Fake Security E-mail Issued May 25, 2011

Status
Not open for further replies.

DirectAdmin Sales

Administrator
Staff member
Joined
Feb 27, 2003
Messages
620
An e-mail was sent to clients with the subject: "DirectAdmin Client Message." This message claimed there was a serious DirectAdmin security issue and included a link to a phishing website.

We apologize to all our clients because this was a result of our server being compromised. Please DELETE the phishing e-mail and run a virus scanner if you clicked on the link. Most people were not exposed to the phishing site because it was taken down very quickly. For this reason you may have seen a 404 error only. There are no known security holes in DirectAdmin so there is nothing you need to update or patch.

First and foremost, your billing information remains 100% safe. We store no financial information on our server. In addition, we use a merchant gateway that restricts us, even as owners, from viewing your credit card information. Secondly, there is no security issue with the latest version of DirectAdmin. We have no reason to belive that DirectAdmin or any related software is vulnerable to attack. There are thousands of DirectAdmin servers and no reports of any being compromised.

Please note that we encrypt ALL passwords; for example, any password generated (e.g. client account password) and any password you provide (e.g. server password on the order form). Although cracking encrypted passwords is unlikely, changing your password is the best way to guarantee 100% security. Aside from that, there is nothing else you need to do as a customer. Your DirectAdmin server is not open to any new vulnerabilities.

We sincerely apologize and take responsibility for this incident. If you require more specific information please contact me at [email protected] for a personal response, or you can use our regular [email protected] address. I'm available for addressing specific questions and concerns.

Mark
JBMC Software
 
Status
Not open for further replies.
Back
Top