I use WebAssist Universal email version 2.5.4, a Dreamweaver PHP extension to place email forms on a site that I have constructed for a pretty big UK charity. However the host closed it down today because of spam being sent.
Users can fill in forms on several pages to send emails to people within the charity - the recipient emails are coded into the forms on the site. No database is connected to the forms.
The host is not being helpful at the moment - almost accusing the charity of sending the emails themselves. They say:
"It appears that this mail may have been sent through an exploit in one or more of the scripts on your system. We would ask that you review the code on your website to remove any vulnerabilities that may allow the scripts to be abused to send emails. If the scripts are from a 3rd party software we would advise you
contact the vendor for security patches or updates to their code."
It seems I cannot WebAssist because I have no 'Support Incidents'. So no help there and the host (Pipex - major UK listed co) have blocked access to the server so I cannot see what has happened there. Shared hosting account details are here http://www.webfusion.co.uk/hosting/
Pipex say before sending the site live again I must tell them what I have done to rectify the situation. If someone changed the code on the site then are the host not in some way responsible? I am really not sure how to proceed. Helpful guidance at a level appropriate to someone who is security illiterate will get rewarded with the points - you may have to help me respond to a couple more emails.
For the record I replied to their email as follows:
My client, a UK charity, has forwarded me this email.
There are forms on their site for submitting emails from site users only to administrative contacts at the charity. There is no script on the site that unamended could send emails to anyone outside the organisation. The
recipient names are hard coded into the files that are placed on the site so this presumably means that a third party has changed the code on the site - in which case placing the original files back onto the site will rectify the situation.
I would be able to do this in 15 minutes but it seems thta you have blocked
access to the server. Please confirm - I am unsure how I can diagnose what
is happening without accessing the server..
Alternatively a third party has placed new files onto the site, in which case my action suggested above will have no effect.
Can you confirm that this has not happened?
It would be helpful to us if you could explain more about what has happened since my client naturally assumes that their files on your servers are secure. As a well known UK charity they do not want their name associated with sucn activities. What is there in place to prevent this recurring after the situation is corrected?