Author: Martin Lemieux

This widely used viral marketing tool is destroying many online networks. Just last month, our entire network was under attack and was responsible for sending out millions of spam email to people we didn't even know from a user within our server that wasn't generated by us.If your site does take advantage of a "Tell A Friend" script for marketing your site, please take it down right away!!! This tool is so dangerous it's not even funny.

What Are Tell A Friend Scripts?

Tell a Friend Scripts are described as email forms that allow users to send a simple message to their friends via the website they are visiting in order to notify their friend to "check out this website". In simple terms; it allows "You" to send email to your friends via someone's website. They were created for viral marketing purposes in order to promote the website they get generated from.

Spam networks, and smart programmers world wide have found ways to exploit this widely used tool in order to send 1000's of email at a time instead of just sending one or two emails to their friend.

This is no joke, our system has been back-logged for a while now with bounced emails from other hosting companies blocking our server from sending any more emails.

Attackers Use "Bcc" Through Your Tell A Friend Script!

Spammers exploit these insecure scripts by sending an email through a tell a friend script while adding 100's, if not 1000's of emails by "Bcc:". This sends a "blind carbon copy" of the email to any user specified within the Bcc:. In other words, these exploited tell a friend scripts not only send an email to the specified "friend" but, it also sends a blind copy to all the other emails specified within the Bcc. Thus giving your attacker a means to spam 1000's of people at a time and hurting your good name in the process. Attackers can also hide their identity really easy by using a false email address from your website and making it seem as though you where the one who sent these spammy emails directly from your website.

How Can This Affect Your Business?

If your website uses a "Tell A Friend" script online (and doesn't protect the script properly), it may get your website, or your entire network booted from your hosting service completely. Whether your site is on a shared hosting plan, or a dedicated server, this tool affects everyone on the server including the company that provides the service to you. If you don't fix the problem right away, your hosting service may have no choice but to suspend your account indefinitely, or until the problem is fixed.

It took me over a week to find the problem(s) and get rid of them. It then took another week just to manage all the bounced emails coming in which I have to say where totaling into the millions once everything was said and done.

If you can't take down your "Tell A Friend" script yourself, hire someone right away to do it for you. Even with safety measures in place, these scripts are extremely dangerous and should never be used.

These types of scripts are the cause of over 70% of all hacked-into/spam-relay servers, and the worst part is that only a fraction of the owners know that these insecure scripts are being used.

So if you think about it, if these types of scripts are the cause a huge percentage of spam world wide, what would happen to spam if we all tightened up all of our marketing tools online? Would spam stop completely? Unfortunately no. But, we would be doing our part in stopping this widely used, and exploited viral marketing tool.

What Measures Can I Take To Stop Spam From My Site?

Without getting really technical with you, I will go through some things that I found online that were extremely resourceful in finding problems within my network, which ultimately helped to tighten up my forms online. Please consult your web programmer, or hosting service if you do not have the knowledge needed to use the below listed security add-ons and safe practices.

Well start with "Advanced Measures" for programmers. These tools should be provided to your web developer, or hosting company to help them discover your problems.

1) Server Email Add-On:
This specific server email add-on will tell your technical people exactly where spammers are using your compromised scripts online. As soon as a form has been compromised to send spam, this email add-on will add a line to the email headers telling you where it was generated from!

For Ex: X-PHP-Script: www.example.com/~user/testapp/send-mail.php for 10.0.0.1

Get More Information Here:
https://www.ndchost.com/customer/support-center/index.php?x=&mod_id=2&root=0&id=19

^ This script is for advanced users who have access to SSH within their hosting service. If you have a shared plan, please contact your hosting company and tell them about your problem.

2) Use A "Security Image Script" For All Online Forms:
Each of your online forms should ALWAYS use a security image script that identifies real people compared to automated robots. A user has to enter the security word, or scrambled letters generated by this script. This prevents advanced programmers from exploiting your forms to use for spam.

Here Is A Good But Simple Image Script:
http://www.white-hat-web-design.co.uk/articles/php-captcha.php

^ This is fairly simple to implement. If your web programmer doesn't have the knowledge to implement this script, try hiring someone will better skills in order to protect your business properly online.

3) DO NOT EXPOSE YOUR EMAILS ONLINE:
This simple but deadly method is used by 1000's of people and companies world wide and should never, ever be used. If you cannot have a security form added to your site and you need to add your contact email, only add your email in this format:

email[AT]your-web-site[DOT]com

At least with this method, robots cannot access your email via your website and use it right away. A live person will need to view your email and replace the [AT] with an "@" symbol, and also replace the [DOT] with a ".".

Many people wonder why they receive spam almost right away from a newly created email account. Adding your email online to the public will be picked up almost immediately! To find out if your email is exposed online, simply search for your email account within "Quotes" through a Google search. If your email account is displayed within the search results, then it has been exposed online and you will need to visit each website that displays your email account to have it removed manually.

If within your search results you find your email account listed directly from your website, remove it immediately and replace it with the sample above (email[AT]your-web-site[DOT]com).

4) Make Sure Spam Filtering Is Active:
Some hosting services don't automatically activate your spam filters until you ask them to. Just double check you're hosting service to make sure that your spam filters are active and NEVER open any emails that you don't recognize.

5) Make Sure You Don't Have An "Open Spam Relay":
Even though this feature is dying out, there are still hosting servers that allow this form of spam attacking. "An open mail relay is an SMTP (e-mail) server configured in such a way that it allows anyone on the Internet to relay (i.e. send) e-mail through it." ...Wikipedia

Here is a tool to find out if your IP address(website/network) allows email through an open spam relay...
http://www.spamhelp.org/shopenrelay/

Here is another tools which will show you whether or not your server has been blocked/flagged for spam...

http://www.mxtoolbox.com/blacklists.aspx

==

IN CONCLUSSION:

Some viral marketing tools available for your website are not worth it compared to the potential for online attacks. Robots are consistently trying to find loop holes within your website scripts. Take all necessary steps to prevent an advanced user from compromising your hosting server and ultimately using your good name to spam millions of people world wide.

Hire the right programmer to help make sure that everything you do online is secure and protected. Make sure that your hosting service has the right security in place, and if your have your own dedicated server, take these tools very seriously because they could mean the different between operating a sound business online, compared to having no business online due to negligence on your part.

Martin Lemieux is the owner of a successful article directory network with over 80,000 author submitted articles, with over 30,000 active authors world wide.

http://www.Article99.com - Authors Club

http://www.article99.com/internet-marketing/viral-marketing/ - Viral Marketing Tips

http://dev.smartads.info/ - Web Development Tips

Copyright, All Rights Reserved. Reprints accepted as long as the entire article remains the same including this author resource box.