Dear [your name here],
How are you? I am Fahad Hassen, a php developer from Clearwater working
with website security. I am writing to ask whether you are aware that your
domain configuration has serious security issues which lets anyone use your
email address without your authorization?
Just to prove this to you, I can send an email to you from “your email
address itself”. Do you want me to send an email to you from your mailbox
itself, so you can see the problem?
I found your website while researching the websites using the wp-e-commerce
plugin, as part of a security research to strengthen the plugin’s security.
I also found that your website’s wordpress files are not protected, which
means by right clicking and checking the source code of the website, almost
anybody can figure out the framework you are using (wordpress), its
version, the themes and plugins you are using etc. A competitor or anybody
interested in your site can easily duplicate your site since the whole
structure of your site is exposed. Further, since wordpress is very prone
to hacking and hackers target the open URLs of the system such as wp-admin
and wp-login and other common files, your site is always under the risk of
attack. To overcome this, you will need to takeaway all the traces of a
standard wordpress site, so no attacks/hacking will work on your site. For
anybody viewing the “source”, all they will see is nice and clean HTML and
no traces of wordpress.
I am sure you understand the concerns I have raised, and I can fix these
for you for a very modest fee if you wish. Please let me know.
Thank You and Regards,
Senior PHP Developer
+1 727 474 1044
Clickingz Security Research Lab, Clearwater FL. 33760