Freelancer.com

Go Back   Warrior Forum - The #1 Internet Marketing Forum & Marketplace > The Warrior Forum > Main Internet Marketing Discussion Forum
Register Blogs Social Groups CalendarHelp Desk

Closed Thread
LinkBack Thread Tools
Unread 18th December 2009, 01:08 PM   #1
Livin' The Tech Life
War Room Member
 
PCRoger's Avatar
 
Join Date: 2009
Location: The Land of Political Corruption - IL
Posts: 405
Thanks: 16
Thanked 33 Times in 30 Posts
Default aWeber Compromised?

Today I am getting deluged with spam to addresses that are on aWeber lists, including a couple of email addresses that have ONLY been given to aWeber.

Anyone else seeing this?

Can I guess that aWeber was hacked or an employee decided to make some money on the side selling addresses?

Regards,
PCRoger.

Track your affiliate sales back to the ARTICLE or WEBSITE that generated the sale. CBSaleTracker

I was making money in days with the 4 Day Money Making Blueprint

PCRoger is offline  
Unread 18th December 2009, 01:15 PM   #2
Carol
War Room Member
 
rosetrees's Avatar
 
Join Date: 2008
Location: UK
Posts: 3,717
Blog Entries: 16
Thanks: 558
Thanked 1,322 Times in 865 Posts
Default Re: aWeber Compromised?

Maybe the list owners weren't as honest as you'd like?


Want to learn to play American Standard bridge? Click Here
Want to learn to play Acol bridge? Click Here
rosetrees is offline  
Unread 18th December 2009, 01:19 PM   #3
Advanced Warrior
War Room Member
 
Join Date: 2008
Posts: 816
Thanks: 254
Thanked 73 Times in 63 Posts
Default Re: aWeber Compromised?

If you believe this is the case -- use a separate e-mail for signing up to lists, something like \"aweber_yourname@wherever.com\"
Johnathan is offline  
Unread 18th December 2009, 01:22 PM   #4
List Fundamentalist
War Room Member
 
Shaun OReilly's Avatar
 
Join Date: 2005
Location: United Kingdom
Posts: 2,997
Thanks: 571
Thanked 2,168 Times in 1,070 Posts
Default Re: aWeber Compromised?

Quote:
Originally Posted by PCRoger View Post
Today I am getting deluged with spam to addresses that are on aWeber lists, including a couple of email addresses that have ONLY been given to aWeber.

Anyone else seeing this?

Can I guess that aWeber was hacked or an employee decided to make some money on the side selling addresses?

Regards,
PCRoger.
I've been having EXACTLY the same issue.

I have some test e-mail addresses that I ONLY use within AWeber
and just today I've started receiving lots of spam to them.

These are e-mail addresses across multiple domains including my
own and others such as GMail, etc.

These e-mails are only housed within AWeber so I know that
the problem is somewhere within their systems.

I contacted support and they've passed it on to an administrator
and of course they've suggested it's my computer but my systems
are robust.

Sadly, it seems that I'm not the only one.

Dedicated to your success,

*Shaun O'Reilly

.
Shaun OReilly is online now  
Unread 18th December 2009, 01:25 PM   #5
InternetBusinessBox.com
 
Join Date: 2009
Posts: 391
Thanks: 6
Thanked 104 Times in 64 Posts
Default Re: aWeber Compromised?

Looks the same to me. I'm glad I don't use Aweber anymore.

The staff is awesome. But their deliverability and their options always left a lot to be desired.

Now if they have been hacked, their deliverability will be almost nil. Merry Christmas to all Warriors still stuck on Aweber!
KristiDaniels is offline  
Unread 18th December 2009, 01:35 PM   #6
Senior Warrior Member
War Room Member
 
Paul Schlegel's Avatar
 
Join Date: 2003
Location: , , USA.
Posts: 1,169
Blog Entries: 42
Thanks: 652
Thanked 191 Times in 135 Posts
Default Re: aWeber Compromised?

Quote:
Originally Posted by Shaun OReilly View Post
I've been having EXACTLY the same issue.

I have some test e-mail addresses that I ONLY use within AWeber
and just today I've started receiving lots of spam to them.

These are e-mail addresses across multiple domains including my
own and others such as GMail, etc.

These e-mails are only housed within AWeber so I know that
the problem is somewhere within their systems.

I contacted support and they've passed it on to an administrator
and of course they've suggested it's my computer but my systems
are robust.

Sadly, it seems that I'm not the only one.

Dedicated to your success,

*Shaun O'Reilly
Sounds like good ol' aweber "support". Awesome service, but I've never been impressed with support.

Paul Schlegel is offline  
Unread 18th December 2009, 01:39 PM   #7
www.eCoverNinja.com
War Room Member
 
KarlWarren's Avatar
 
Join Date: 2006
Location: United Kingdom.
Posts: 6,035
Blog Entries: 1
Thanks: 210
Thanked 524 Times in 241 Posts
Default Re: aWeber Compromised?

Experiment...

Set up a brand new email address and give it to NOBODY... I guarantee you get spam.
Without a doubt. Especially if it is @gmail, @yahoo or @yoursite.com

Why automatically point blame?

eCoverNinja - Sales Page Graphics & Layout Specialist
KarlWarren is offline  
Unread 18th December 2009, 01:49 PM   #8
List Fundamentalist
War Room Member
 
Shaun OReilly's Avatar
 
Join Date: 2005
Location: United Kingdom
Posts: 2,997
Thanks: 571
Thanked 2,168 Times in 1,070 Posts
Default Re: aWeber Compromised?

Quote:
Originally Posted by KarlWarren View Post
Experiment...

Set up a brand new email address and give it to NOBODY... I guarantee you get spam.
Without a doubt. Especially if it is @gmail, @yahoo or @yoursite.com

Why automatically point blame?
This isn't about blaming AWeber or anyone else.

