:: Forums ⇒

Spam being sent from my domain - is it DragonFly?

#1: Spam being sent from my domain - is it DragonFly? Author: rosbif, Location: Paris, France

Posted: Wed Dec 23, 2009 9:10 pm
----
I am suddenly receiving 50-60 emails bounced back to me per hour from my domain where I have DragonFly hosted. My host support (Site5) is telling me it is a script on my index.html page that has a security hole. They think it is the 'send to a friend' link being used.

Here is the reply from my host:

Quote::

X-PHP-Script: www.chantillyexpat.com/index.php for 200.177.228.4

I have checked this site and it looks like you have "send to a friend"
links on your articles. It appears that this is being abused to send out a large amount of messages. Are all of the bouncebacks trying to be sent to marketingexpert @ krim.ws or are they to random email addresses? Thanks. Here are the logs of the message being sent from the server:

2009-12-23 13:45:44 1NNX9O-00086Z-NN <= chantill @ milton.site5.com U=chantill P=local S=1064 id=0aebd4e2c99732724736ca7e14443728@www.chantillyexpat.com
2009-12-23 13:45:46 1NNX9O-00086Z-NN ** marketingexpert @ krim.ws R=lookuphost T=remote_smtp: SMTP error from remote mail server after RCPT TO:<marketingexpert@krim.ws>: host mx1.hqhost.net
[88.214.192.192]: 550 5.1.1 <marketingexpert@krim.ws>... User unknown
2009-12-23 13:45:46 1NNX9W-000888-Eo <= <> R=1NNX9O-00086Z-NN U=mailnull P=local S=2052
2009-12-23 13:45:47 1NNX9O-00086Z-NN Completed

He also said:

Quote::

The spam is definitely originating from the script running on your site at index.php. It is possible that there is a security hole in the application that is allowing remote users to send spam. I would suggest updating the script and any plug-ins/modules to the latest versions.

Any ideas?

#2: Re: Spam being sent from my domain - is it DragonFly? Author: Dizfunkshunal,

Posted: Wed Dec 23, 2009 9:27 pm
----
can you send me a copy of you index.php? pm it do not post it in the forums.

and i can see all your debug info which should only be seen by admin !!!
error in template.

#3: Re: Spam being sent from my domain - is it DragonFly? Author: rosbif, Location: Paris, France

Posted: Wed Dec 23, 2009 9:31 pm
----
done

#4: Re: Spam being sent from my domain - is it DragonFly? Author: Dizfunkshunal,

Posted: Wed Dec 23, 2009 9:45 pm
----
disable the Tell a friend module until you can put captcha in it or set it to registered users only. index.php is fine at least i didn't see anything out of sorts.

Send to a friend in news to

#5: Re: Spam being sent from my domain - is it DragonFly? Author: rosbif, Location: Paris, France

Posted: Wed Dec 23, 2009 9:47 pm
----
My Tell a Friend has captcha already. I presume I need to remove the link to 'send to a friend' from the articles?

My host has blocked the IP address that was sending these emails and I've done the same in DF. Is there anything else I can do?

#6: Re: Spam being sent from my domain - is it DragonFly? Author: Dizfunkshunal,

Posted: Wed Dec 23, 2009 9:48 pm
----
Send to a friend in the news

there not stupid spammers i mean they use proxy or zombies.

#7: Re: Spam being sent from my domain - is it DragonFly? Author: Dizfunkshunal,

Posted: Wed Dec 23, 2009 9:51 pm
----
send me your_theme/templates/ footer.html to so i can fix the bottom.

#8: Re: Spam being sent from my domain - is it DragonFly? Author: rosbif, Location: Paris, France

Posted: Wed Dec 23, 2009 9:51 pm
----
SO I need to edit some file to stop the send to a friend link?

#9: Re: Spam being sent from my domain - is it DragonFly? Author: Dizfunkshunal,

Posted: Wed Dec 23, 2009 9:52 pm
----
or add captcha to it im not sure how to add the captcha but you could comment out the send a friend links

What theme are you using?

#10: Re: Spam being sent from my domain - is it DragonFly? Author: rosbif, Location: Paris, France

Posted: Wed Dec 23, 2009 10:08 pm
----
I've removed the link from the template file for now. No idea how to add a captcha to it. This seems a pretty serious hole!

#11: Re: Spam being sent from my domain - is it DragonFly? Author: rosbif, Location: Paris, France

Posted: Wed Dec 23, 2009 10:10 pm
----
I've pm'd you my footer too. What's up with that??

#12: Re: Spam being sent from my domain - is it DragonFly? Author: Dizfunkshunal,

Posted: Wed Dec 23, 2009 10:57 pm
----
all the debug info at bottom should only be seen by admin not everyone
fixed and sent back
I think there is a thread running around here that shows how to add captcha.

#13: Re: Spam being sent from my domain - is it DragonFly? Author: rosbif, Location: Paris, France

Posted: Thu Dec 24, 2009 9:49 am
----
Thanks Diz.. I've removed the link to send a friend and renamed the friend.php file but I am still getting bounced back messages - 150 overnight so I dread to think how many got through...

What else can I do?

#14: Re: Spam being sent from my domain - is it DragonFly? Author: Dizfunkshunal,

Posted: Thu Dec 24, 2009 3:37 pm
----
You removed the ability to tell a friend. All you really can do now is figure out how to add captcha. this thread might help you dragonflycms.org/Forum...t=captcha/

#15: Re: Spam being sent from my domain - is it DragonFly? Author: NanoCaiordo, Location: Melbourne, AU

Posted: Sat Dec 26, 2009 5:43 am
----
PHP installed on your server its already patched with php mail headers but its not picking up the correct file.

Quote::

X-PHP-Script: www.chantillyexpat.com/index.php for 200.177.228.4

Try to use the attached includes/classes/phpmailer.php at least you will know which file is actually been abused.

This file will be included in 9.2 and 10.

-> Security

All times are GMT

Go to page 1, 2 Next :| |: Page 1 of 2