Autoresponse Plus (ARP) Security Problem
Over the past week, we’ve been made aware of a potential security issue affecting users of autoresponse plus. Currently, the instances we’ve seen have been related to ARP3 and are a serious concern.
In a nutshell, hackers are hacking into autoresponse plus accounts (not the server, but the actual email client itself).
NOTE: This vulnerability is not exclusive to, or in any way related to, the hosting provider or server choice. This is a problem with autoresponse plus (ARP/ARP3). It has been found on a variety of webhosts running all different applications and across a number of different industries and markets.
As a result, here is some of what is happening:
- Sending out blatant spam (here’s an example of a message:Hello Friend,Note: This offer will be gone without any notice.Your KINDLE competition will surrender like little crybabies!Get this with 72% DISCOUNT! HURRY!
- Changing account information inside of your autoresponse plus installation.
In other words, they are actually CHANGING the email address set up in your ARP account. This means password resets, notifications, etc. will all be going to the email address they change it to. (So far, these all appear to be Hotmail, gmail, and Yahoo top level domains). - Downloading your email list.
We have verified that, inside several accounts, the “hacker” has downloaded the contact list. For obvious reasons, this is a big issue…
How Is Autoresponse Plus Getting Hacked?
While we are not 100% certain of all the ways in which this is happening due to log file expiration on the servers we’ve looked at, it appears that it is due to a “SQL injection”.
To keep things simple, there is a problem with ARP, which exposes elements of the database to attackers. The autoresponse plus (arp) admin password is not encrypted, and a hacker can essentially overwrite the admin user email address and use it to retrieve the password as well as retrieve an export of all email addresses in the system.
How to Fix the Problem
The only sure fire way to solve the problem is to REMOVE autoresponse plus (ARP3 from your server). There are several ways in which the security can be compromised.
Next Steps
There’s a good chance your IP reputation has been affected by the hack, so you’ll want to do a few things right away to restore your reputation and improve it overall.
- Remove ARP3 (none of our clients or partners have “fixed”. They’ve simply opted for another solution such as Interspire.
- Check your IP address at senderscore.org
- Verify that your server has all of the necessary authentication on it (DKIM, domainkeys, SPF, etc.)
- Verify that your feedback loops are all set up and working
- Watch your complaints VERY closely for the next 7-10 days to make sure the problem is resolved (if you’ve not set up a new email client)
- Practice impeccable list hygiene (in other words, get the bad subscribers out of your list ASAP). You will want to review all of the bounce data outside of autoresponse plus as autoresponse plus (ARP) is rather inaccurate in the bounce reporting statistics due to the fact that it’s not been updated in some time, the bounce rules in particular.
- Watch for irregularity in your mail log (such as mail bound to people not on your list).
Until your reputation has rebounded to upper 80s/lower 90s, you’ll want to clean your list after each broadcast or promotion. After that, you’ll want to practice routine list hygiene on a weekly basis and stay on top of complaints, removing those subscribers from your list ASAP.
Author: Heather Seitz
Attention Readers, Publishers, Editors, Bloggers, and Marketers: You may republish or syndicate this article without any charge. The only thing I ask is that you keep the newsletter article or blog post exactly as it was written and formatted, with no changes. You must also include full publication attribution and back links as indicated.
This information has been provided by http://www.EmailDelivered.com and written by Heather Seitz. Don’t forget to sign up for the EmailDelivered Pulse newsletter for articles, tips, and recommended resources related to email marketing and email deliverability.
Related posts:
Revealed:
How to Get Your Emails to the Inbox
If you want to get more of your emails to the inbox, you need to know the secrets that the Email Service Providers AREN’T willing to tell you. For a limited time, I’m sharing some select tips that top Internet Marketers know... for FREE.
Here’s what you’ll get right now...
- The How to Guide for getting your emails back to the inbox.
- How to find (and improve) your email “reputation” (how the ISPs see you).
- 5 Email KILLERS that your email service provider is purposely hiding from you.
No comments yet.