On Shared Hosting Spam emails can cause havoc for users of the servers. All it takes is one user on the server to neglect to update their WordPress Version, the out of date WordPress gets compromised and is used to send spam emails. Very quickly our helpdesk lights up with clients who cannot send email or who are receiving bouncebacks. This is frustrating but is a disadvantage of Shared Hosting unfortunately.
Do a simple Google Search for ‘Spamming in Shared Hosting’ and you will see this is an age old problem. We wanted to let you know what we have been doing to try to prevent this problem from becoming a problem on our shared hosting servers.
Mail Queue Monitoring
We monitor all our shared server 24/7 using Nagios but recently we installed a ‘Mail Queue Plugin’ on all shared servers and we now get a yellow alert if the mail queue on a server reaches 250 and a red alert if the size of the mail queue reaches 500. This enables us to check immediately for sources of spamming and stop the spamming before a significant number of spam emails leave the server. The logic behind this is to stop our server IPs being blacklisted and to take a pro active approach to stop spammers.
It is worth noting at this point that most spamming we see on servers comes from out of date WordPress installs. Only 30 minutes ago we stopped spamming on server 12 coming from a WordPress Script that was many versions out of date so this beings us to our second mode of attack
WordPress Version Audits
Adam in our office is on a mission! His mission is to track down all out of date WordPress Installs on our servers. We are running a script on our servers to locate WordPress Installs that are out of date and we are sending those clients courtesy emails reminding them of the need to update their WordPress right away. Anyone who ignores these emails will be followed up promptly. The aim is to educate shared hosting clients about the importance of updating their WordPress Installs.
It is worth noting at this point that we have found many clients with really old wordpress installs that have been installed and simply forgotten about. This is a timely reminder that leaving a really old unused script on the server is a major security risk and could easily be compromised and used for spamming thus putting the reputation of our IP addresses at risk.
Email Password Security
Another less common source of spamming is authenticated sending of email via SMTP. This usually happens where someone’s local machine if infected with a virus that steals the password and uses that same password to send spam. In all these cases when we change the password the spamming stops. It is another timely reminder of the importance of ensuring your local machines are malware and trojan free. Strong passwords generated from a website such as ‘The Strong Password Generator’ are vital for ensuring your email account’s security.
So What’s New from April in our desire for a Spam Free World!
BWF Spam Pack is a new service we are offering from 1 April 2014 (it is available right now but we want to take a little more time to test it). The ‘Anti Spam Pack’ is provided in partnership with Spam Experts one of the most respected Anti-Spam Companies in the World. Some of the world’s best known hosts use their service in pursuit of a spam free life.
This service is enterprise grade with Master and Slave Spam Servers for redundancy. It has been tested by us and has proven to be very effective at stopping spam issues.
Outgoing Mail Relaying
No longer are you going to be affected by the actions of a user on your shared server where spamming has caused the server IP to become blacklisted. Anyone who signs up for our Spam Pack will have ALL their outgoing emails relayed through the Spam Experts Anti Spam Cloud. The software will pick up virtually ALL outgoing spam with 99.98% accuracy and only allow genuine email to pass through. Because there will never be any spamming through the Anti Spam Cloud the IPs will be clean and there should never be any email delivery issues again caused by the actions of a spammy user who happens to be on the same shared server and who happens to share the same IP address.
We tested this product on a dedicated server client of ours who has a server in Orlando Florida. In January 2014 she was spamming unknown to her and her Ips were blacklisted. We worked to stop the spamming and had her IPs whitelisted on all known blacklists. The issue for this cleint was her email to Gmail was still landing in Spam 4 weeks after we had the blacklist removed. This was causing this client great frustration and concern. We also felt helpless to help this client and the solution was to have a new /30 IP block (a single IP address) allocated to her server (which technically is against RIPE rules as you cannot allocate IPs just because of Spam issues).
We switched this IP back last week, added the Anti Spam Cloud filtering and within minutes her emails were landing in Gmail Inbox again. For this client the small price to pay for an enterprise grade spam filtering solution was very worth while.
Incoming Mail Filtering
We bundle Spam Assassin with Cpanel and for most users this is a more than effective anti spam solution. For the few clients who get a lot of spam we believe the Spam Experts Incoming Mail Filtering Solution will be beneficial to them in allowing them to put a stop once and for all to inbound spam messages. This is a significant step for our shared hosting clients who wish to have a more comprehensive incoming email filtering solution.
This is an optional addon to the service and we can quote you on request. We can now offer the Spam Experts Cloud Archiving Service to permanently archive all received email for later review. Talk to us if this is a service you may be interested in.
So what does this Cost?
Our introductory pricing is £1.00 + VAT per month per domain for this Enterprise Grade Spam Protection for both outgoing and incoming spam protection. Until 1 May 2014 existing clients can get this protection for just 50 pence per month per domain.
We will shortly be emailing all clients concerning this 50 pence upgrade and anyone who does not want to avail of this incoming and outgoing spam protection does not need to take the offer and can easily opt out.