Getting spammed from "class.phpmailer.php"

Discussion regarding Joomla! 3.x security issues.

Moderators: Bernard T, mandville, fcoulter, PhilD, General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant / FPA - If you are serious about wanting help, you will use this tool to help you post.
Post Reply
imfsub12
Joomla! Apprentice
Joomla! Apprentice
Posts: 41
Joined: Mon Feb 20, 2012 3:02 pm

Getting spammed from "class.phpmailer.php"

Post by imfsub12 » Fri Nov 15, 2019 4:07 pm

Hi My server contacted me today about one of my clients sites on my VPS using the class.phpmailer.php

as they are telling saying we are spamming

1. We are using 3.9.11 (just updating to 3.9.12 at this time)
2. We are using send Mail PHP for the default generic send email out
- just for our sercuity components to push email to me
3. We do not have any online forms at all
4. I'm reading about this "Mail To Friend" what is this
5. My Client is using GMAIL so we are not even using the cPanel email client on the server

How do I solve this?

helpwithjoomla
Joomla! Intern
Joomla! Intern
Posts: 65
Joined: Sat Sep 21, 2019 7:29 pm
Contact:

Re: Getting spammed from "class.phpmailer.php"

Post by helpwithjoomla » Fri Nov 15, 2019 6:01 pm

Have you checked the site for signs of hacking? It may have been hijacked to send out spam.
Joomla Developers Available To Help With Joomla!
https://www.helpwithjoomla.com

imfsub12
Joomla! Apprentice
Joomla! Apprentice
Posts: 41
Joined: Mon Feb 20, 2012 3:02 pm

Re: Getting spammed from "class.phpmailer.php"

Post by imfsub12 » Fri Nov 15, 2019 7:04 pm

I doesn't look like it

I'm using Akeeba Admin Tools

But what is this file they are using? as it seems that this is a joomla file..

User avatar
toivo
Joomla! Master
Joomla! Master
Posts: 11523
Joined: Thu Feb 15, 2007 5:48 am
Location: Suzhou, China

Re: Getting spammed from "class.phpmailer.php"

Post by toivo » Sat Nov 16, 2019 1:43 am

imfsub12 wrote:But what is this file they are using? as it seems that this is a joomla file..
It belongs to the PHPMailer library used by Joomla for sending all emails. This library is also used by third party extensions through Joomla classes and fundtions, even though some third party extensions may have their own versions of PHPMailer, at least in the past.

The file is libraries/vendor/phpmailer/phpmailer/class.phpmailer.php.
Toivo Talikka, Global Moderator

imfsub12
Joomla! Apprentice
Joomla! Apprentice
Posts: 41
Joined: Mon Feb 20, 2012 3:02 pm

Re: Getting spammed from "class.phpmailer.php"

Post by imfsub12 » Sat Nov 16, 2019 1:48 am

I got an email back from my VPS provider and they told me to do this as they are saying that its coming from the Joomla Contact Page.

.htaccess file at the top

ErrorDocument 503 "contact form disabled"
RewriteEngine On
RewriteCond %{QUERY_STRING} ^.*com_contact.*$
RewriteRule .* - [R=503,L]

So even though i'm blocking this Contact Page, I still have the main mailer set to PHP for sending me just emails from Joomla or other basic things. If I require something harder I put it to SMTP. Can they still use it even thought we blocked it in the .htaccess file

User avatar
Per Yngve Berg
Joomla! Master
Joomla! Master
Posts: 26187
Joined: Mon Oct 27, 2008 9:27 pm
Location: Akershus, Norway

Re: Getting spammed from "class.phpmailer.php"

Post by Per Yngve Berg » Sat Nov 16, 2019 10:52 am

Disable the "Send Copy To Myself" Option in the Contact Component. If you don't use any contacts, unpublish them.

Point 5 is your problem. By using a gmail sender address and not one from your site's domain. You have to set SMTP and use Gmail's SMTP server and not your host's SMTP server. With Gmail, you have to create an app password to be able to log Joomla in to the Gmail SMTP server.

https://docs.joomla.org/How_do_I_use_Gm ... _server%3F

imfsub12
Joomla! Apprentice
Joomla! Apprentice
Posts: 41
Joined: Mon Feb 20, 2012 3:02 pm

Re: Getting spammed from "class.phpmailer.php"

Post by imfsub12 » Sat Nov 16, 2019 8:13 pm

Thanks for you email

1. I'm in the Contacts Options I can't seem to find it my client is using joomla 2.5 and I have one that is using 1 (please keep the words kind i know they are obsolete, but I can't get them to upgrade - but if they are still spamming my server they might have to)

I have put on CAPTCHA as said by my SERVER IT Support and then in the COntacts there was a way to add CAPTCHA on it as well.. hope this works

2. As per this Thanks for the info on this
But what I was saying is that I'm using the Standard PHP mail in the Global Config Mail Settings
- So if I change it to SMTP will this stop it all together
-
Per Yngve Berg wrote:
Sat Nov 16, 2019 10:52 am
Disable the "Send Copy To Myself" Option in the Contact Component. If you don't use any contacts, unpublish them.

