Three websites on three different shared servers were compromised by a hacker through weak FTP passwords. The hacker uploaded a trojan to these hosting packages and so these three servers were placed on anti-spam blacklists.
All three website owners have been contacted now and their FTP passwords reset. The offending files have been removed and the servers should be fully out of the blacklists soon. In the meantime for any users of the following servers they might be seeing some emails they send bouncing back to them undeliverable:
Galahad - 81.17.248.4
Gorlois - 81.17.252.85
Rivalin - 81.17.252.145
As a note to all users, please ensure all of your passwords are relatively secure. Some secure password tips would be:
# Don't use a dictionary word
# Don't use part of the username
# Keep the password at least 7 characters long
# Have a combination of at least three of:
- lowecase characters (a, b, c)
- uppercase characters (A, B, C)
- numbers (1, 2, 3)
- non-alphanumeric characters (!, %, *, {, £, )
Update (12.00pm): The three servers were removed from the blacklist about 90-120 minutes ago and most, if not all, mailservers around the world should have updated their blacklists to no longer include these three IP addresses. The IP addresses are fully removed from the blacklist itself.
All three website owners have been contacted now and their FTP passwords reset. The offending files have been removed and the servers should be fully out of the blacklists soon. In the meantime for any users of the following servers they might be seeing some emails they send bouncing back to them undeliverable:
Galahad - 81.17.248.4
Gorlois - 81.17.252.85
Rivalin - 81.17.252.145
As a note to all users, please ensure all of your passwords are relatively secure. Some secure password tips would be:
# Don't use a dictionary word
# Don't use part of the username
# Keep the password at least 7 characters long
# Have a combination of at least three of:
- lowecase characters (a, b, c)
- uppercase characters (A, B, C)
- numbers (1, 2, 3)
- non-alphanumeric characters (!, %, *, {, £, )
Update (12.00pm): The three servers were removed from the blacklist about 90-120 minutes ago and most, if not all, mailservers around the world should have updated their blacklists to no longer include these three IP addresses. The IP addresses are fully removed from the blacklist itself.
![Reblog this post [with Zemanta]](http://img.zemanta.com/reblog_e.png?x-id=d5cff252-fcce-4901-a031-50070db919d7)