These are e-mail address that are ONLY housed within my
AWeber account and not used anywhere else. They've been
spamless for over a year
and then suddenly today they're
getting spam.

I backtracked from all of the e-mail addresses and found the
one common thing: they're all housed within AWeber.

If it were just me, I'd think again. But others are reporting
the same thing as happening today for them too.

The common link? AWeber.

That's not blame. It's deduction.

I could be wrong but I don't think so.

More importantly, I'm concerned for the e-mail addresses
of my valued subscribers and customers too as I've entrusted
them with AWeber for years.

Dedicated to your success,

*Shaun O'Reilly

.
Shaun OReilly is online now  
Unread 18th December 2009, 01:51 PM   #9
Advanced Warrior
War Room Member
 
Trader54's Avatar
 
Join Date: 2006
Location: , , Canada.
Posts: 684
Thanks: 59
Thanked 30 Times in 28 Posts
Default Re: aWeber Compromised?

Quote:
Originally Posted by KarlWarren View Post
Experiment...

Set up a brand new email address and give it to NOBODY... I guarantee you get spam.
Without a doubt. Especially if it is @gmail, @yahoo or @yoursite.com

Why automatically point blame?
I have had the same experience, add hotmail to that list to. I opened a hotmail account
and within a week was receiving spam and had not given out the address or used it in any way.
Trader54 is offline  
Unread 18th December 2009, 01:58 PM   #10
www.eCoverNinja.com
War Room Member
 
KarlWarren's Avatar
 
Join Date: 2006
Location: United Kingdom.
Posts: 6,035
Blog Entries: 1
Thanks: 210
Thanked 524 Times in 241 Posts
Default Re: aWeber Compromised?

Quote:
Originally Posted by Shaun OReilly View Post
These are e-mail address that are ONLY housed within my AWeber account and not used anywhere else. They've been spamless for over a year and then suddenly today they're getting spam.
Thanks for the clarification - under the same circumstances, I would come to the same conclusion. I do hope Aweber hasn't been compromised - whether from within, or an outside source.

eCoverNinja - Sales Page Graphics & Layout Specialist
KarlWarren is offline  
Unread 18th December 2009, 02:01 PM   #11
HyperActive Warrior
 
Join Date: 2007
Location: , , .
Posts: 111
Thanks: 9
Thanked 6 Times in 4 Posts
Default Re: aWeber Compromised?

Quote:
Originally Posted by PCRoger View Post
Today I am getting deluged with spam to addresses that are on aWeber lists, including a couple of email addresses that have ONLY been given to aWeber.

Anyone else seeing this?

Can I guess that aWeber was hacked or an employee decided to make some money on the side selling addresses?

Regards,
PCRoger.
I to have been getting spammed to death with porn a pharm email. I already use separate emails for everything. Some of those email address were used with Aweber.

52.ct is online now  
Unread 18th December 2009, 02:14 PM   #12
I have a lame list.
War Room Member
 
Dan C. Rinnert's Avatar
 
Join Date: 2008
Location: One Second into the Future
Posts: 4,464
Blog Entries: 1
Thanks: 879
Thanked 2,673 Times in 1,134 Posts
Default Re: aWeber Compromised?

I have an eMail address I have so far used only with Aweber and it is still spam-free.

How hard are the eMail addresses to guess? If you're using something such as nameATdomain.dom or wordATdomain.dom, a dictionary attack may be able to reach those addresses.

I have had eMail addresses that are used only internally (meaning they are not posted on any websites and are not used to send eMail) that have gotten hit by spam in the past.


Dan's content is irregularly read by handfuls of people. Join the elite few by reading his blog: dcrBlogs.com, following him on Twitter: dcrTweets.com or reading his fiction: dcrWrites.com but NOT by Clicking Here!

Dan also writes content for hire, but you can't afford him anyway.
Dan C. Rinnert is offline  
Unread 18th December 2009, 02:35 PM   #13
Senior Warrior Member
War Room Member
 
Join Date: 2006
Location: , , USA.
Posts: 2,943
Thanks: 57
Thanked 245 Times in 227 Posts
Default Re: aWeber Compromised?

I'm having the same problem. Emails I've used to test my autoresopnders are getting a lot of spam today. They are totally made up, unique, and posted no where, so they weren't guessed.
KirkMcD is offline  
Unread 18th December 2009, 02:36 PM   #14
We Print & Ship Shirts
War Room Member
 
AceOfShirts's Avatar
 
Join Date: 2003
Location: Fort Myers, FL , USA.
Posts: 906
Thanks: 126
Thanked 140 Times in 109 Posts
Default Re: aWeber Compromised?

Yeah, same thing happened to me today.

It's kind of a relief that it is happening to other people also. I set up a lot of email forwarders in my cpanel. I was thinking somebody hacked my cpanel and got all of the email account names and email forwarding names, and probably did more damage I hadn't found yet.

I vote for aweber,

Dennis Graves

DropShipShirts.com: We Print & Drop Ship Your Custom Designed Shirts! No Minimums!
Full Color Prints Same As 1 Color! Get 3 Shirts FREE! Your Ads Inserted Into Package!
AdvertisingDealOfTheDay.com: Find Deals To Advertise Your Business & Websites

#1 Merchant Account For Internet Marketers ---> MerchantRebateProgram.com
Lowest Rates (Starting at .39%) & Monthly Fee Rebates, FREE Equipment (Tablets)
AceOfShirts is online now  
Unread 18th December 2009, 02:37 PM   #15
Active Warrior
War Room Member
 
Join Date: 2008
Location: , , .
Posts: 93
Thanks: 5
Thanked 7 Times in 6 Posts
Default Re: aWeber Compromised?

I just fired off an email to Aweber to see why this is happening.

Should be interesting to see what they say.

Beta Testers Needed- Get $47 Product Free
The Worlds Largest Article Marketing Network
Get One Way Backlinks To Your Website- Post Your Article To 51,280+ Websites
oliverwinston is offline  
Unread 18th December 2009, 02:45 PM   #16
List Fundamentalist
War Room Member
 
Shaun OReilly's Avatar
 
Join Date: 2005
Location: United Kingdom
Posts: 2,997
Thanks: 571
Thanked 2,168 Times in 1,070 Posts
Default Re: aWeber Compromised?

Quote:
Originally Posted by dnsg View Post
I was thinking somebody hacked my cpanel and got all of the email account names and email forwarding names, and probably did more damage I hadn't found yet.
Initially I thought the same too as a lot of the spam is going to
forwarding e-mail addresses within my cpanel.

But...

The spam is also going to e-mail addresses within GMail etc, -
where none existed before today. And they're unique e-mail
addresses too by using the '+' sign to identify the source.

E.g. name+uniquesource@googlemail.com

Zero spam for a year, and now flooded today.

All housed within AWeber only.

Dedicated to your success,

*Shaun O'Reilly

.
Shaun OReilly is online now  
Unread 18th December 2009, 02:52 PM   #17
Livin' The Tech Life
War Room Member
 
PCRoger's Avatar
 
Join Date: 2009
Location: The Land of Political Corruption - IL
Posts: 405
Thanks: 16
Thanked 33 Times in 30 Posts
Default Re: aWeber Compromised?

Quote:
Originally Posted by KarlWarren View Post
Experiment...

Set up a brand new email address and give it to NOBODY... I guarantee you get spam.
Without a doubt. Especially if it is @gmail, @yahoo or @yoursite.com

Why automatically point blame?
This is not automatic blame. This just started today. Every address was created solely for a list signup. One address was given ONLY to aweber for my account there.

20 or so addresses, all starting today, coincidence? I don't think so.

If you create a brand new email address on a domain you own, you will NOT automatically start receiving spam.

Roger.

Track your affiliate sales back to the ARTICLE or WEBSITE that generated the sale. CBSaleTracker

I was making money in days with the 4 Day Money Making Blueprint

PCRoger is offline  
Unread 18th December 2009, 02:53 PM   #18
Livin' The Tech Life
War Room Member
 
PCRoger's Avatar
 
Join Date: 2009
Location: The Land of Political Corruption - IL
Posts: 405
Thanks: 16
Thanked 33 Times in 30 Posts
Default Re: aWeber Compromised?

Quote:
Originally Posted by oliverwinston View Post
I just fired off an email to Aweber to see why this is happening.

Should be interesting to see what they say.
They responded to me asking for copies of the emails with headers. I just now sent them a few.

Roger.

Track your affiliate sales back to the ARTICLE or WEBSITE that generated the sale. CBSaleTracker

I was making money in days with the 4 Day Money Making Blueprint

PCRoger is offline  
Unread 18th December 2009, 03:03 PM   #19
HyperActive Warrior
 
Join Date: 2007
Location: , , .
Posts: 111
Thanks: 9
Thanked 6 Times in 4 Posts
Default Re: aWeber Compromised?

Quote:
Originally Posted by PCRoger View Post
They responded to me asking for copies of the emails with headers. I just now sent them a few.

Roger.
Will you relay Aweber's response on this thread?

52.ct is online now  
Unread 18th December 2009, 03:14 PM   #20
Warrior Member
 
Join Date: 2008
Location: United Kingdom
Posts: 8
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: aWeber Compromised?

Exactly the same happened to me today. I always use thesitedomain at mydomain.com when I give an email address to anyone and it was those addresses that got spammed. Like others have said in this thread, the only one thing those email addresses all had in common were that they were subscribed to aweber lists.

It's also not just limited to my domain. I also have some gmail addresses that I've mainly used for testing my own lists and those got spammed as well.
Chris Simpson is offline  
Unread 18th December 2009, 03:15 PM   #21
Livin' The Tech Life
War Room Member
 
PCRoger's Avatar
 
Join Date: 2009
Location: The Land of Political Corruption - IL
Posts: 405
Thanks: 16
Thanked 33 Times in 30 Posts
Default Re: aWeber Compromised?

Sure will.

Roger.

Track your affiliate sales back to the ARTICLE or WEBSITE that generated the sale. CBSaleTracker

I was making money in days with the 4 Day Money Making Blueprint

PCRoger is offline  
Unread 19th December 2009, 12:35 AM   #22
Dare To Be Different
War Room Member
 
ExRat's Avatar
 
Join Date: 2005
Location: U.K.
Posts: 9,148
Thanks: 1,580
Thanked 3,132 Times in 1,206 Posts
Default Re: aWeber Compromised?

Hi,

I read this thread yesterday. Then this morning, I got deluged with spam on email addresses that I created specifically for use only with twitter and have only used to create accounts with twitter - although the twitter accounts are not actually active (IE I haven't tweeted.)

Twitter - which was allegedly hacked by Iranians, or someone pretending to be Iranian, the other day.

Anyone else?



Roger Davis

ExRat is offline  
Unread 19th December 2009, 01:46 AM   #23
Zen Redneck
War Room Member
 
Paul Myers's Avatar
 
Join Date: 2002
Location: Erie, PA
Posts: 15,688
Blog Entries: 4
Thanks: 2,605
Thanked 16,565 Times in 4,753 Posts
Default Re: aWeber Compromised?

Hmmm...

Brute-force password hacking? Using weak passwords can create this problem.

Were the spams sent via Aweber, or to tagged addresses, but through other systems?


Paul

.
Stop by Paul's Pub - my little hangout on Facebook.

