News / Security


Prevention of unauthorized access to customer mailboxes

As a part of our security and abuse prevention plan, today we automatically changed the passwords of all mailboxes on our servers, which we found to be insecure. The weak password detection was performed by using automated tools utilizing swaks (Swiss Army Knife SMTP) and simple brute-force attempts, performed on our side against each mailbox.

Weak passwords may result in successful authentication attempts from malicious users which will lead to spam transmitted from our servers through the hacked mailboxes. To prevent this, we will continue to perform such security tests in the future. This will help us fight outgoing spam from our servers, also this will improve the security of the mailboxes of our customers by preventing unauthorized access to their mailboxes and the content there.

We consider weak passwords most popular words, as well as keyboard combinations such as "qwerty"," asdf", "qaz", etc, combinations such as "1234", "abcdef", "aaaa", "11111" and all similar. Also, there are other patterns of weak passwords and hack attempts such as password same as the mailbox username, email user@domain.com with a password "user1", passwords strings "password", "passw0rd", "changeme", etc.

We recommend to all customers to be careful when choosing the password for their mailboxes. A strong password is considered to be a string of at least 8 symbols, which contain letters and numbers. Having upper and lower cases also increases password security, as passwords are case sensitive.

New anti-virus solution

We are glad to announce that we have integrated a new anti-virus feature into our system. When enabled, the anti-virus software will scan all incoming messages. In case viruses are found, the server will not deliver the infected messages to the user's mailbox. This is the most effective and modern anti-virus solution, and will certainly eliminate a lot of junk e-mail on our servers. Customers should have in mind that the anti-virus software is disabled by default and can be enabled from the Mail Manager in the online Control Panel.