Security issue using site shapers.
-
-
- najatuk
- Rocketeer
- Posts: 65
- Thanks: 1
-
I recently experienced a security issue, that apparently according to the Joomla Facebook forum post I have made, others have experienced as well. When installing a Rocket shaper, in my case Myriad, the uncategoprized contact Myriad (installed on the rocketlauncher becomes corrupted and sends spam email in the name of the administrative contact email.
I fouond that one of my sites had been spamming like this:
Mail Delivery System <This email address is being protected from spambots. You need JavaScript enabled to view it.>
18 Jan 2020, 01:16 (4 days ago)
to me
Why is this message in spam? It seems to be an auto-reply to a message that pretended to be sent from your email address.
Report as not spam
This message was created automatically by mail delivery software.
A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:
This email address is being protected from spambots. You need JavaScript enabled to view it.
host smtp-in.orange.fr [193.252.22.65]
SMTP error from remote mail server after end of data:
550 5.2.0 Mail rejete. Mail rejected. ofr_506 [506]
Forwarded message
From: Parque Nacional das Emas <This email address is being protected from spambots. You need JavaScript enabled to view it.>
To: This email address is being protected from spambots. You need JavaScript enabled to view it.
Cc:
Bcc:
Date: Sat, 18 Jan 2020 05:16:46 +0000
Subject: Copy of: Аdult dating american оnline: klurl.nl/?u=i7QvFGh6
This is a copy of the following message you sent to Myriad via Parque Nacional das Emas
This is an enquiry email via parquenacionaldasemas.com/ from:
Аdult onlinе dаting mоbile numbеrs: slimex365.com/sexygirls154008 <This email address is being protected from spambots. You need JavaScript enabled to view it.>
Find yоursеlf а girl for the night in yоur city: xsle.net/sexywoman347966
I tried but was unable to find any corrupted files in the site. Do you know anything about what would cause the contact that you installed to be able to do this? There is only one component installed, and so no plug in or extention on my part should have anything to do with this.
-
-
-
- MrT
- Preeminent Rocketeer
- Posts: 101084
- Thanks: 13481
- Web Designer/Developer
-
I have no idea what a "shaper" is?
But the issue you describe does not come about because of a corruption. When you install a "rocketlauncher" package as part of that we provide a Joomla contact (which the contact form in the demo uses). If you decide not to use the contact form (and therefore don't edit the contact provided) - or you add another contact (and don't delete the contact we provide) then it is possible for hackers to use a standard joomla url to open the joomla contact form using that contact (even if you have no active menu item).
So. To stop the spam simply delete the contact AND remove it from trash.
I also recommend that you should enable recaptcha plugin anyway to stop bots submitting your contact forms anyway.
Regards, Mark. - Please search forums before posting. Please make sure your post includes the version of the CMS you are using and a link to the problem. Annotations on screenshots can also be helpful to explain problems/goals. Please use the "secure" tab for confidential information.
-
Time to create page: 0.055 seconds