_HASHCASH_ADMINMAILHEADER

x126 · **Joined:** Sun May 07, 2006 8:24 pm **Posts:** 249

A number of spam attempts > 100 has been saved to Joomla! database, please go in admin panel under the component com_securityimages to review logs files.

I started receiving these emails about a week ago.

However - I do NOT have the component Security images installed - I do not use commenting or even allow any users to login to the site.

Ive looked around - in /components/... and administrator/components...

I do not have a folder called com_securityimages in either folder

anyone know where these messages would originate from?

I have a joomla 1.0.12 install - which has been running for about 2 years (definitely over 1 year) without this message

any help would be appreciated - I did search and only found a handfull of posts re: _HASHCASH_ADMINMAILHEADER

fw116 · **Posted:** Mon Jun 23, 2008 4:41 pm

u should read arround...

joomla 1.015 is the newest version... and it has some minor security fixes in it...

also read the forum security stickies..

x126 · **Joined:** Sun May 07, 2006 8:24 pm **Posts:** 249

UM I did read around - Like I mentioned above - I have been using my 1.0.12 install for quit sometime.

are you saying that 1.0.15 specifically resolves the issue?

fw116 · **Posted:** Tue Jun 24, 2008 6:49 pm

no what i mean:

u have been hacked... and with a joomla 1.015 install ur chance to get hacked is quite lower then with the 1.012 because of the ammount of security fixes in it.

thus, i guess that your 1.012 is hacked because of a known security issue...

i would guess someone installed a peace of software somewere in your system and turned your host into a spam host...

also i would say , the error message itself has nothing to do with the hack itself...

madscotsman · **Posted:** Thu Sep 11, 2008 6:21 am

Hi guys,

I am getting the same email messages, and I am using Joomla 1.0.15. Has anyone else got this and if so is there a work arround??

twcmex · **Posted:** Thu Sep 11, 2008 1:23 pm

Where is this email coming from? Can you determine it's authenticity? Have you checked your logs for attacks / attempts? Are there "spam attempts > 100 has been saved to Joomla! database"? If you are on shared hosting, have other sites been receiving this email?

This could be a spoofed email trying to get you to turn off that component(if you had it installed). Take a look at the Security Checklist as a precaution. You may not be 'hacked' at all!...then again....

madscotsman · **Posted:** Tue Sep 23, 2008 12:14 pm

I am still getting the same messages, but it is coming from security images component. The email is sent anytime a number of attempts has been made on your website and the person(s) have got the code wrong! The number of attempts is set in the security images component itself.

If you don't have security images installed, then it could be from any of the other components written by Walter Cedric -

* com_akobookPlus
* com_akocommentPlus
* com_hashcash
* com_Log4php
* com_bayesianSpamFiltering
* joomlacloud
* com_opencomment
* Askimet4Joomla!
* com_securityimages5
* MosSociable
* module rssfriends

Hope this helps

munyah · **Joined:** Mon Aug 11, 2008 9:21 am **Posts:** 4

I think you'll all find this helpful:

http://forums.waltercedric.com/index.php?topic=611.0

lucato · **Posted:** Thu Nov 05, 2009 9:25 am

From the link posted above, Cédric says:

"not an attack but you have more than 100 captcha failed attempt recorded in your database.
Either

Log spam submission to off
OR
Notify admin: to off to avoid receiving emails
OR
increase "Notify when table size:" from 100 to ?
OR
empty the DB logs by "View Logs file", then click on "Empty logs""

So, where do I find these settings?

I'm getting this e-mail with the subject: _HASHCASH_ADMINMAILHEADER

And it shows:

ID: 1
Accepted: No
Date: 2009-05-19 14:25:12
User Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; pt-BR; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET C
IP: 189.***.**.***

What does this e-mail mean? Thanks in advance.

munyah · **Joined:** Mon Aug 11, 2008 9:21 am **Posts:** 4

hi Lucato,

I will tell you how to fix this, then tell you what it all means.

go to admin panel -> security images -> general settings -> logging

when you get there, you can either turn Log spam submission [NO] or Log all [NO] or Notify Admin [OFF] or Increase the Notify when table size.

In short, for every spam blocked, a log is written to a table. When the records reach a certain amount (Notify when table size), it then notifies the admin.

I find it helpful to know when my site is being spam attacked a lot, so that I can take more measures in securing it. I personally empty the log files and then wait to get notified again.

Some prefer to just turn that off because it can get irritating.

Hope this helps you..

lucato · **Posted:** Thu Nov 05, 2009 10:35 am

Hey Munyah, thanks a lot for your info and quick reply.

I'm sorry but I didn't get to find it. Should the "Security Images menu" be at "Site" menu?

Mine Site menu just shows the options:
Control Panel
User Manager
Media Manager
Global Configuration
Logout

Thanks in advance.

munyah · **Joined:** Mon Aug 11, 2008 9:21 am **Posts:** 4

Lucato,

Looks like you're going to the wrong place mate:

Check out the attached screenshots.

After you login to your backend. Go to the Components Menu and then goto Security Images, then Edit General Settings

Good luck

lucato · **Posted:** Fri Nov 06, 2009 7:43 am

Thanks a lot dude. Now with your map I found it. :0)
Let change the stuffs here and see how it goes.
Thanks for your time and help.
Have a nice weekend.

Joomla! Discussion Forums

Forum rules

_HASHCASH_ADMINMAILHEADER

Quick reply

Who is online