Trouble with spammers accessing Contact link

Discussion regarding Joomla! 3.x security issues.

Moderators: Bernard T, mandville, fcoulter, PhilD, General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant / FPA - If you are serious about wanting help, you will use this tool to help you post.
User avatar
PhilTaylor-Prazgod
Joomla! Ace
Joomla! Ace
Posts: 1145
Joined: Sat Aug 20, 2005 12:32 pm
Location: Weymouth, UK
Contact:

Re: Trouble with spammers accessing Contact link

Postby PhilTaylor-Prazgod » Tue Jun 12, 2018 3:47 pm

umbrellax2 wrote:spammers are sending AUTOMATED emails through my Joomla 3.8 sites using a form captcha doesn't seem to work on.


I do not believe you. I believe the code. Facts are facts. If the Google reCaptcha is set up correctly then the form cannot be used to spam.

umbrellax2 wrote:Clients are complaining (and asking, "Why don't we switch to Wordpress?"), so I'm just trying to fix the problem.


Your problem not Joomla's.

umbrellax2 wrote:At my host, InMotion Hosting, advanced support has resorted to using htaccess to block certain links which don't even exist in our pathing structure(!)


Yes, pathetic webhosts like to do pathetic things.

umbrellax2 wrote:Since I have about 80 active sites, rewriting htaccess every time we find this happening seems clumsy and heavy handed to me.


Then CORRECTLY set up your sites with Google reCaptcha version 2.x

umbrellax2 wrote:So, back to a solution. Any other ideas anyone?


So have you stopped blaming Joomla for being vulnerable?

If you can PROVE that you have set up Google Recaptcha v2 correctly in your Joomla site, and you can PROVE that spammers are submitting that form, and passing the captcha, then I would be interested. However. I have investigated several of these today across many webhosts and many sites, and the traffic is all the same, and the solution, - well you dont like it, but is to set up the CAPTCHA correctly. As soon as that is done the traffic continues, but the form submissions are abandoned as they do not pass validation. I have repeated this on many sites on many servers globally in the last 24 hours. Facts.
Phil Taylor - Full Time Joomla/PHP Security Expert
Blue Flame Digital Solutions Limited.
-- https://myJoomla.com/ Multi Award Winning Joomla Security & Auditing Service
-- https://www.phil-taylor.com/

User avatar
PhilTaylor-Prazgod
Joomla! Ace
Joomla! Ace
Posts: 1145
Joined: Sat Aug 20, 2005 12:32 pm
Location: Weymouth, UK
Contact:

Re: Trouble with spammers accessing Contact link

Postby PhilTaylor-Prazgod » Tue Jun 12, 2018 4:06 pm

You might also want to fix your incompatible template which is incompatible with the version of Joomla you have upgraded to.

This is leaking information (Information Disclosure) on every 404 page...

EG:
https://www.hummersportspark.com/radsasdfasdf

Warning: require_once(/home/[redacted]/public_html/libraries/joomla/document/html/renderer/head.php): failed to open stream: No such file or directory in /home/[redacted]/public_html/templates/gantry/error.php on line 85
Phil Taylor - Full Time Joomla/PHP Security Expert
Blue Flame Digital Solutions Limited.
-- https://myJoomla.com/ Multi Award Winning Joomla Security & Auditing Service
-- https://www.phil-taylor.com/

User avatar
PhilTaylor-Prazgod
Joomla! Ace
Joomla! Ace
Posts: 1145
Joined: Sat Aug 20, 2005 12:32 pm
Location: Weymouth, UK
Contact:

Re: Trouble with spammers accessing Contact link

Postby PhilTaylor-Prazgod » Tue Jun 12, 2018 4:10 pm

You might also want to remove the sample data from your database manually - as at the moment your site is polluted with that too

https://www.hummersportspark.com/compon ... Itemid=435
Phil Taylor - Full Time Joomla/PHP Security Expert
Blue Flame Digital Solutions Limited.
-- https://myJoomla.com/ Multi Award Winning Joomla Security & Auditing Service
-- https://www.phil-taylor.com/

User avatar
brian
Joomla! Master
Joomla! Master
Posts: 11620
Joined: Fri Aug 12, 2005 7:19 am
Location: Leeds, UK
Contact:

Re: Trouble with spammers accessing Contact link

Postby brian » Tue Jun 12, 2018 4:27 pm

The problem as Phil has stated is that you have not deleted the sample test data.

