look into additional measures of protecting our mail list from spam in the event the server gets hacked again.
I would also like to point out that our forum system is entirely different from our store site which is on a completely different host with no access to one another. No credit card, phone or address information has been compromised due to the completely different systems.
I hope you figure this out.
I also hope that it was your server that sent the emails. Hopefully, nobody got a copy of all of our email addresses to give to other spammers.
There is more stupidity than hydrogen in the universe, and it has a longer shelf life. -- Frank Zappa
Ok first things first....fix the security policy on your email server. A properly secured mail server should lock down if it tries to send more then X emails per hour (for example the entire mp3car user list).
Second which i'm guessing you've already done is rotate all admin, database and FTP passwords.
Third, you have an FTP server up and running on the default port. Does this have access to the website base directory?
Fourth, do you have any access logs that might give a clue as to who might have got in or how they did it?
Fifth, are you sure you identified which files were being compromised with the bad links and how they were being accessed?
I started getting spam a few days ago from mp3car also and as of an hour again I am still getting them. Something about male enhancement on the last one. Have not logged in for several years I do not think. I am guessing the database was hacked and emails were taken ? What other information did they get ? Username, passwords, info from the store ?