Store Community Support Documentation

Dear All, 

I am seeing a strange issue since 2 weeks, All our site registered users are getting spam emails which appears as if it is originated from us as it uses the same email configurations which I have on our site, including From address and signature. I tried changing the signature a couple of times and I see that it picks up the latest signature always, so it has nothing to do with SMTP server, I feel that external spammers are making use of mail service on our site which uses latest mail configurations to send spam emails to all our users. 

Can anybody guide me on how to identify and block the spammers. 

P.S. The spammer is external and not registered on our site for sure. 

spirog
#49

https://github.com/PHPfox-Official/phpfox-v4-issues/issues/2406

 

i wonder if this can expose email spam too, by changing the line of code somehow ?

If it was chaged for user groups via /_ajax/ call ???

 

Users whose user group does not have permission to edit all statuses can still edit all statuses via a manual /_ajax/ call.

Steps to reproduce:

  1. Ensure that "Can edit all user status?" is disabled on the user group settings for "Feed" and that a user is logged in.
  2. Retrieve the feed id for a status by another user via the page source under . _app_user_status.
  3. Make the call the edit the status.

please read more if anyone can test if someone who knows the coding can use an ajax call to send emails ?

spirog
#50

also I wonder if this can Exploit admin access ??

 

 

JohnJr
#51

Well just removing the menu does not stop anyone from going to the page.  That has been a phpfox issue since the beginning of V4.  There use to be the ability to "disallow_access through the phpfox_menu table but they kept taking stuff away and that just disappeared one day as well. 

#52

Hi john,

And everyone .It's been a little bit .I've been tied up with other things for a while. 

I have a question for you ?

Are these users that have signed up and sending spam to all users (including admin) in phpfox script 

Or

They are not logging into phpfox script and your just getting spam emails to your admin account .??

HI Spirog, 

They are not coming from registered users. However, the spam email which we recieve shows the "FROM" address as configured in Mail settings. 

#53

Hi john,

And everyone .It's been a little bit .I've been tied up with other things for a while. 

I have a question for you ?

Are these users that have signed up and sending spam to all users (including admin) in phpfox script 

Or

They are not logging into phpfox script and your just getting spam emails to your admin account .??

HI Spirog, 

They are not coming from registered users. However, the spam email which we recieve shows the "FROM" address as configured in Mail settings. 

#54

Sorry for double post

Last update on October 14, 8:39 am by srny.
#55

 

John, 

It goes to all of them. 

JohnJr
#56

Can you post an example?  Removing your domain of course :)

#57

Sure John, 

I have an admin user and registered users on my site mydomain.com and mail settings include: From address (support@domain.com) and AWS SES SMTP server details and credentials. 

All users were getting spam emails as if it is sent from support@domain.com and signature as configured in mail settings. If I change the signature, I get spam emails with latest updated signature. 

Sample spam email which I received 2 hours back looks like below.

Subject: 

Suggestions: Trompok, Angar, Killian and Gnar Norfolk island

Body:

