Account Throttled?

wordpress

#1

Hi,

I just received a message from Dreamhost Support saying that my account has been throttled due to excessive email sending and will be disabled in 28 days if I don’t show that I’m complying with Dreamhost’s anti-spam policy.

I have no idea what’s going on. I don’t have any mailing lists and to my knowledge only send a few messages a day. Could one of my sites be hacked somehow? How can I find out?

Any ideas or assistance would be greatly appreciated.
– Vince


#2

Do you have a contact form script running on your site? If you do, it may have been compromised. How about some forum software?


Simon Jessey | Keystone Websites
Save $97 on yearly plans with promo code [color=#CC0000]SCJESSEY97[/color]


#3

I got the same thing, and I have done nothing. I am very insulted since I’ve been with these folks since '99. Very insulted. EXTREMELY insulted.

I shut down email on my forum completely and shut down a php app as well, disabled email addresses, and everything.

I put in a call-back request at noon, and have YET to hear from them. I’m running a full business account with them, and this is NOT my problem since I don’t send out except one very small announcement list once a month.

Ugly. What IS going on. Customers should not be ASSUMED to be the culprits and threatened with account throttling which is tantamount to death of one’s traffic. Disabling email on my apps is tantamount to the same thing, but I can’t imagine having to move all my domains and all my clients’ domains.

Grrrrr.

And I have always sworn by these guys. Oh well. Guess that’s what happens when you’re the old timer.

The Deepening


#4

A couple of my sites have Joomla or Wordpress. I believe they’re up-to-date. I’ll check on them again.

It’d be really helpful if Dreamhost gave me a bit more information. If something running on one of my sites has been hacked, I’d like to fix it right away.


#5

sarcastic thoughts

I think it comes down to, one might be able to install a script on a DH server, but PULEESE don’t open it to the surfing public unless you yourself know programming. By ALL means, keep it behind .htaccess, especially forums, any interactive scripts, or hire some programmers for 80k a year each and have them monitor the scripts 24/7/366 and then MAYBE you won’t get a threatening email?

Honestly, I haven’t ever had this kind of treatment from DH till this year. It’s really kind of sad. I guess we start shopping.

The Deepening


#6

Here’s my letter. What does yours look like?


Hello!

We are writing to notify you that your user account ___ will be disabled in 28 day(s) due to suspiciously high levels of email activity. Due to these concerns, email from this account was initially throttled on 2006-08-07 11:40:56.

IMPORTANT: In order to ensure that the account is not disabled, it is extremely important that you both read and respond to this email with the information requested. Note that if this is a shell/FTP account and you do not respond, associated shell/FTP and web services will also be disabled.


In order to un-throttle your account and prevent its disablement, we will first need to know how much email you need to send and ensure that your usage is consistent with our anti-spam policy. You may review this here:

http://www.dreamhost.com/spam.html

What we will need to know:

  1. Whether or not you utilize an opt-in confirmation process (not to be confused with regular ‘opt-in’) for all of your your list’s subscribers. This is a process wherein each person who signs up for your list is sent an email after subscribing with a tagged link in it that they must click on before being added to the list. Those who do not click on the link are not added, and receive no further bulk email.

  2. Whether you log each confirmation with the date/time and IP address associated with that confirmation.

  3. Where we may go to independently review your opt-in confirmation logging data.

  4. Where may we sign up for your mailing list in order to test out its opt-in confirmation functionality.

  5. How much many emails you wish to send from this account on an hourly basis.

If your bulk email usage is not in compliance with these policies, we must ask that you cease any bulk email activity immediately until you have become compliant. Failure to do so may result in immediate DreamHost account disablement without warning. The easiest way to ensure compliance is to use our Announcement List feature, which you can access here:

https://panel.dreamhost.com/index.cgi?tree=mail.list

The Announcement List feature handles the opt-in confirmation and logging aspects of the policy for you, so that you don’t have to.

Thank you

The Deepening


#7

What is suspicious to me is that their email db just came back up 10 minutes before I got that email. That means to me that it was a backlog of emails coming from a busy forum.

But I don’t think that counts for anything with DH these days. Never mind it was their problem that caused the issue!!!

The Deepening


#8

If one of your sites has been ‘hacked’ somehow, you might see evidence in your server logs.

Log into FTP and go to your logs directory and download the current and past few logs. Then generally you look for requests that either perform actions that send emails (like contact forms, registration forms, etc) or look for requests that shouldn’t be there (to scripts that aren’t included in the software you installed, for example).

For multiple sites, its best to run each domain as a separate user, so that if the problem is with one site, it you can narrow it down quicker, and it only impacts that one user.

Also you might want to reset your passwords, for both FTP/shell and mailboxes, in the event it is not due to a script or program run by a user account.

Attempts to exploit scripts to send spam are not going to be easy to notice as defacements and the like. They are after volume, not bragging rights.

:cool: [color=#6600CC]Atropos[/color] | openvein.org


#9

no hacking. This was residual email from the forum that got backed up when the mail stopped, I’m pretty sure.

The Deepening


#10

It’s interesting that they gave you both 28 days as opposed to the 72 hours they claim on the bottom of this site: http://www.dreamhost.com/spam.html

I would assume that software sent out a large number of e-mails in a small amount of time, catching their attention. Their e-mail sounds like they are asking for you to confirm that you abide by the TOS. Hopefully showing that you are complying with the spam policy will be easy and take care of the situation.

Check out Gordaen’s Knowledge, the blog, and the MR2 page.