Email Script Failures - WC1.PHX1
Incident Report for Liquid Web - Cloud Sites
Resolved
This issue has been confirmed to be resolved.
Posted Feb 09, 2018 - 17:03 CST
Monitoring
Earlier today we received notification of scripts failing from some clients sending from WC1.PHX1. We reached out to our Email AUP team and found they had suspected a brute force attack originating from the IP and had subsequently scrambled the passwords for any mailbox attempting to authenticate from the identified IP. We have resolved this issue with the AUP team, however, if you have sites in WC1.PHX1 which have experienced authentication failures when attempting to send from the emailsrvr.com environment, please reset the password on the mailbox the script is targetting to resolve the issue.

How will you know if a script on your website may have been impacted?
*************************
There is no easy answer to this as we have a round-robin configuration on a large number of IPs and only 1 IP was flagged. That being said, here are indicators:

1) Websites will be in WC1.PHX1 (displayed in the website test link as phx1-1.websitetestlink.com/)
2) The script would be authenticating with a mailbox in the emailsrvr.com environment.
3) The script may be logging failures to a location setup by the client.
4) When testing the credentials on a mailbox, it fails to authenticate properly.

We apologize for any inconvenience this may have caused. If you have any questions please reach out to our support team via chat, ticket, or telephone at 1.855.348.9060.
Posted Feb 07, 2018 - 16:58 CST