[Chapter-delegates] ISOC India Chennai chapter website with an external hosting service compromised.

[Sivasubramanian Muthusamy]

Hello,
It is an embarrassment to take this to the list, but necessary to bring an
issue of this nature to the chapter delegates in order to bring up the
importance of maintaining security standards in maintaining the chapter web
and email service.

1. Recently, the yahoo mail id of our Chapter Secretary was hacked and the
hacker sent out a Nigerian spam message that looked like a message from
Sarto (our Chapter Secretary) complete with his signature.  He had
difficulty having his yahoo address restored for days, and with help from
Veni who wrote in to offer to write to yahoo, the account was blocked, and
then yahoo sent a link for a new password, which strangely did not work. It
is still in process.
A lot of harm has been done to him as the hacker had used his address book.
This hacked address is also subscribed to the chapter mailing list with
privileges, but there is no indication that the hacker has gone as far as
the mailing list.

2. The website is hosted by a local webhosting service and it was noticed
that the website was down, the hosting service responded to a support
request with a message that the site was "suspended for sending bulk mails"
 There is only one email address set up, chennai at isocindiachennai dot in
which I personally operate, ( it is not a dominant alias, seldom used )

I have sent a note to the hosting service, this will also be followed up
locally, but we prefer to take this issue to CERT and request them to
examine the hosting service's log files.

I would also request the chapter delegates to let us know if they have
received any unusual message from ISOC Chennai or from any of the addresses
associated with the Chapter or chapter officers.

Thank you.
Sivasubramanian Muthusamy

---------- Forwarded message ----------
From: Sivasubramanian Muthusamy <isolatedn at gmail.com>
Date: Tue, Mar 31, 2009 at 12:54 PM
Subject: Re: [SUPPORT #IIT-225158]: Domain not working.
To: "Support, Square Brothers." <support at squarebrothers.com>
Cc: Tamil <tamilmalaravan at bharatplanet.com>


Hello,

You have not sent us any communication to inform us about this serious
security lapse which  is a possibility due to a vulnerability in your
hosting infrastructure. We would like to have the details and log files now
as we prefer a complaint to the CERT.

ISOC India Chennai is part of ISOC ( http://www.isoc.org ) and we need to
take this issue seriously. Please let us have the complete details of this
incident.

Sivasubramanian Muthusamy
http://isocmadras.blogspot.com


On Tue, Mar 31, 2009 at 12:21 PM, Chandramohan <
chandramohan at bharatplanet.com> wrote:

> Hi,
>
> With reference to the mail below, we have not sent any bulkmail or
> whatsoever from the account.
> May I have any references regarding the same.
>
> Regards,
> Chandramohan
>
> -----Original Message-----
> From: Support : Square Brothers [mailto:support at squarebrothers.com]
> Sent: 30 ?????? 2009 20:24
> To: tamilmalaravan at bharatplanet.com
> Cc: chandramohan at bharatplanet.com
> Subject: [SUPPORT #IIT-225158]: Domain not working.
>
>
> Hi,
>
> This account was suspended for sending bulk mails.
>
> Make sure that there will be any bulk/spam mails from this hosting account.
>
> regards
>
>
> R.Ilangovan
> Member - Support
> Square Brothers Information Technologies (P) Ltd.,
> AA-9, Second Avenue, Annanagar,
> Chennai, Tamilnadu, India. PIN : 600040
> Tel : +91.44.26205355 / 26205356
> e-Mail : support at squarebrothers.com
> url : www.squarebrothers.com
>
>
> Ticket Details
> ===================
> Ticket ID: IIT-225158
> Department: Support
> Priority: Medium
> Status: Closed
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://elists.isoc.org/mailman/private/chapter-delegates/attachments/20090331/3b2d1e4c/attachment.htm>