Invision Community 4: SEO, prepare for v5 and dormant account notifications By Matt Monday at 02:04 PM
marklcfc Posted November 17, 2020 Posted November 17, 2020 I've sent 110,000 emails over the last few days and Amazon have shut me down. I sent 100-150 a day normally, so what has this happened? Absolute joke this is and shouldn't be happening.
bfarber Posted November 17, 2020 Posted November 17, 2020 Did you try reaching out to Amazon for more information?
marklcfc Posted November 17, 2020 Author Posted November 17, 2020 Yes I've not had a single response. Ridiculous 411,000 emails how can that he happening
Jordan Miller Posted November 17, 2020 Posted November 17, 2020 59 minutes ago, marklcfc said: I've sent 110,000 emails over the last few days and Amazon have shut me down. I sent 100-150 a day normally, so what has this happened? Absolute joke this is and shouldn't be happening. One time this happened to me. Here's what IPS told me at the time. Not sure if it's still relevant or not but figured it's better to share than not! Quote Please ensure that you disable the email sharer feature for all groups, it seems bots have found this lately and are using it to send mass spam. You can search your admincp for "share" and the share options should come up, I would disable this for all groups. You need to disable the one that said email for all groups.
marklcfc Posted November 17, 2020 Author Posted November 17, 2020 (edited) Yes that happened first time with me, since thats been disabled I hadn't had an issue. Also when that happened I had no end of bounced failed to deliver emails. This time I have none of them after 411,000 emails were attempted Edited November 17, 2020 by marklcfc
CoffeeCake Posted November 17, 2020 Posted November 17, 2020 What version of IPS do you have installed, @marklcfc? Do you have anything other than IPS installed on your server? Any newsletter or other type applications setup to send outbound mail?
marklcfc Posted November 17, 2020 Author Posted November 17, 2020 (edited) 4 minutes ago, Paul E. said: What version of IPS do you have installed, @marklcfc? Do you have anything other than IPS installed on your server? Any newsletter or other type applications setup to send outbound mail? Latest version, minimal addons none that use emails. I can't even see what emails were being sent out through Amazon SES to know what the issue. I've had no fail to delivers back to my email. Even the bounce rate is low considering how many were sent out. What exactly am I supposed to do? Invision offered nothing in ticket either. Now no emails are being sent out at all. 411,000 emails in 3 days is serious issue that requires looking into surely Edited November 17, 2020 by marklcfc
marklcfc Posted November 17, 2020 Author Posted November 17, 2020 (edited) I think I've somehow been hacked. My spotify was taken over yesterday. This with Amazon has been going on since the 13th and I've just had someone tried to log in to my facebook. Can anyone help me Edited November 17, 2020 by marklcfc
CoffeeCake Posted November 18, 2020 Posted November 18, 2020 4 hours ago, marklcfc said: I think I've somehow been hacked. My spotify was taken over yesterday. This with Amazon has been going on since the 13th and I've just had someone tried to log in to my facebook. Can anyone help me This may be an issue where your credentials were compromised. Change all your passwords. Do not reuse passwords. Do not reuse passwords. Oh, do not reuse passwords.
marklcfc Posted November 18, 2020 Author Posted November 18, 2020 (edited) 11 minutes ago, Paul E. said: This may be an issue where your credentials were compromised. Change all your passwords. Do not reuse passwords. Do not reuse passwords. Oh, do not reuse passwords. Its 2:30am and I’ve spent the last 4 hours changing them all. I admit Spotify and Facebook had the same password but my Amazon ses was completely different and impossible to know unless you saw it written down. I can’t understand what’s gone on with it and to send that many emails. Edited November 18, 2020 by marklcfc
bfarber Posted November 18, 2020 Posted November 18, 2020 Unfortunately (and I haven't looked at your ticket to see if there are any more details there)....neither can we. We don't log every email sent or anything like that, we only log when there is a failure to send an email that is reported back to us. That's why I suggested reaching out to Amazon to get more details on what exactly was sent. This would significantly help in determining where the problem lies.
marklcfc Posted November 20, 2020 Author Posted November 20, 2020 (edited) Turns out this got me https://www.teiss.co.uk/123rf-data-breach/ Edited November 20, 2020 by marklcfc
CoffeeCake Posted November 20, 2020 Posted November 20, 2020 38 minutes ago, marklcfc said: Turns out this got me https://www.teiss.co.uk/123rf-data-breach/ So you used the same username/password combination on the compromised web site (whatever 123rf is) as you did for your servers?
marklcfc Posted November 20, 2020 Author Posted November 20, 2020 11 minutes ago, Paul E. said: So you used the same username/password combination on the compromised web site (whatever 123rf is) as you did for your servers? No I used the same combination on Facebook, Spotify which were got into. My Amazon SES was also compromised hence this topic, but that used completely different email and password which leaves me a bit confused.
CoffeeCake Posted November 20, 2020 Posted November 20, 2020 Oh. So that's just an aside. Gotcha. How the e-mails were sent out and by what mechanism remains a mystery.
Recommended Posts