Email: ivanechuk.nina@mail.ru

------------------------------------------------------- -----
Subsequently, they superficially enter vesicles, which bud nutty from the soign‚e section. Asbestos- containing ore is mined, crushed, and milled to take possession of the fibrous material, which is then processed back into finer fibers. So who would welfare from a groom buy cheap flonase 50 mcg. 
The myenteric plexus is embedded between the outer longitudinal and inner circular muscle layers of the gut, and originally controls gut motility. Aortic stenosis occurs when the aortic valve narrows, causing an barrier between the left ventricle and the aorta. Unlike pIgR, PAFr is spoken ubiquitously on both epithelial and endothelial cells cheap zyvox 600 mg on-line. Prions are mutated forms of a conformist protein start on the side of unfluctuating coarse cells. Surface water that influence should prefer to been introduced into the water come up with, addition a deficiency in treatment of the water, played a pitch place in the outbreak. To your welfare zantac 300 mg without a prescription. 
Either mortal the basic individual wee extra copies for you or play respective copies with you. Local, county or commonwealth scrutiny societies individual lists of doctors and their qualifications. Without water, we would perish in a subject of life order tinidazole 300 mg. The concentration of PHT in cells was reduced to ? in patients expressing MDR1 in conflict to those that did not get across it. It The Wiley-Blackwell Handbook of Psychoneuroimmunology, Original Edition. Crowd apple humor into liquidiser discount sominex 25 mg on line. 
Inspect your medicine cabinets to critique your supplies of over-the-counter medications, such as nuisance relievers, antacids, laxatives and allergy medications, and terminate whether they needfulness replenishing after their running out go out with has passed. Allina Vigorousness Home Oxygen & Medical Trappings is accredited nigh the Community Healthfulness Accreditation Program, Inc. I Novel Weight- reduction Acitvity of Galega Officinalis in Mice order 150 mg bupron sr overnight delivery. With dystonia, dump stabilization is the only viableoption to repair gait. In feedback ful consequences of stressto approaching threat, muscles are primed,notoriety is focused and nerves are readied in support of The immediate responseactionght or ight. Download Binaural Beats Digital Drugs Here buy discount bimat 3ml. 
The break of dawn polio surgeons used tibialstruts23; however, they incorporated slowly and caused diverse tibial fracturesat the graft site. The patient is orig-inally from Key America and came to the Merged States the earlier week. Large Women buy 0.5mg dutasteride with visa. Most medicines today are made in laboratories and numberless are based on substances found in nature. For those looking to farm out a wheelchair or ameliorate lead, assail our medical equipment rentals paginate after additional information. He is moribund buy discount procardia 30 mg online. 
The establishment of medical sphere of influence over opiate, specifically heroin, addiction was more straightforward, for a number of reasons (Berridge 1999). He went on to begin a rabies vaccine that was made from the spinal cords of fanatical rabbits. Does it concern phenergan 25mg generic.    

Kind Regards, 

T T

 

#58

Sorry John.. Appears like its only admin user getting spam.. let me add some more users to new site and let you know in couple of days

JohnJr
#59

You don't have to....it is coming from your contact us link on your home page which is set up by default to accept guest entries.   I can tell by the word "suggestions:" and the row of hyphens.  If you look, you might even see some from "support" or "sales."  Very odd that after at least three years my site being on and off, that all of sudden we are getting these spam "contact us" emails.  But what I am going to do is go ahead and shut off the contact us on the home page and instead set up facebook messenger instead.

https://community.phpfox.com/forum/thread/57390/add-facebook-messenger-to-your-phpfox-site-for-free/

 

#60

You don't have to....it is coming from your contact us link on your home page which is set up by default to accept guest entries.   I can tell by the word "suggestions:" and the row of hyphens.  If you look, you might even see some from "support" or "sales."  Very odd that after at least three years my site being on and off, that all of sudden we are getting these spam "contact us" emails.  But what I am going to do is go ahead and shut off the contact us on the home page and instead set up facebook messenger instead.

https://community.phpfox.com/forum/thread/57390/add-facebook-messenger-to-your-phpfox-site-for-free/

 

 

Thanks John, so only admin user will be getting these spam emails right? and not all registered users? I was more concerned about other registered users getting spam more than me. 

JohnJr
#61

I am pretty sure it is only the email you put in the staff/contact us setting.  That is what confused me because a several months ago I changed the main admin email from John to admin and forgot to change the staff/contact us email setting which was still left as John.  So when I started getting emails to the john address from the admin, I was assuming it was going to registered users because during the few months I must have added back a user with the john address.  So I assumed I was hacked...guess I should never assume right.  I feel stupid now getting all stressed out about it...I should have caught it as I have been around here long enough.  Oh well...I would rather look stupid then have a real hack going on :)

#62

I am pretty sure it is only the email you put in the staff/contact us setting.  That is what confused me because a several months ago I changed the main admin email from John to admin and forgot to change the staff/contact us email setting which was still left as John.  So when I started getting emails to the john address from the admin, I was assuming it was going to registered users because during the few months I must have added back a user with the john address.  So I assumed I was hacked...guess I should never assume right.  I feel stupid now getting all stressed out about it...I should have caught it as I have been around here long enough.  Oh well...I would rather look stupid then have a real hack going on :)

Thanks a lot John.. I realised it is because of contact us app only, as you mentioned rightly "suggesstions", "sales", "support" come from categories of contact us app only. I have disabled it for now. 

 

JohnJr
#63

Well we may have something to look forward to in 4.7.1

Akismet is designed to protect comment and contact form spam.

https://github.com/PHPfox-Official/phpfox-v4-feature-requests/issues/581