Over the past week, we’ve been made aware of a potential security issue affecting users of autoresponse plus. Currently, the instances we’ve seen have been related to ARP3 and are a serious concern.
In a nutshell, hackers are hacking into autoresponse plus accounts (not the server, but the actual email client itself).
NOTE: This vulnerability is not exclusive to, or in any way related to, the hosting provider or server choice. This is a problem with autoresponse plus (ARP/ARP3). It has been found on a variety of webhosts running all different applications and across a number of different industries and markets.
While we are not 100% certain of all the ways in which this is happening due to log file expiration on the servers we’ve looked at, it appears that it is due to a “SQL injection”.
To keep things simple, there is a problem with ARP, which exposes elements of the database to attackers. The autoresponse plus (arp) admin password is not encrypted, and a hacker can essentially overwrite the admin user email address and use it to retrieve the password as well as retrieve an export of all email addresses in the system.
The only sure fire way to solve the problem is to REMOVE autoresponse plus (ARP3 from your server). There are several ways in which the security can be compromised.
There’s a good chance your IP reputation has been affected by the hack, so you’ll want to do a few things right away to restore your reputation and improve it overall.
Until your reputation has rebounded to upper 80s/lower 90s, you’ll want to clean your list after each broadcast or promotion. After that, you’ll want to practice routine list hygiene on a weekly basis and stay on top of complaints, removing those subscribers from your list ASAP.
Author: Heather Seitz
Attention Readers, Publishers, Editors, Bloggers, and Marketers: You may republish or syndicate this article without any charge. The only thing I ask is that you keep the newsletter article or blog post exactly as it was written and formatted, with no changes. You must also include full publication attribution and back links as indicated.
This information has been provided by http://www.EmailDelivered.com and written by Heather Seitz. Don’t forget to sign up for the EmailDelivered Pulse newsletter for articles, tips, and recommended resources related to email marketing and email deliverability.
If you want to get more of your emails to the inbox, you need to know the secrets that the Email Service Providers AREN’T willing to tell you. For a limited time, I’m sharing some select tips that top Internet Marketers know... for FREE.
Subscribe to our e-mail newsletter to receive updates.
Email (will not be published) (required)
© Copyright 2009-2017. EmailDelivered.com & Marketers Publishing Group, Inc.. All Rights Reserved.