Paul Myers is offline  
Unread 19th December 2009, 02:12 AM   #24
List Fundamentalist
War Room Member
 
Shaun OReilly's Avatar
 
Join Date: 2005
Location: United Kingdom
Posts: 2,997
Thanks: 571
Thanked 2,168 Times in 1,070 Posts
Default Re: aWeber Compromised?

Quote:
Originally Posted by Paul Myers View Post
Hmmm...

Brute-force password hacking? Using weak passwords can create this problem.

Were the spams sent via Aweber, or to tagged addresses, but through other systems?


Paul
I use 12 character long passwords generated by RoboForm
that include special characters as well as letters and digits
so they're robust.

In my case, the spams were not sent via AWeber but instead
were sent to e-mail addresses that have been totally spam
free for over a year and were only housed within my AWeber
account. I didn't get this spam to any of my other e-mail
addresses that I use outside of AWeber.

Dedicated to your success,

*Shaun O'Reilly

P.S. Here's the full header for an example spam message I've
received. I've taken out my unique test e-mail address and
replaced it with name@domain.com too:

Quote:
Delivered-To: name@domain.com Received: by 10.86.92.11 with SMTP id p11cs101890fgb; Fri, 18 Dec 2009 10:24:15 -0800 (PST)
Received: by 10.213.103.83 with SMTP id j19mr2048776ebo.30.1261160654637; Fri, 18 Dec 2009 10:24:14 -0800 (PST)Return-Path: <offer@touchshall.com>Received: from NTemporal ([190.254.16.129])
by mx.google.com with SMTP id 5si5567996eyh.24.2009.12.18.10.24.13; Fri, 18 Dec 2009 10:24:14 -0800 (PST)Received-SPF: neutral (google.com: 190.254.16.129 is neither permitted nor denied by domain of offer@touchshall.com) client-ip=190.254.16.129;
Authentication-Results: mx.google.com; spf=neutral (google.com: 190.254.16.129 is neither permitted nor denied by domain of offer@touchshall.com) smtp.mail=offer@touchshall.com
Received: (qmail 20173 by uid 300); Fri, 18 Dec 2009 13:29:01 -0500Message-Id: <20091218062901.20175.qmail@NTemporal>From: <offer@touchshall.com>To: <name@domain.com>
Subject: Pharmacy Offer pack !!!Date: Fri, 18 Dec 2009 13:29:01 -0500Message-Id: 34b201ca800f$4900a8c0@NTemporalMIME-Version: 1.0Content-Type: text/html; charset="iso-8859-1"Content-Transfer-Encoding: 7bit
<a href="http://24262135.touchshall.com/index2.html"><img src="http://30482495.touchshall.com/support.jpg?name=name@domain.com"></img></a>
Spam subject lines specific to this include: Pharmacy Offer pack !!! , Amway Best Sex !!!! ,
Best Drug Store !!! , nice love pill best sex !!! , Holidays Specials - Price #Pharmacy !!!

From the following e-mail addresses: offer@touchshall.com, support@pageocean.com,
durg@yulerepeat.com, boss2@serverbestid74s5.com

P.P.S. Here's the reply I got from AWeber support:

Quote:
AWeber takes our security measures very strongly and employee tested technologies and
measures to make sure that our system is not compromised. After receiving your email
our team went through an exhaustive list of checks just to make sure that there are no
indications that connects this spam message you received to an issue with AWeber. All
of our tests have come back secure with no reports of intrusion or compromise.

Also note that after looking at the spam message in question we see that members of our
teams have also received this same message to their personal addresses that have never
been used in conjunction with AWeber.

We'll continue to monitor our system. And of course if you have any further questions,
please feel free to let me know.
The words 'sand' and 'bury' immediately spring to mind.

.
Shaun OReilly is online now  
Unread 19th December 2009, 02:17 AM   #25
@rootedmarketing
War Room Member
 
Stephen Root's Avatar
 
Join Date: 2009
Location: Depends on the season
Posts: 296
Thanks: 14
Thanked 39 Times in 28 Posts
Default Re: aWeber Compromised?

Hmm... sounds really suspicious and we use Aweber for multiple businesses. I wonder if it's time to change. Can somebody post the spam message they got so I can check if we got those too. Nowadays there's just so much spam that it all gets filtered.

Tired of reading second rate Internet Marketing content? Uberaff News separates the weed from the chaff for you.
Uberaff News - What's Remarkable Internet Marketing Content Right Now ★
Stephen Root is online now  
Unread 19th December 2009, 02:20 AM   #26
Zen Redneck
War Room Member
 
Paul Myers's Avatar
 
Join Date: 2002
Location: Erie, PA
Posts: 15,688
Blog Entries: 4
Thanks: 2,605
Thanked 16,565 Times in 4,753 Posts
Default Re: aWeber Compromised?

Shaun,

Not YOUR password. The password of the Aweber account you subscribed to. If a spammer guessed/hacked/brute-forced that, they'd have those addresses.

Yes, it could possibly be a security issue. It could also be as simple as a few account holders with lame passwords.


Paul

.
Stop by Paul's Pub - my little hangout on Facebook.

Paul Myers is offline  
Unread 19th December 2009, 02:29 AM   #27
List Fundamentalist
War Room Member
 
Shaun OReilly's Avatar
 
Join Date: 2005
Location: United Kingdom
Posts: 2,997
Thanks: 571
Thanked 2,168 Times in 1,070 Posts
Default Re: aWeber Compromised?

Quote:
Originally Posted by Paul Myers View Post
Shaun,

Not YOUR password. The password of the Aweber account you subscribed to. If a spammer guessed/hacked/brute-forced that, they'd have those addresses.

Yes, it could possibly be a security issue. It could also be as simple as a few account holders with lame passwords.


