Over the past week, we\u2019ve been made aware of a potential security issue affecting users of autoresponse plus. Currently, the instances we\u2019ve seen have been related to ARP3 and are a serious concern.<\/p>\n\n\n\n
In a nutshell, hackers are hacking into autoresponse plus accounts (not the server, but the actual email client itself).<\/p>\n\n\n\n
NOTE:<\/strong> This vulnerability is not exclusive to, or in any way related to, the hosting provider or server choice. This is a problem with autoresponse plus (ARP\/ARP3). It has been found on a variety of webhosts running all different applications and across a number of different industries and markets.<\/p>\n\n\n\n While we are not 100% certain of all the ways in which this is happening due to log file expiration on the servers we\u2019ve looked at, it appears that it is due to a \u201cSQL injection\u201d.<\/p>\n\n\n\n To keep things simple, there is a problem with ARP, which exposes elements of the database to attackers. The autoresponse plus (arp) admin password is not encrypted, and a hacker can essentially overwrite the admin user email address and use it to retrieve the password as well as retrieve an export of all email addresses in the system.<\/p>\n\n\n\n The only sure fire way to solve the problem is to REMOVE autoresponse plus (ARP3 from your server). There are several ways in which the security can be compromised.<\/p>\n\n\n\n Next Steps<\/strong><\/p>\n\n\n\n There\u2019s a good chance your IP reputation has been affected by the hack, so you\u2019ll want to do a few things right away to restore your reputation and improve it overall.<\/p>\n\n\n\n Until your reputation has rebounded to upper 80s\/lower 90s, you\u2019ll want to clean your list after each broadcast or promotion. After that, you\u2019ll want to practice routine list hygiene on a weekly basis and stay on top of complaints, removing those subscribers from your list ASAP.<\/p>\n\n\n\n Author: Heather Seitz<\/p>\n\n\n\n Attention Readers, Publishers, Editors, Bloggers, and Marketers: You may republish or syndicate this article without any charge. The only thing I ask is that you keep the newsletter article or blog post exactly as it was written and formatted, with no changes. You must also include full publication attribution and back links as indicated.<\/p>\n\n\n\nAs a result, here is some of what is happening:<\/h2>\n\n\n\n
<\/strong>In other words, they are actually CHANGING the email address set up in your ARP account. This means password resets, notifications, etc. will all be going to the email address they change it to. (So far, these all appear to be Hotmail, gmail, and Yahoo top level domains).<\/li>
<\/strong>We have verified that, inside several accounts, the \u201chacker\u201d has downloaded the contact list. For obvious reasons, this is a big issue\u2026<\/li><\/ol>\n\n\n\nHow Is Autoresponse Plus Getting Hacked?<\/h2>\n\n\n\n
How to Fix the Problem<\/h2>\n\n\n\n