Point 5 is your problem. By using a gmail sender address and not one from your site's domain. You have to set SMTP and use Gmail's SMTP server and not your host's SMTP server. With Gmail, you have to create an app password to be able to log Joomla in to the Gmail SMTP server.

https://docs.joomla.org/How_do_I_use_Gm ... _server%3F

imfsub12
Joomla! Apprentice
Joomla! Apprentice
Posts: 41
Joined: Mon Feb 20, 2012 3:02 pm

Re: Getting spammed from "class.phpmailer.php"

Post by imfsub12 » Sat Nov 16, 2019 8:16 pm

Is there a way that I can STOP class.phpmailer.php from being accessed?

imfsub12
Joomla! Apprentice
Joomla! Apprentice
Posts: 41
Joined: Mon Feb 20, 2012 3:02 pm

Re: Getting spammed from "class.phpmailer.php"

Post by imfsub12 » Sat Nov 16, 2019 8:24 pm

I have "Send Copy to Submitter" is this it?

User avatar
sozzled
Joomla! Exemplar
Joomla! Exemplar
Posts: 8191
Joined: Sun Jul 05, 2009 3:30 am
Location: Canberra, Australia
Contact:

Re: Getting spammed from "class.phpmailer.php"

Post by sozzled » Sat Nov 16, 2019 8:28 pm

imfsub12 wrote:
Fri Nov 15, 2019 4:07 pm
We are using 3.9.11 (just updating to 3.9.12 at this time)
imfsub12 wrote:
Sat Nov 16, 2019 8:13 pm
I'm in the Contacts Options I can't seem to find it my client is using joomla 2.5 and I have one that is using 1 (please keep the words kind i know they are obsolete, but I can't get them to upgrade - but if they are still spamming my server they might have to)
I am confused. Does your problem relate to J! 3.9.12 or J! 2.5?

It may be better to post the FPA report (to clear up the apparent confusion) for the problem site before going further with the discussion. ;)
https://www.kuneze.com/blog
“If you think I’m wrong then say, ‘I think you’re wrong.’ If you say ‘You’re wrong!’, how do you know?” :)

imfsub12
Joomla! Apprentice
Joomla! Apprentice
Posts: 41
Joined: Mon Feb 20, 2012 3:02 pm

Re: Getting spammed from "class.phpmailer.php"

Post by imfsub12 » Sat Nov 16, 2019 8:50 pm

I have 3 site that are having SPAM Issues using the class.phpmailer.php as per my Hosting company
Joomla
3.9.12 (just updated it to 3.9.13)
2.5
1.5



I do understand that 2 of my site are OLD But I can't even get the spam off my 3.9.13 site..

"It appears there are bots or users abusing your contact form. I would recommend enabling a CAPTCHA on those sites contact for pages or disabling the "send a copy to yourself" feature as that is being abused to send spam mail from your contact form to 3rd parties.
"

sozzled wrote:
Sat Nov 16, 2019 8:28 pm
imfsub12 wrote:
Fri Nov 15, 2019 4:07 pm
We are using 3.9.11 (just updating to 3.9.12 at this time)
imfsub12 wrote:
Sat Nov 16, 2019 8:13 pm
I'm in the Contacts Options I can't seem to find it my client is using joomla 2.5 and I have one that is using 1 (please keep the words kind i know they are obsolete, but I can't get them to upgrade - but if they are still spamming my server they might have to)
I am confused. Does your problem relate to J! 3.9.12 or J! 2.5?

It may be better to post the FPA report (to clear up the apparent confusion) for the problem site before going further with the discussion. ;)

imfsub12
Joomla! Apprentice
Joomla! Apprentice
Posts: 41
Joined: Mon Feb 20, 2012 3:02 pm

Re: Getting spammed from "class.phpmailer.php"

Post by imfsub12 » Sat Nov 16, 2019 9:25 pm



Post Reply

Return to “Security in Joomla! 3.x”