Paul
Hi Paul,

These are unique test e-mail addresses that I only use within my
own AWeber account that has the ultra secure password. I use
them for testing my own web forms and sales processes etc.

Some are forwarders created within my own cpanel and other
test e-mail addresses are created on the fly with GMail, etc.
And my cpanel and GMail passwords are robust too.

They are not used anywhere else except within my own AWeber
account with the robust password. That's the worrying part.

Dedicated to your success,

*Shaun O'Reilly

.
Shaun OReilly is online now  
Unread 19th December 2009, 02:57 AM   #28
Zen Redneck
War Room Member
 
Paul Myers's Avatar
 
Join Date: 2002
Location: Erie, PA
Posts: 15,688
Blog Entries: 4
Thanks: 2,605
Thanked 16,565 Times in 4,753 Posts
Default Re: aWeber Compromised?

Shaun,

I promise... I understand the concept of a tagged address. I think we may be talking across each other.

Yes, it's possible there's a security leak at Aweber. I find that very unlikely, though, compared to the chance of account passwords being guessed because they're too simple. By that, I don't mean the passwords of the recipients. All you need to send mail to someone is the right address.

Picture: You subscribe to a list at account abcmmf [@] aweber [.] com, using a unique email address. If someone manages to get the username and password for that account, they can get access to every email address on any lists in that account. They don't need your password to mail them.

That's only one way this could happen, though. There are other potential vectors for this kind of attack, including hijacking the subscription forms, bot-infected systems, a server hack that reads /etc/aliases, and probably a bunch more.

Mind you, I am neither assuming nor ruling out anything. Just looking at various possibilities.


Paul

.
Stop by Paul's Pub - my little hangout on Facebook.

Paul Myers is offline  
Unread 19th December 2009, 03:28 AM   #29
Zen Redneck
War Room Member
 
Paul Myers's Avatar
 
Join Date: 2002
Location: Erie, PA
Posts: 15,688
Blog Entries: 4
Thanks: 2,605
Thanked 16,565 Times in 4,753 Posts
Default Re: aWeber Compromised?

(Note to self: Don't discuss technical issues when half asleep.)

My apologies, Shaun. I see the miscommunication, and it's my fault. I have similar internal-use addresses on several of my lists. It seems unlikely that a simple brute-force hack would get those.

All the other possible explanations are still in play, but my first (and most likely) idea is ... less likely than I thought ... given solid passwords.


Paul

PS: No spam to any of my control addresses, yet. So, it's not universal.

.
Stop by Paul's Pub - my little hangout on Facebook.

Paul Myers is offline  
Unread 19th December 2009, 03:48 AM   #30
List Fundamentalist
War Room Member
 
Shaun OReilly's Avatar
 
Join Date: 2005
Location: United Kingdom
Posts: 2,997
Thanks: 571
Thanked 2,168 Times in 1,070 Posts
Default Re: aWeber Compromised?

Quote:
Originally Posted by Paul Myers View Post
Shaun,

I promise... I understand the concept of a tagged address. I think we may be talking across each other.

Yes, it's possible there's a security leak at Aweber. I find that very unlikely, though, compared to the chance of account passwords being guessed because they're too simple. By that, I don't mean the passwords of the recipients. All you need to send mail to someone is the right address.

Picture: You subscribe to a list at account abcmmf [@] aweber [.] com, using a unique email address. If someone manages to get the username and password for that account, they can get access to every email address on any lists in that account. They don't need your password to mail them.

That's only one way this could happen, though. There are other potential vectors for this kind of attack, including hijacking the subscription forms, bot-infected systems, a server hack that reads /etc/aliases, and probably a bunch more.

Mind you, I am neither assuming nor ruling out anything. Just looking at various possibilities.


Paul
Update: I was posting the reply below and saw your latest post.

As a former engineer, I have a supra-logical way of rooting
out problems, finding causes as well as looking for solutions.
I'm not always right and am open to being wrong.

Here was my thinking process on this, and do let me know if
you find any flaws in the approach or conclusions...

I have some e-mail addresses that have been spam-free for
over a year. Suddenly, yesterday, many of them begin to
receive spam.

Hmm... I wonder... what could be the cause of that?

Has my computer been compromised? Has something got
access to my cookies? Has my cpanel been hacked? Has
my GMail been hacked? etc.

I write down all of the e-mail addresses that have just started
receiving spam and look for commonalities.

Because there are a number of unique e-mail addresses in
there I take a closer look. Suddenly it dawns on me. Many
of these are e-mails I've used to test my own web forms
only.

Could my AWeber or Infusionsoft accounts have been hacked?
Could my cpanel or GMail accounts have been hacked?

They all have robust 12-character passwords via RoboForm.

None of my unique e-mail addresses within Infusionsoft are
receiving spam - so I rule them out.

The only unique e-mails that are receiving spam are housed
within my own AWeber account and are used nowhere else.
I haven't given out these unique e-mails to anyone else -
including other AWeber users. They're only used to test my
own web forms within my AWeber account.

Has my AWeber account been hacked? It's got a 12-character
long password that's robust.

Maybe my computer has been compromised?

Then I pop on the Warrior Forum and sure enough, some other
AWeber users have just experienced the same thing (yesterday).

That may rule out my computer.

My AWeber password is robust - that rules out my account
being hacked via my robust password - I hope.

Q.E.D. Somehow, somewhere, someone has accessed my e-mail
data within AWeber so they then go on and send out spam via
their own methods.

Like I say, I could be wrong and am open to that. If anyone has
other possibilities, I'm all ears.

The most important thing is identifying the right cause of the
problem. Only then we can look at solving it.

