Can't Generate API Key

Hello, Yorman.

I am having an issue that is the same as the first person in this ticket. I have changed the email several times in an attempt to see if one is more successful to another, or to simply restart the API request phase. For me, however, it is a green button and not blue.

Everything appears correct, and yet no API key. I get:

Sucuri: Register_site: Invalid email. Not accepted.

galaxysailor.com

email: [email protected]

Thanks so much!

@galaxysailor the API service that powers the plugin is rejecting the email address that you have specified because the host in that address has no “MX records”. Right now if you run a DNS query to retrieve all the records associated to that domain you get something like this:

@     86400  IN  SOA    ns1.lunarservers.com. alerts.lunarpages.com. 2015020504 86400 7200 3600000 86400
@     86400  IN  NS     ns2.lunarservers.com.
@     86400  IN  NS     ns1.lunarservers.com.
@     14400  IN  A      74.50.21.55
@     14400  IN  TXT    "v=spf1 +a +mx +ip4:209.200.246.89 ~all"
www   14400  IN  CNAME  galaxysailor.com.
ftp   14400  IN  A      74.50.21.55
mail  14400  IN  CNAME  galaxysailor.com.

As you can see there is no “MX” record there, there should be one associated to the subdomain “mail”. Considering this you can not use that email address to generate the API key, to fix that you have to either create a MX record from the cPanel of your hosting account, or use an email address hosted in a public service instead of your own website.

Awesome. I have no idea what all of that means but I will figure it out and resolve it ASAP. Thank you so much. Also, I am creeped out as to how easily you got records of my site. I don’t know what a DNS query is, but what I do know is that I have been hacked over and over and over and can’t seem to figure out how to get it to stop. Clearly, I am up against someone or something bigger than myself.

I have gone through and created an MX record and I am still getting the same response from the app.

HA! Got it. It must take time to kick in once the MX is assigned. I am running now. Thanks so much!

@galaxysailor good to know that you were able to fix the issue ??

You were wondering how I was able to get the information of the DNS records associated to your website. First of all this is public information so you do not have to worry about it, there may be methods to allow you to hide this information but it is not worth the effort nor the money.

There is a tool named “Dig (Domain Information Groper)” [1] which is used to query information of the DNS which is the system that allows to associate an IP address to a domain name. For example, your website is hosted in a shared server located in “74.50.21.55”, not many people would remember this address so years ago DNS was introduced to translate a name “galaxysailor.com” to these numbers. If you buy a VPS or a reserved IP address you could simply enter that address in your browser and the site will load just fine, if you do that now it will not work because the IP address is associated to more websites, that is why I know that you have a shared account.

I wrote this script [2] to find the information shown in my previous message. As you can see it was not that hard, there is also the WHOIS [3] database, web scanners like this [4], vulnerability scanners [5], penetration testing frameworks [6], and many other tools that a person could use to gather information of your site for a legitimate security audit or to attack it.

[1] https://en.wikipedia.org/wiki/Dig_%28command%29
[2] https://cixtor.com/pastio/4ifmzv
[3] https://en.wikipedia.org/wiki/Whois
[4] https://sitecheck.sucuri.net/results/galaxysailor.com
[5] https://sectools.org/tag/vuln-scanners/
[6] https://www.metasploit.com/