Results 1 to 15 of 15
Thread: Email interception
-
05-17-2009, 08:32 AM #1Temporarily Suspended
- Join Date
- Feb 2006
- Location
- India
- Posts
- 858
Email interception
Is there any way you can prevent both your incoming and outgoing emails from being intercepted or read by an unauthorized person? Any help would be appreciated.
Thanks
-
05-17-2009, 08:40 AM #2Web Hosting Master
- Join Date
- Apr 2003
- Location
- NC
- Posts
- 3,093
Being as the email protocol itself is all plaintext nothing to really stop anybody there. If you want to protect the contents consider encryption, something like PGP. Then if you are super paranoid you just have to worry about them being able to crack that.
John W, CISSP, C|EH
MS Information Security and Assurance
ITEagleEye.com - Server Administration and Security
Yawig.com - Managed VPS and Dedicated Servers with VIP Service
-
05-17-2009, 08:47 AM #3Temporarily Suspended
- Join Date
- Feb 2006
- Location
- India
- Posts
- 858
I can try encryption for outgoing mails , but what about incoming mails? Also can anyone change the content of incoming mails? I received a system generated email recently which seemed to be modified.
-
05-17-2009, 08:53 AM #4Web Hosting Master
- Join Date
- Apr 2003
- Location
- NC
- Posts
- 3,093
You would have to have the client encrypt them. Are talking about between 2 specific computers? If so you could setup a tunnel or vpn between them.
Well where are the emails to and from? If you are sending them directly from trusted server A to trusted server B then no. The A should connect directly to B and send it. Between A/B, yes technically it could be snooped. If it was modified there would have to be an intermediate computer as anything else should cause a problem as its being sent.
This of course assumes you are not some paranoid conspiracy theorist. Technically no there is nothing that says another server responding on your IP could not receive it then forward it on. This is not really a realistic scenario though...just saying possible.John W, CISSP, C|EH
MS Information Security and Assurance
ITEagleEye.com - Server Administration and Security
Yawig.com - Managed VPS and Dedicated Servers with VIP Service
-
05-17-2009, 09:04 AM #5Temporarily Suspended
- Join Date
- Feb 2006
- Location
- India
- Posts
- 858
I have a forum which automatically generates emails every time some one signs up. The mails are in a standard format and I get hundreds of messages a month. A few days ago, one of the mails was very different from the standard message.
And some time ago, I got emails saying that your email id is hacked, and there have been other incidents also.
-
05-17-2009, 09:06 AM #6Web Hosting Master
- Join Date
- Apr 2003
- Location
- NC
- Posts
- 3,093
Did you check the logs on the email that was different?
Check the sending server, timestatmps as well (is the time correct?), check incoming server and timestamps. What about the message headers?
When you say "very different" do you mean like truncated or do you mean like entirely new content put into it.
Are you 100% the software actually sending the emails is not the problem? That sounds a lot more likely then anything else.John W, CISSP, C|EH
MS Information Security and Assurance
ITEagleEye.com - Server Administration and Security
Yawig.com - Managed VPS and Dedicated Servers with VIP Service
-
05-17-2009, 09:15 AM #7Temporarily Suspended
- Join Date
- Feb 2006
- Location
- India
- Posts
- 858
The notification was a standard phpBB notification, the mail had some new content added to it. I 'll check the time stamps and headers again , but the sending server seemed to be OK.
I am also facing a problem of truncated emails on some email ids, is there anything I can do about it?
-
05-17-2009, 10:17 AM #8Web Hosting Master
- Join Date
- Apr 2003
- Location
- NC
- Posts
- 3,093
On the truncated emails I would make sure that there are no errors when they are being sent. That sounds like they may be in the process of sending and get stopped 1/2 way through.
John W, CISSP, C|EH
MS Information Security and Assurance
ITEagleEye.com - Server Administration and Security
Yawig.com - Managed VPS and Dedicated Servers with VIP Service
-
05-17-2009, 03:44 PM #9Web Hosting Master
- Join Date
- Aug 2004
- Location
- Karachi, Pakistan
- Posts
- 748
By virtue of the RFC (822/821) email sending/receiving is not encrypted. It can be read by unauthorized people. The only way is encrypting it.
"I drink too much. The last time I gave a urine sample it had an olive in it. ".
Rodney Dangerfield (from "I Get No Respect!").
-
05-18-2009, 09:16 PM #10Temporarily Suspended
- Join Date
- Feb 2006
- Location
- India
- Posts
- 858
Thanks for the inputs. I have checked the headers, there is nothing unusual. Seems to be an expert hacker at work. Can you take legal action? I have lost money because of this problem.
-
05-18-2009, 10:00 PM #11Sec, DC and Virtual Architect
- Join Date
- Nov 2005
- Location
- Denver, CO
- Posts
- 728
Are you sure phpbb hasn't been compromised? wouldn't be the first time it or one of its mods have been an attack vector. Something injected/modified would easily affect templates or the behavior of scripts.
While intercepting emails is a rather trivial task if you have access to the path between two endpoints, it's not overly common (broadband networks like cable/wireless where all clients are on a common segment are an exception). In the data center space however, not so much so.Last edited by CiscoMike; 05-18-2009 at 10:03 PM.
-
05-18-2009, 10:14 PM #12Web Hosting Evangelist
- Join Date
- Oct 2005
- Posts
- 517
Start with a thorough review of your server. Configserver.com's anti-hacker service is worth a try:
http://www.configserver.com/cp/exploit.html
-
05-19-2009, 12:13 AM #13Temporarily Suspended
- Join Date
- Feb 2006
- Location
- India
- Posts
- 858
-
05-21-2009, 07:36 PM #14Junior Guru Wannabe
- Join Date
- Dec 2002
- Posts
- 53
1) Use a SSL certificate to send email to your host.
2) Encrypt your email to the recipient, but they have to be able to decrypt it.
-
05-22-2009, 06:08 AM #15Temporarily Suspended
- Join Date
- Feb 2006
- Location
- India
- Posts
- 858
Since this problem has been going on for some time, I have minimized the number of emails I send, but I am worried about the mails sent to me. There are many mails which I never receive or the message is modified.