Web Hosting Forum | Lunarpages


*
Welcome, Guest. Please login or register.
Did you miss your activation email?


Login with username, password and session length
February 09, 2012, 03:06:24 PM

Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: Security alert from LP?  (Read 2247 times)
ronmsf2
Master Jedi
*****
Offline Offline

Posts: 1174
« on: December 14, 2009, 05:29:42 PM »
Did Lunarpages send out the following security alert?  I have not seen any mention of an alert here, so I have not followed any of the links in the e-mail, (and have removed them from the quote below; LP can post them if they are valid).

Hello,

We are contacting our customers to warn about a serious security risk being sent via email to people running websites.

First of all, please ensure to never provide your login details for your account on any site that is not directly related to our services, which you can reach through our main site and through your login page (all details included with your original welcome email).

For details on the phishing email that is being sent, please review the following two links:

News details
Link to.... 120809_Phishing_Scam_Imitates_cPanel_Targets_Webmasters

Explanation on the phishing email contents with screen shots
Link to...  webmasters-targeted-by-cpanel-phish.html

Again, please be very cautious when entering any account specific details on any site. You should always check that the site is actually one of ours or contact us directly if you are not certain about the legitimacy of any email you receive.

If you have any questions on this matter, please email support@lunarpages.com

Thank you,
Lunarpages Support
Logged
"Be glad of life because it gives you the chance to love and to work and to play and to look up at the stars" -Henry Van Dyke

"Education is the kindling of a flame, not the filling of a vessel." -Socrates
MrPhil
Berserker Poster
*****
Offline Offline

Posts: 5083
« Reply #1 on: December 14, 2009, 08:05:16 PM »
I received such an email. The links appear to be valid, going to news stories about phishing attempts aimed at LP (and many other host company) customers. It basically reminds us not to fall for emails that say "we need you to verify your information -- please give your account and password here." Apparently there are plenty of people dumb enough to fall for that. I would worry about a "security alert" if it included a request to sign into our accounts, "helpfully" providing a link to cPanel. What about this email concerns you?
Logged
darkwolf
Guest
« Reply #2 on: December 15, 2009, 12:02:19 AM »
The alert that was received WAS a legitimate email from Lunarpages advising of a recent security risk that has come to the attention of our Admin support team.

The urls that were provided are legitimate to allow account holders to be aware of what the emails may look like if they receive them.
Logged
ronmsf2
Master Jedi
*****
Offline Offline

Posts: 1174
« Reply #3 on: December 15, 2009, 11:29:42 PM »
Thanks for the responses.  I was just surprised that something that warranted an e-mail notification from LP was not also posted on LF.  I remember when LF was a very active forum.  The most up-to-date news regarding LP could always be found here.  LF doesn't seem to be quite so active as it once was.  Anyway, thanks for the responses.  Cheers.
Logged
"Be glad of life because it gives you the chance to love and to work and to play and to look up at the stars" -Henry Van Dyke

"Education is the kindling of a flame, not the filling of a vessel." -Socrates
MrPhil
Berserker Poster
*****
Offline Offline

Posts: 5083
« Reply #4 on: December 16, 2009, 08:00:05 AM »
Agreed. This kind of information should also be posted in a new Security Announcements board in the News & Information Category. Other general tips and tricks for security could be there, too.

Another thought: Any time LP sends out an email, particularly one warning of security problems and requesting actions, it is only common sense to have a copy posted on the forum somewhere. The first thing anyone would do is to to check if this warning is also posted on the site, in an official channel. If it isn't, it would generate concern that perhaps it's a spoof or phishing attempt. So, LP, how about exhibiting some common sense? Everyone else (e.g., eBay, PayPal) does it that way. And no links to LP sign-ons in the email, either!
« Last Edit: December 30, 2009, 05:10:05 PM by MrPhil » Logged
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to: