A few weeks ago, some students found themselves missing emails from their professors. Florida Southern College’s faculty was quick to notice that some of their emails were not getting through.
“A couple people emailed me that they were having trouble sending emails off campus,” John Thomas, chief information officer at FSC, said.
The problem was looked into, and it was discovered that the faculty email had been blacklisted.
Sites normally get blacklisted for sending out things that other sites do not want, like spam.
“So what happens is you get on these blacklists and then your email can’t go to external sources,” Thomas said.
The FSC Technology department investigated what had happened to get the site blacklisted.
“So, in this case what happened was there was an infected computer on campus,” Thomas said.
Thomas said that the computer did not belong to FSC. Rather, it was an outside computer that connected to the wireless network. When the computer connected to the FSC’s wireless network, it infected the site, which in turn affected the email.
“Actually, when we delved into it further, it wasn’t actually sending out spam, but it was sending out signals that appeared to be spam,” Thomas said.
The signals were what had gotten the site blacklisted. Student emails were not affected because they were housed on a different system.
This was not the first time that a virus affected FSC. In the communications department, a virus attached itself to fscsouthern.com, a server that houses The Southern website and online projects for the communications department.
Professor William Allen, assistant professor of communications, was in charge of getting it back on track.
“What they did was automate this one piece of code and to push it onto every php file inside our application, but also on every individual post, and every individual page,” Allen said.
The code would then redirect users to another site.
“[I] basically had to reload all the applications,” Allen said. “I had to go through every individual page. I opened it up in Dreamweaver and did a find and replace.”
The fix for the faculty email was different. A search was made for the infected computer’s MAC address.
The site that had originally blacklisted the school gave some information that the school could go on.
Once the MAC address was found, it allowed the department to find the signal that the computer was sending out.
“We got that information, so what we do is we block access to that computer,” Thomas said. “So that computer cannot get on our network.”
Once the computer was blocked, the school was able to request that the site be taken off the blacklist and the problem was resolved.
“You have to resolve the problem first, otherwise you go right back on the blacklist,” Thomas said. “If you do it a bunch of times, then they won’t de-list you.”
The school was already scheduled to work on the network soon.
“We’re doing some behind-the-scenes network work over the holidays that we scheduled,” Thomas said.
In light of the recent problem, the school is considering options which will prevent the situation from repeating itself. One such making the email server separate from the site.
If one becomes infected, the other will not.
“That doesn’t mean we don’t want deal with the infected computer on campus, but it doesn’t become such an urgent issue,” Thomas said.
The school is still looking at the correct solution, but will most likely hold off until the semester ends.
“Right in the middle of the semester, we try not to make those big changes,” Thomas said.
Photo by Leah Schwarting