The revival of STD Carriers Disease Control and Prevention Services was crippled this past week when spammers hijacked its mail server by exploiting a vulnerability in hMailServer. As a result, the domain is now blacklisted by popular email providers and cannot contact its users. This also means that many authors of STD reports cannot recover their passwords and people seeking removal cannot contact the authors. Everything would have been prevented had the right box been checked in hMailServer.
STDCarriers.com was a nationally recognized sexually transmitted disease (STD) prevention service in 2012 before going offline. As part of reviving the site, an email was sent to registered users hoping to draw traffic back. Shortly after that a bot began exploiting a vulnerability in hMailServer and made the STD Carriers server send tens of thousands of bulk emails pitching a famous scam. STD Carriers suspects these emails to be connected to the ChaosCC Hacking Group which has been spamming STD Carriers with ransom demands in recent weeks. The suspicious timing indicates that at least one STD Carriers account belongs to ChaosCC and ChaosCC attacked STD Carriers for the purpose of getting them blacklisted so that they could not communicate with thousands of users that have no idea the site is back.
hMailServer has been one of the most popular open-source email server programs since 2002. It is a favourite of novices that are running their own mail server for the first time. The owner of STD Carriers is one of those people. He did not check the box to require authentication for internal to external messages. This is an easy mistake that anyone could make and hMailServer could do more to warn people about the importance of that box. The lesson to be learned here is that if you use hMailServer check that box.
For more information visit:
STD Carriers Disease Control and Prevention Services
Fixing the Problem on the hMailServer Forum
STDCarriers.com is Back Following Long Legal Battle