Dedicated to your success,

*Shaun O'Reilly

.
Shaun OReilly is online now  
Unread 19th December 2009, 04:05 AM   #31
Zen Redneck
War Room Member
 
Paul Myers's Avatar
 
Join Date: 2002
Location: Erie, PA
Posts: 15,688
Blog Entries: 4
Thanks: 2,605
Thanked 16,565 Times in 4,753 Posts
Default Re: aWeber Compromised?

Shaun,

Assuming all your data is accurate and complete, that leaves Aweber's servers, or an Aweber-specific attack through your own servers, as the vectors I see.

I'm not prepared to rule anything out or to assume anything as the cause. Especially given the amount of technology that could be involved, and the various potential personal issues that could be acting as motivators.


Paul

.
Stop by Paul's Pub - my little hangout on Facebook.

Paul Myers is offline  
Unread 19th December 2009, 04:16 AM   #32
List Fundamentalist
War Room Member
 
Shaun OReilly's Avatar
 
Join Date: 2005
Location: United Kingdom
Posts: 2,997
Thanks: 571
Thanked 2,168 Times in 1,070 Posts
Default Re: aWeber Compromised?

Quote:
Originally Posted by Paul Myers View Post
Shaun,

Assuming all your data is accurate and complete, that leaves Aweber's servers, or an Aweber-specific attack through your own servers, as the vectors I see.

I'm not prepared to rule anything out or to assume anything as the cause. Especially given the amount of technology that could be involved, and the various potential personal issues that could be acting as motivators.


Paul
Hi Paul,

Some of the unique e-mail addresses I used for the
web forms are with GMail etc so I guess that rules
out my own servers.

For example, I often test a web form with on-the-fly
GMail addresses by using the '+' sign, as in:
name+formname@googlemail.com

These haven't been used anywere else, and are
only housed on AWeber and GMail servers and not
my own.

Let me also make it clear I've got no axe to grind with
AWeber and have found them a thoroughly decent
company who provide an excellent autoresponder and
typically great customer service.

If the source of the problem is identified conclusively,
and that's yet to be done, only then can the right
corrective action be taken.

Dedicated to your success,

*Shaun O'Reilly

.
Shaun OReilly is online now  
Unread 19th December 2009, 04:24 AM   #33
Zen Redneck
War Room Member
 
Paul Myers's Avatar
 
Join Date: 2002
Location: Erie, PA
Posts: 15,688
Blog Entries: 4
Thanks: 2,605
Thanked 16,565 Times in 4,753 Posts
Default Re: aWeber Compromised?

Shaun,

The Gmail issue is indicative, but not conclusive. See the latter part of my last post for my thinking on that. And, given that I have similar control addresses that haven't ever received any spam at all, there's some variable that hasn't yet been considered.

Given your past comments here about Aweber, I hadn't assumed any ill intent on your part, I assure you. No need to explain or justify an honest look for the truth, sir.


Paul

.
Stop by Paul's Pub - my little hangout on Facebook.

Paul Myers is offline  
Unread 19th December 2009, 07:04 AM   #34
HyperActive Warrior
War Room Member
 
tknoppe's Avatar
 
Join Date: 2008
Location: Missouri, USA
Posts: 158
Thanks: 27
Thanked 39 Times in 34 Posts
Default Re: aWeber Compromised?

Sadly, spam is a part of our lives and something we have to deal with. I have spam filters in place that catch most of it. While I've not always used unique email addresses for every Aweber list I've signed up for, I do have some email addresses that have been setup within my cpanel, never used anywhere and eventually they too receive spam.

I don't believe that my cpanel was compromised, but more likely that there are spam software/bots (whatever) that sequence through randomly created email addresses and eventually that automated process will actually deliver a valid email address somewhere and the spam mail gets through.

While it's certainly possible that Aweber was compromised, it could be equally as plausible that spammers are using some random email generator script.

tknoppe is offline  
Unread 19th December 2009, 07:20 AM   #35
Livin' The Tech Life
War Room Member
 
PCRoger's Avatar
 
Join Date: 2009
Location: The Land of Political Corruption - IL
Posts: 405
Thanks: 16
Thanked 33 Times in 30 Posts
Default Re: aWeber Compromised?

Quote:
Originally Posted by tknoppe View Post

While it's certainly possible that Aweber was compromised, it could be equally as plausible that spammers are using some random email generator script.
I thought about that, but ruled it out immediately. I have 1 domain in the pack that is a catchall. anything @ thatdomain.com will come through to me. Only the aweber address did.

Also, hacking someone who had a list at aweber (mentioned somewhere above) would not do it (completely).

Not only are there 20 addresses I have on 20 different lists (ie, 20 hacks), my unique address that I gave ONLY to aweber to use for my account with aweber and not on any lists also received the same spam message.

Roger.

Track your affiliate sales back to the ARTICLE or WEBSITE that generated the sale. CBSaleTracker

I was making money in days with the 4 Day Money Making Blueprint

PCRoger is offline  
Unread 19th December 2009, 07:20 AM   #36
Warrior Member
 
Join Date: 2009
Posts: 4
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: aWeber Compromised?

Shaun, I am with you, I have (Friday) received bursts of spam email to approx 15 out of several hundred unique email addresses I have registered with various companies.
The common factor seems to be aweber (I gave up checking them all as was out of time), also I can't say whether I have other emails handled by aweber that aren't being spammed. I am not an aweber user.
I have submitted a support request at aweber and suggested I will require compensation for the inconvenience (changing each email).

I've seen this happen before too, both to me and reported on the web (I can't post links, so search..) "SpamCop Discussion > How do I sue an identifiable Texan spammer illegally using traceable email addresses?"
[if this is a duplicate post, apologies, but it seems to have disappeared]
DaveDaveDave is offline  
Unread 19th December 2009, 08:16 AM   #37
Enlivan
War Room Member
 
Damien Roche's Avatar
 
Join Date: 2007
Location: Outside The Box
Posts: 1,012
Thanks: 154
Thanked 103 Times in 71 Posts
Default Re: aWeber Compromised?

