Careful not to be hacked within 24 hours, if you secure it the software works
within 24 hours of deploying this incident we were hacked and 20k emails sent out from our AWS SES account. the image deployed thru sendportal is extremely insecure as it doesnt come with any firewalls or security to ensure that the KEYS for smtp arent compromised. once you get past that experience the software is fairly decent for sending out emails to ones subscribers. A good addition would be a way to store images and other documents to be included in the email html rather than finding another storage on the internet for this.
Dear valued customer; We are so sorry to hear about your instance was hacked. We would like you to understand that we listen and improve in anyway we could. We have carefully studied your incident and we believed the hacking was due to access right. Thus we would like to make some recommendations; 1. All inbound ports must be closed and except for those stated in our guide https://www.elyxia.uk/online-help/sendportal-on-aws/. The standard FirewallD would not be able to stop the hack in your case as the hack is done through opened port as we believed. 2. .ENV file must be set to permission 400/440 once the .ENV file is edited as recommedned industry practise. The compromise/hack as we believed was done through .env file. 3. Adding local storage for images and document in the same instances would increase the risk of SendPortal because we will be exposing the address and IP in the email users received. As a counter measure and your valuable feedback, we have built a new security mechanism and will be embedding that into all our upcoming releases. We would like to thank you as your experience has brought important improvement to us.