Skip to navigation | Skip to content
Spam is the bane of bloggers. The internet may yet be rendered close to useless thanks to the deadly combination of the low-cost, high-volume mechanized advertizing it facilitates and our culture’s emphasis on consumption and competition.
Still, we’re not going to make it easy for them.
My server was recently subject to a hack attack. In some senses it was pretty serious—many new files containing malicious code, many altered files, new bogus admin accounts in WordPress. But in the end it seems I lost no data, and none of my sites got injected with spam links (which I gather was the intent of the hack).
Needless to say, I’ve been forced to quickly learn a lot about web security, and I’ve been grateful to be forced to do so without major losses. I’ll try and document some useful things I’ve learned here.
NOTE: This post contains some good WordPress security tips, but in response to a specific hacks. For a more general, comprehensive run-down of solid WordPress security measures, see this post.
Just solved a pesky email problem that was really vexing.
Sending email from my localhost web server (usually via ColdFusion apps), for testing and other purposes, has always worked swimmingly. Recently, however, emails sometimes didn’t send. A glance at my ColdFusion log files showed the error “Invalid Addresses”.
Some addresses from some of my domains have started to be used extensively for sending spam (by other people!), so I wondered whether I’d got blacklisted somehow.
A blacklist was involved, but not for addresses. A closer look at the CF error logs showed this:
Invalid Addresses; nested exception is: class javax.mail.SendFailedException: 550-xx.xx.xx.xx is listed at zen.spamhaus.org (127.0.0.11: 550 http://www.spamhaus.org/query/bl?ip=xx.xx.xx.xx)
The x’d out bits are my current IP address. Spamhaus.org seems to be a large spam-fighting clearinghouse, with, among other things, IP blacklists. Looking up my IP address on their database found it listed.
The solution is to add SMTP authentication to your outgoing mail script. For ColdFusion, it looks something like this:
<cfmail to="user@domain.com" from="noreply@domain.com" subject="Message subject" server="smtp.domain.com" username="noreply" password="password"> [message] </cfmail>
(Obviously, with suitable bits substituted for your situation…)
Welcome! I build websites - mostly based on the brilliant, free & open 