That is why you have core joomla contacts, newsfeeds, weblinks on your site

Just because you dont have a menu link to something doesnt mean that a published item can not be loaded.

To start with your search box will reveal the sample data

And going to index.php?option=com_newsfeeds or index.php?option=com_contacts or index.php?option=com_weblinks will display any of that PUBLISHED sample data

So I am betting 100% that as I can see you are breezing forms for your contact form you forgot to unpublish/delete the sample data for the contacts as well and did not have capthca enabled on that component.

Finally if you check the links on your site that google has indexed you will see that google has indexed that sample data. So it can easily be found by anyone that way. (Not even commenting about duplicate content and SEO penalties).
"Exploited yesterday... Hacked tomorrow"
Blog http://brian.teeman.net/
Joomla Hidden Secrets http://hiddenjoomlasecrets.com/

umbrellax2
Joomla! Apprentice
Joomla! Apprentice
Posts: 33
Joined: Fri Apr 30, 2010 2:14 pm

Re: Trouble with spammers accessing Contact link

Postby umbrellax2 » Tue Jun 12, 2018 5:03 pm

Brian,

Thank you for your constructive comments. I have done through and deleted the sample data (all I could find anyway). Not sure this will help with the spammer issue.

This may be unrelated, but can you tell me why I get this error on any non-existing link like http://www.HummerSportsPark.com/junk

Warning: require_once(/home/kupdaxqu/public_html/libraries/joomla/document/html/renderer/head.php): failed to open stream: No such file or directory in /home/kupdaxqu/public_html/templates/gantry/error.php on line 85

We are seeing this on a few of our sites. We use Gantry Template and Gantry 4 (both compatible with Joomla 3.8 I believe).

User avatar
brian
Joomla! Master
Joomla! Master
Posts: 11620
Joined: Fri Aug 12, 2005 7:19 am
Location: Leeds, UK
Contact:

Re: Trouble with spammers accessing Contact link

Postby brian » Tue Jun 12, 2018 5:13 pm

It is as Phil said - you are using an old version of gantry. Version 4 is very old and you need to upgrade that http://gantry.org/downloads

You still have to delete the sample contacts
https://www.hummersportspark.com/compon ... Itemid=435
"Exploited yesterday... Hacked tomorrow"
Blog http://brian.teeman.net/
Joomla Hidden Secrets http://hiddenjoomlasecrets.com/

User avatar
mandville
Joomla! Master
Joomla! Master
Posts: 14576
Joined: Mon Mar 20, 2006 1:56 am
Location: The Girly Side of Joomla in Sussex

Re: Trouble with spammers accessing Contact link

Postby mandville » Tue Jun 12, 2018 5:15 pm

umbrellax2 wrote: Clients are complaining (and asking, "Why don't we switch to Wordpress?"), so I'm just trying to fix the problem.

https://www.google.com/search?q=contact ... +wordpress

So, back to a solution. Any other ideas anyone?

disable send copy
compare send copy enabled with disabled
compare captcha on the above
use another contact form.
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}

User avatar
brian
Joomla! Master
Joomla! Master
Posts: 11620
Joined: Fri Aug 12, 2005 7:19 am
Location: Leeds, UK
Contact:

Re: Trouble with spammers accessing Contact link

Postby brian » Tue Jun 12, 2018 5:18 pm

@mandville the problem was that they were NOT using the core contact form. They are using breezing forms. Captcha is setup on breezing forms but not on the core contact form and there were sample contact pages still accessible.
"Exploited yesterday... Hacked tomorrow"
Blog http://brian.teeman.net/
Joomla Hidden Secrets http://hiddenjoomlasecrets.com/

User avatar
mandville
Joomla! Master
Joomla! Master
Posts: 14576
Joined: Mon Mar 20, 2006 1:56 am
Location: The Girly Side of Joomla in Sussex

