If you use ARP3, read this ASAP!

by mbacak
5 replies
I wanted to share with you this email I just received. My team
discovered this exact issue 5 years ago and reported to the owner.
But now its out in the wild and still remains unfixed. Matt

------- Forwarded message -------
From: Email Delivered Support
Date: Thu, Jan 10, 2013 at 12:19 PM
Subject: Autoresponse Plus (ARP) Security Problem

Hello Matt,


There is a serious issue that you need to look at right away.


Just recently, we've been made aware of a security issue affecting users of
Autoresponse Plus or ARP3. In short, hackers are hacking into Autoresponse
Plus accounts (not the server, but the actual email client itself).


For more information, please read this article:

Autoresponse Plus (ARP) Security Problem | Email Marketing & Email Deliverability


This issue is critical that you need to take action on this immediately as it can
and will damage your IP reputation and will require a new IP and starting over
OR will take significant time to repair.
#arp #arp3 #asap #autoresponder #autoresponse plus #autoresponseplus #read
  • Profile picture of the author Harvey Segal
    Matt

    Thank you for this warning.

    By chance I checked my ARP broadcasts today and
    noticed that a variation of the very example
    quoted was in the process of mailing out

    "TEMPORARY 72% DISCOUNT...KINDLE MONEY MACHINES........"


    I was able to pause after a few thousand messages
    had gone out.


    As a temporary solution in case the spammer
    strikes again I am setting the throttle limit
    (messages per hour) to a small number.

    Also a few days ago I noticed certain problems
    with ARP and I wonder if these were done in
    preparation by the spammer viz
    - no broadcast start/end notifications
    - no subscribe/unsubscribe notifications
    - no daily report of autoresponder usage



    .
    {{ DiscussionBoard.errors[7591003].message }}
    • Profile picture of the author Harvey Segal
      Originally Posted by Harvey Segal View Post

      Also a few days ago I noticed certain problems with ARP and I wonder if these were done in
      preparation by the spammer viz
      - no broadcast start/end notifications
      - no subscribe/unsubscribe notifications
      - no daily report of autoresponder usage
      I've discovered that the spammer changed the email address in my profile



      .
      {{ DiscussionBoard.errors[7591163].message }}
  • Profile picture of the author Neil Morgan
    Anyone concerned about this, please raise a ticket in the AutoResponse Plus help desk as we can tell you how to make sure that you and you alone can access your ARP3 script.

    We will only provide the information to people who give a valid license number and the email address held on file for that license.

    Regards

    Neil
    Signature

    Easy email marketing automation without moving your lists.

    {{ DiscussionBoard.errors[7591266].message }}
    • Profile picture of the author jimojeda
      Originally Posted by Neil Morgan View Post

      Anyone concerned about this, please raise a ticket in the AutoResponse Plus help desk as we can tell you how to make sure that you and you alone can access your ARP3 script.

      We will only provide the information to people who give a valid license number and the email address held on file for that license.

      Regards

      Neil
      Neil... I hope you're still around. I know you already sold ARP3 to another company, but if you would help me with this, I would be so grateful.

      I already tried submitting a ticket for it, but they pointed me to "health check" service that they are charging me something like $50 to fix.

      There's no "health check" needed on arp3! As I explained to them, there's a vulnerability and it's getting hacked!

      It doesn't seem like they are actually getting my password, they seem to be able to inject directly into the mysql database. They are able to change the default admin email address and they are able to upload a bunch of leads as well as set up broadcasts.

      My server's IP address and reputation have been seriously harmed because of this.

      I LOVE ARP3... but this security issue needs to get fixed asap.

      Can you help me please?

      Would you kindly PM me and send me instructions on how to plug this?

      I already tried updating my password on the script as well as in the mySQL database and they are still getting in!

      Thanks Neil for any help you can offer.

      Jaime Ojeda
      Signature

      Something Good Is Coming Soon

      {{ DiscussionBoard.errors[10222331].message }}
      • Profile picture of the author jimojeda
        Neil, I'm a valid license holder and one of your original customers, whom you promised "lifetime license with lifetime upgrades". I'm grateful for all you've done and for creating this amazing script.

        But now, I seriously need your help with this.

        I tried submitting a ticket already and they keep sending me to do a "health check" which will cost me $50.

        You already know how to plug this, I would expect that they would have simply told me the solution, but instead want to bill me for it.

        Please, let me know what else I can do. I also PM'd you and I haven't heard from you.

        I look forward to hearing from you.

        Jaime Ojeda
        Signature

        Something Good Is Coming Soon

        {{ DiscussionBoard.errors[10256041].message }}

Trending Topics