Email Spam?

Discussion regarding Joomla! 3.x security issues.

Moderators: mandville, General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant / FPA - If you are serious about wanting help, you will use this tool to help you post.
Windows Defender SmartScreen Issues <-- please read this if using Windows 10.
Locked
theotterslider
Joomla! Fledgling
Joomla! Fledgling
Posts: 4
Joined: Thu Dec 27, 2012 9:07 pm

Email Spam?

Post by theotterslider » Thu Dec 27, 2012 9:13 pm

All,

First, I hope this is the right place for this. if not, move it where it needs to go.

I have a fresh joomla 3 install (downloaded and installed it 4 days ago).
I finally have everything working so I was looking though my logs today when I noticed instances that looked like:
208.115.113.83 - - [27/Dec/2012:14:33:28 -0500] "GET /index.php?option=com_mailto&tmpl=component&link=aHR0cDovL3d3dy5tYXhzb25zLm9yZy9pbmRleC5waHA/b3B0a W9uPWNvbV9jb250ZW50JnZpZXc9YXJ0aWNsZSZpZD0xOTM2Omx5ZGlhcy0xc3QtZGF5LW9mLXllYXItMS ZjYXRpZD01NzpseWRpYS1tYWtlcy0wMDExJkl0ZW1pZD0xMg== HTTP/1.1" 301 468 http://www.domain.com "-" "Mozilla/5.0 (compatible; Ezooms/1.0; [email protected])" "-"
I did some searching on the internet and found this was a problem with older versions of joomla. I also found this bug report from 2011: http://joomlacode.org/gf/project/joomla ... m_id=24288

My question: Did the bug report fix the problem? Am I just seeing "attempts" at spamming or is it getting through? For now, I've disabled email in the global config. If this is a problem, I'll just block it using htaccess...if it is just attempts then I'm ok with the bogus stuff in the log....

User avatar
pe7er
Joomla! Master
Joomla! Master
Posts: 24929
Joined: Thu Aug 18, 2005 8:55 pm
Location: Nijmegen, Netherlands
Contact:

Re: Email Spam?

Post by pe7er » Fri Dec 28, 2012 4:37 pm

[MOD note: moved from Security in Joomla! 3.0 to Joomla 1.5]

Probably, but you'd better check yourself...
What version do you have? The latest in the Joomla 1.5 range: 1.5.26?

What date/version is stated in your /components/com_mailto/helpers/mailto.php ?
Could you compare it with the date/version of the issue in the bug tracker?
Kind Regards,
Peter Martin, Global Moderator
Company website: https://db8.nl/en/ - Joomla specialist, Nijmegen, Netherlands
The best website: https://the-best-website.com

theotterslider
Joomla! Fledgling
Joomla! Fledgling
Posts: 4
Joined: Thu Dec 27, 2012 9:07 pm

Re: Email Spam?

Post by theotterslider » Sat Dec 29, 2012 7:15 pm

This should be moved back to the Joomla 3 forum as I have joomla 3.0.2.

here's what's in the header of /components/com_mailto/helpers/mailto.php:

/**
* @package Joomla.Site
* @subpackage com_mailto
*
* @copyright Copyright (C) 2005 - 2012 Open Source Matters, Inc. All rights reserved.
* @license GNU General Public License version 2 or later; see LICENSE.txt
*/

No date/no version, etc...

The admin interface reports
Mail to Site Component 3.0.0 April 2006 Joomla! Project N/A 1

Unfortunately, I don't know how to see what version is affected by the bug report I linked to (I don't see a number or version...just a closed status).

User avatar
mandville
Joomla! Master
Joomla! Master
Posts: 15150
Joined: Mon Mar 20, 2006 1:56 am
Location: The Girly Side of Joomla in Sussex

Re: Email Spam?

Post by mandville » Sat Dec 29, 2012 7:26 pm

this is probably more administration than security.
the normal "send page to a friend" link
try this page for how to block that bot
http://graphicline.co.za/blogs/what-is-ezooms-bot
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}

theotterslider
Joomla! Fledgling
Joomla! Fledgling
Posts: 4
Joined: Thu Dec 27, 2012 9:07 pm

Re: Email Spam?

Post by theotterslider » Sat Dec 29, 2012 7:35 pm

Thanks mandville....

I couldn't figure out how to tell if the bug report "fixed" the problem (or if it could be fixed). I'll read the link and apply suggestions.

Edit to add:
While I was waiting for a reply, I had come across that link. I had toyed with the idea of just blocking the thing all together, but wanted to give people a chance to reply.

I think I'll just go ahead and renable the email option AFTER I implement a mod-rewrite rule to block the thing

User avatar
PhilD
Joomla! Hero
Joomla! Hero
Posts: 2737
Joined: Sat Oct 21, 2006 10:20 pm
Location: Wisconsin USA
Contact:

Re: Email Spam?

Post by PhilD » Mon Dec 31, 2012 10:00 pm

This seems to be a possible security issue or a bug and you should officially report it.

Using

Code: Select all

 /index.php?option=com_mailto&tmpl=component&link=aHR0cDovL3d3dy5tYXhzb25zLm9yZy9pbmRleC5waHA/b3B0a W9uPWNvbV9jb250ZW50JnZpZXc9YXJ0aWNsZSZpZD0xOTM2Omx5ZGlhcy0xc3QtZGF5LW9mLXllYXItMS ZjYXRpZD01NzpseWRpYS1tYWtlcy0wMDExJkl0ZW1pZD0xMg== HTTP/1.1" 301 468 http://www.domain.com
brings up an email form in 1.5, 2.5, 3.0 of Joomla.
PhilD

theotterslider
Joomla! Fledgling
Joomla! Fledgling
Posts: 4
Joined: Thu Dec 27, 2012 9:07 pm

Re: Email Spam?

Post by theotterslider » Mon Dec 31, 2012 11:44 pm

PhilD wrote:This seems to be a possible security issue or a bug and you should officially report it.
Stupid question...how?

User avatar
ozneilau
Joomla! Guru
Joomla! Guru
Posts: 872
Joined: Tue Aug 04, 2009 9:05 am
Location: Tasmania, Australia
Contact:

Re: Email Spam?

Post by ozneilau » Fri Jan 04, 2013 1:37 pm

Bugs should be reported at the official bug tracker: http://joomlacode.org/gf/project/joomla ... er_id=8103

Neil.

User avatar
brian
Joomla! Master
Joomla! Master
Posts: 12781
Joined: Fri Aug 12, 2005 7:19 am
Location: Leeds, UK
Contact:

Re: Email Spam?

Post by brian » Fri Jan 04, 2013 2:10 pm

It might bring up the form but the form can not do anything
"Exploited yesterday... Hacked tomorrow"
Blog http://brian.teeman.net/
Joomla Hidden Secrets http://hiddenjoomlasecrets.com/

irantamir
I've been banned!
Posts: 18
Joined: Tue Feb 12, 2013 10:54 pm

Re: Email Spam?

Post by irantamir » Mon Apr 15, 2013 1:48 pm

excuse me i have this problem
is it solved or its joomla bug?

zoikyr
Joomla! Fledgling
Joomla! Fledgling
Posts: 1
Joined: Tue Mar 31, 2015 9:23 pm
Location: Greece
Contact:

Re: Email Spam?

Post by zoikyr » Tue Mar 31, 2015 9:25 pm

i have the same problem


Locked

Return to “Security in Joomla! 3.x”