Re: Trouble with spammers accessing Contact link

Postby mandville » Tue Jun 12, 2018 5:27 pm

thanks, got that from your posts which crossed with mine.
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}

umbrellax2
Joomla! Apprentice
Joomla! Apprentice
Posts: 33
Joined: Fri Apr 30, 2010 2:14 pm

Re: Trouble with spammers accessing Contact link

Postby umbrellax2 » Tue Jun 12, 2018 5:37 pm

Brian,

According to Rockettheme, Gantry 4 IS compatible with Joomla 3.8.

http://www.rockettheme.com/joomla-templ ... ity-matrix

(NOTE: I have deleted all the contact categories now - I had to rename them or it wouldn't delete them.)

But back to my question, any ideas on the error on missing links? I found a solution a while back, but now it's eluding me. ;-)

Thanks again!

User avatar
PhilTaylor-Prazgod
Joomla! Ace
Joomla! Ace
Posts: 1145
Joined: Sat Aug 20, 2005 12:32 pm
Location: Weymouth, UK
Contact:

Re: Trouble with spammers accessing Contact link

Postby PhilTaylor-Prazgod » Tue Jun 12, 2018 5:40 pm

Your TEMPLATE is not compatible.

Just DELETE the line that attempts to include

libraries/joomla/document/html/renderer/head.php

on line 85 of the file /templates/gantry/error.php

Simple.
Phil Taylor - Full Time Joomla/PHP Security Expert
Blue Flame Digital Solutions Limited.
-- https://myJoomla.com/ Multi Award Winning Joomla Security & Auditing Service
-- https://www.phil-taylor.com/

umbrellax2
Joomla! Apprentice
Joomla! Apprentice
Posts: 33
Joined: Fri Apr 30, 2010 2:14 pm

Re: Trouble with spammers accessing Contact link

Postby umbrellax2 » Tue Jun 12, 2018 6:01 pm

Phil,

Thank you. I finally did find the Rockettheme post on this.

http://www.rockettheme.com/forum/gantry ... rror-pages

Apparently they have updated all their templates EXCEPT the one we use, the Gantry 4 Base Template, which I assumed *wrongly* would be the most future-compatible.

I will again attempt to get reCaptcha working on that site, turn off the htaccess block to the link and see if it still allows spammer access.

favdes
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 131
Joined: Wed Dec 18, 2013 10:47 am

Re: Trouble with spammers accessing Contact link

Postby favdes » Wed Jun 13, 2018 5:29 am

We are having problems with spammers appearing to send messages through our Joomla sites as well. Has anyone come up with a solution yet?

We're just testing the removing the default contacts from each installation and things look good so far.

umbrellax2
Joomla! Apprentice
Joomla! Apprentice
Posts: 33
Joined: Fri Apr 30, 2010 2:14 pm

Re: Trouble with spammers accessing Contact link

Postby umbrellax2 » Wed Jun 13, 2018 3:52 pm

We turned the Contacts Form off completely on all of our sites with this issue (Contacts/Options at the top right). Never used that form on any of the 120+ Joomla sites we've built. ;-)

To us, it is just another sneaky way to send spam emails if you haven't setup reCaptcha v2 specifically for Contacts.

User avatar
brian
Joomla! Master
Joomla! Master
Posts: 11620
Joined: Fri Aug 12, 2005 7:19 am
Location: Leeds, UK
Contact:

Re: Trouble with spammers accessing Contact link

Postby brian » Wed Jun 13, 2018 3:56 pm

Hopefully you will check all those sites to make sure you don't have sample content still published on them as well
"Exploited yesterday... Hacked tomorrow"
Blog http://brian.teeman.net/
Joomla Hidden Secrets http://hiddenjoomlasecrets.com/

umbrellax2
Joomla! Apprentice
Joomla! Apprentice
Posts: 33
Joined: Fri Apr 30, 2010 2:14 pm

Re: Trouble with spammers accessing Contact link

Postby umbrellax2 » Wed Jun 13, 2018 8:15 pm

Brian, I have checked about 15 sites now, only that one and one other had demo content. We'll keep an eye out. Thanks.


Return to “Security in Joomla! 3.x”

Who is online

Users browsing this forum: ehoward and 3 guests