DWITE Spam
By Dan on Monday February 27, 2012 At 07:48PM
It has come to our attention that there has been some recent spam sent to users who choose to display their e-mail publicly in their profile. Please note that you may hide your or change your e-mail address in your UserCP settings as well as control what official DWITE e-mail you will receive. To our knowledge our site and database have not been compromised and thees e-mail address where simply taken from user's profiles who had their e-mail set as public. Public e-mails are only shown to signed in users and are encoded with javascript, however, this does not stop determined spammers from obtaining your e-mail if you choose to show it. These spam messages are not coming from the DWITE servers or our AWS based instances.
We recommend the following steps if you wish to reduce this kind of spam:
- Hide your e-mail via the UserCP settings
- Use an e-mail client with a spam filter
- If you get a spam e-mail, make sure to mark it as spam. If you use web based e-mail services such as gmail, this allows your e-mail provider to block the sender and prevent future spam.
- If your e-mail provider supports it, use "Instant disposable" e-mail addresses. For example yourgmailaddress+dwite@gmail.com.
- Filter out or block all e-mails from and to veraappxx@libero.it and veraapia2011@yahoo.in (the source of the recent spam).
- If you relay don't want to hear from us or any one talking about us filter out e-mails with the word "dwite" or "dwite.org".
Most importantly never give out your DWITE password to any one.
On our side, we plan on implementing the following changes to make sending spam to our users even harder:
- Switching all existing accounts to have hidden e-mails (you will be able to show your e-mail publicly again if you choose to do so).
- Making e-mails hidden by default.
- Restricting logins to only north American IP addresses.
- Report the spam to multiple DNSBLs, Google, and the host responsible for the source of the spam.
Theses changes should be implemented in the coming days, and all current user accounts will be switched to having hidden e-mails in the next few hours.
Thanks,
--Dan