So strange. This didn't make any sense as I'd only used aweber once until Shaun detailed some of the addresses these were sent from.

Happened to my gmail address from exactly the same email addresses. I received about 5 in one day and my account has never received spam in over 2 years.

Could be aweber as I have had an account with them, but not any more...think they still keep my email on file?

These psychopathic spammers are relentless.

>> Available For Full-Time Web Development <<

(HTML, CSS, JavaScript, PHP, Ruby, Rails)
Seasoned freelancer w/ established Elance profile
$50/hr
Damien Roche is offline  
Unread 19th December 2009, 10:28 AM   #38
InternetBusinessBox.com
 
Join Date: 2009
Posts: 391
Thanks: 6
Thanked 104 Times in 64 Posts
Default Re: aWeber Compromised?

I show deliverability drops already from Aweber hosted lists. They were at 81.18% deliverability across all test lists. They have dropped to 74.93% deliverability in the last two days since the spam started.

If the spam isn't due to an Aweber compromise, then why has the trust level of major email ISPs toward Aweber dropped so much?

The ISPs aren't buying the "we aren't compromised" bury their head in the sand position of Aweber.
KristiDaniels is offline  
Unread 19th December 2009, 12:10 PM   #39
Warrior Member
 
Join Date: 2009
Posts: 4
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: aWeber Compromised?

re "I show deliverability drops already from Aweber hosted lists."
Maybe there's something I'm missing here, but the spam I'm referring to is not coming from/via aweber, it is simply spam (from dsls generally so botnets presumably) that is addressed to email names that have previously been delivered to by aweber. Thus I don't see how this would affect aweber's normal delivery stats.
DaveDaveDave is offline  
Unread 19th December 2009, 01:11 PM   #40
Warrior Member
 
Join Date: 2009
Posts: 5
Thanks: 1
Thanked 0 Times in 0 Posts
Default Re: aWeber Compromised?

I am not a customer of aWeber.

I've signed up for several aWeber lists and unsubscribed many of them.

I give a unique email address to each list I subscribe to. I have hundreds of these unique addresses, as I give a unique address to any web site that asks for one. I have a unique one here at warriorforum.

Since yesterday, I've received five spams to five unique email addresses I've only given to aweber users. These spam are all similar to each other.

I have hundreds of other email addresses that I've given to non-aweber lists and sites and I've not received any spam to those addresses.

QED

I also contacted aweber, sent them complete headers and got the same boilerplate response that Shaun reported. I then wrote them to check out this forum.
Sir Dancelot is offline  
Unread 19th December 2009, 02:02 PM   #41
Just Saying It Like It Is
 
kyleb's Avatar
 
Join Date: 2009
Location: Big Sky Country Montana - Where we have more deer than people.
Posts: 96
Thanks: 10
Thanked 42 Times in 20 Posts
Default Re: aWeber Compromised?

I just started receiving those as well to a couple of email addresses I have used to sign up on Aweber lists, but also on some other mailing lists...

I hope Aweber wasn't hacked! I use them for all my subscribers.

Kyle

Your goals should be just out of reach, but never out of sight.
Visit Kyle Allred over at www.KyleBlakeAllred.com I tell it like it is.
kyleb is offline  
Unread 19th December 2009, 02:23 PM   #42
Active Warrior
 
Join Date: 2008
Location: , , .
Posts: 42
Thanks: 0
Thanked 5 Times in 4 Posts
Default Re: aWeber Compromised?

Yes, Aweber got compromised and I can prove it without any doubt.
See my post here:
Thank you Aweber for exposing all my email addresses to SPAMMERS. Thank you so much!


.
RobJones is offline  
Unread 19th December 2009, 02:59 PM   #43
HyperActive Warrior
 
Join Date: 2007
Location: , , .
Posts: 111
Thanks: 9
Thanked 6 Times in 4 Posts
Default Re: aWeber Compromised?

If Aweber was hacked and they (Aweber) are burring it; then allot of people int he IM world are going to be f*cked

Maybe it is a good ideal, for anyone using Aweber, to send a test message to their list. Explain the situation... maybe even reference this thread. That way your list will know that it was not you who sent the spam.

Also, ask if anyone from your list, if they received spam from an unique email address used specifically for your newsletter,then enter a new and unique email into Aweber.

If they still receive spam on this new email address then we will know Aweber was compromised.

I personally have roughly 220-230 different email addresses. About 35 on those have received spam thus far. One third of those email addresses are still active. The rest have been unsubscribed from their respective list.

52.ct is online now  
Unread 19th December 2009, 03:58 PM   #44
Active Warrior
 
Join Date: 2008
Location: , , .
Posts: 42
Thanks: 0
Thanked 5 Times in 4 Posts
Default Re: aWeber Compromised?

Yes, Aweber was hacked and I can prove it with 100% certainty.
(Everyone can contact me via PM)

Of course, the spammers aren't sending emails via Aweber's servers. (they, the spammers, are sure not that dumb)
The spammers have just hacked Aweber's servers, extracted the email addresses from Aweber's data base(s) and are now happily sending tons of spams using their own untraceable spam bots.

That means:
From now on ALL the compromised email addresses will ALWAYS receive tons of spam.
The only way to stop those spam floods would be to stop using those email addresses.
And that in turn would also mean to stop receiving emails from all those marketers who are using Aweber...
RobJones is offline  
Unread 19th December 2009, 04:07 PM   #45
Senior Warrior Member
War Room Member
 
mattlaclear's Avatar
 
Join Date: 2009
Location: Mason, MI 48854
Posts: 3,955
Blog Entries: 56
Thanks: 1,756
Thanked 1,338 Times in 679 Posts
Default Re: aWeber Compromised?

