0

I have a friend who's has a site hosted by a company in the states. They think that someone has gotten access to their email account because any requests for support submitted via their website automatically ends up in their deleted email folder.

They also receive what they feel are bogus inquiries for their products. I know we can't control bogus messages from coming in ... but what about messages automatically ending up in their deleted mailbox? They are really not computer literate so I just want to make sure that there's nothing they might be doing to cause this problem. In their defense, they've had this site up for over 6 years now and this has only just started to happen.

I found an interesting article here : Email hacking myth

which has given me some things to ask them to check. However, if their account has been hacked... then that means the hosting company's site has been hacked too... you have to enter in a password to get into their customer portal, and then enter your email password to see your inbox.

I'm just wondering what I can do to test this out. They've apparently talked with the folks at the hosting company and were told to change their browser from IE to Firefox. And they've since changed their passwords. But what else can I check? I'm going to check later on today what technologies they used to create their site...

Thanks.

dot
  • 101
  • We need more and different information. "requests submitted via their website" means, what? "Their deleted email folder": where is this folder? Where is the email server? – schroeder Aug 15 '13 at 17:19
  • Do all incoming emails go to the deleted folder or just certain types? – schroeder Aug 15 '13 at 17:24

1 Answers1

2

Changing browser to get your security fixed is one pile of male bovine feces.

You say that you changed passwords, note that passwords should be changed at least every 90 days. A password history should be kept and passwords should be at least 8 characters, contain letters, signs, numbers and at least one upper and lower case letter. If someone leaves the company with access to shared accounts, change their passwords.

If the site has been up for 6 years you must review your patch management and see if you rolled at least all known security patches for the application, operating system, software running on the machine and programming languages used.

If the application is custom built it is recommended to get a pentest before starting the use of the app in production.

Make sure to review all logs especially the ones containing successful logins.

Lucas Kauffman
  • 54,229
  • 17
  • 113
  • 196
  • 2
    Changing passwords every 90 days is an awfully bad piece of advice. The only good it can ever make is to limit the attackers to a 3-month window to enact their malevolence -- but vandalism like deleting folders only takes 3 seconds ! – Thomas Pornin Aug 15 '13 at 17:13
  • 1
    http://security.stackexchange.com/questions/4704/how-does-changing-your-password-every-90-days-increase-security I agree but if they don't change their passwords often enough ( or at least when someone leaves the company ) and the thing is 6 years old who knows what password they might have ended up with – Lucas Kauffman Aug 15 '13 at 17:19
  • I agree about the changing the browser being fecal matter. If that's their suggestion, I suspect other ineptness in their hosting abilities, including a poorly administered email server. – schroeder Aug 15 '13 at 17:23
  • Thanks guys. I thought the browser suggestion was a little odd... But I'm going to take a look at their code tonight.. see what they're using and try to find any patches to 3rd party libs etc. Lucas, I like the suggestion to take a look at logs. Hopefully, they'll have some! – dot Aug 15 '13 at 17:25
  • I think changing browsers is a plausible suggestion for any problem involving use of a browser. IE used to be a seething pit of security flaws, and all browsers have their share of unexplained behaviors. If your browser is compromised, misconfigured, or just plain broken, changing it will frequently "fix" the problem. – ddyer Aug 15 '13 at 18:12
  • @ddyer - well, fix the symptoms, anyway – Rory Alsop Sep 14 '13 at 19:34