Quote:
Originally Posted by rosetrees View Post
Maybe the list owners weren't as honest as you'd like?
I agree with Rose on this one. aWeber runs a tight ship. But even if they didn't you would still have to end up trusting some other autorsponder service provider with your info.

Are toxic links poisoning your search engine rankings? Download my free report to learn how to identify and neutralize their harmful effects on your website.

Grab My Free Report By Clicking Here!
mattlaclear is offline  
Unread 19th December 2009, 04:20 PM   #46
Active Warrior
 
Join Date: 2008
Location: , , .
Posts: 42
Thanks: 0
Thanked 5 Times in 4 Posts
Default Re: aWeber Compromised?

Quote:
Originally Posted by mattlaclear View Post
I agree with Rose on this one. aWeber runs a tight ship.
BULL SH*T!
Because of the unique anti-spam system I use I can prove with 100% certainty that Aweber's servers must have been hacked.
Check my thread here:
Thank you Aweber for exposing all my email addresses to SPAMMERS. Thank you so much!


Quote:
Originally Posted by mattlaclear View Post
But even if they didn't you would still have to end up trusting some other autorsponder service provider with your info.
This is like saying:
"My auto mechanic has seriously damaged my car but never mind; after all, if wouldn't have used this auto mechanic then I would have to use another one."

Is there any logic in that sentence?
RobJones is offline  
Unread 19th December 2009, 04:48 PM   #47
Zen Redneck
War Room Member
 
Paul Myers's Avatar
 
Join Date: 2002
Location: Erie, PA
Posts: 15,688
Blog Entries: 4
Thanks: 2,605
Thanked 16,565 Times in 4,753 Posts
Default Re: aWeber Compromised?

Rob,
Quote:
Because of the unique anti-spam system I use I can prove with 100% certainty that Aweber's servers must have been hacked.
It's possible they were. It's possible some other vector was involved. At this point, we don't know anything except that some addresses which previously never received spam have started to, and it looks like a compromise of Aweber's systems, personnel, or transit.

Barring a lot more details about your unique anti-spam system, we don't have anything from you that even looks like proof. And there are things that could happen that could have the same result without their having been hacked.
Quote:
This is like saying: "My auto mechanic has seriously damaged my car but never mind; after all, if wouldn't have used this auto mechanic then I would have to use another one."
Actually, it's not. It's more like saying, "My car was vandalized while in the parking lot at this mechanic's shop. That could happen at another shop, too."

There is one possibility that concerns me a lot. If it turns out to be that, you can forget security at any list host, because it would happen outside their area of control.


Paul

.
Stop by Paul's Pub - my little hangout on Facebook.

Paul Myers is offline  
Unread 19th December 2009, 05:05 PM   #48
Results Based Marketer
War Room Member
 
jasondinner's Avatar
 
Join Date: 2005
Location: Long Island, NY USA.
Posts: 2,245
Thanks: 350
Thanked 408 Times in 286 Posts
Default Re: aWeber Compromised?

WOW!!

I just checked in my spam folder and found the same "pharmacy" emails Shaun
said he was getting to his previously "spam free use for aweber only email address"
and I have the same emails in my spam folder too!!

Now before I completely made my mind up that Aweber was compromised I looked
at the email address these D-Bags (spammers) sent their crap to which led me
to believe that Aweber indeed was compromised.

You see, when i test opt-in forms, i use my gmail account, but put dots in betweeen the
user name.

For example if my gmail address was jasoniscool[a]gmail dot com , i would use

j.asoniscool , then ja.soniscool, jason.is.cool, etc.

Aweber forms are the only places I submit those variations of my email addresses to.

Guess what!!?!?!?!?!?!?!

The email addresses these spammers sent their spam to was to those email address variations.

If they did indeed get hacked, hopefully they are working towards correcting the
situation and preventing it from ever happening again.

Maybe they will come in here and clear things up for us, or admit it.(doubtful - lol)

Cheers
Jason

P.S. - Other than that, I have found Aweber to be the best provider of these types of
services in their price range.

Obviously they are not the end-all-be-all, but they are good for most marketers.

When I am making $3K per day or before that, I will definitely be looking for other
providers.

jasondinner is online now  
Unread 19th December 2009, 05:32 PM   #49
Doing Internet Long Time
War Room Member
 
blkfin's Avatar
 
Join Date: 2009
Location: Earth
Posts: 85
Thanks: 19
Thanked 14 Times in 13 Posts
Default Re: aWeber Compromised?

No Doubt something has happened at aweber. I am getting the same messages as everyone else from my mailing list email addresses. i.e. newslettername@MYDOMAIN.com.
blkfin is offline  
Unread 19th December 2009, 05:50 PM   #50
HyperActive Warrior
 
Join Date: 2007
Location: , , United Kingdom.
Posts: 100
Thanks: 3
Thanked 3 Times in 3 Posts
Default Re: aWeber Compromised?

Quote:
Originally Posted by KarlWarren View Post
Experiment...

Set up a brand new email address and give it to NOBODY... I guarantee you get spam.
Without a doubt. Especially if it is @gmail, @yahoo or @yoursite.com

Why automatically point blame?
Hi KarlWarren,
I don't have an answer, but I do not agree with your statement. I have several Gmail accounts which I do give out, except one that I hold for reserve. I have not received a single Emails to that address except the one I sent to it myself. I have that account for over 1 year and it has not been compromised yet. So your statement about Gmail account is not 100% accurate.

johnng is offline  
Closed Thread

  Warrior Forum - The #1 Internet Marketing Forum & Marketplace > The Warrior Forum > Main Internet Marketing Discussion Forum

Bookmarks

Tags
aweber, compromised, spam

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off




All times are GMT -6. The time now is 07:55 PM.