Mail Settings Vulnerability

Discussion regarding Joomla! 3.x security issues.

Moderators: Bernard T, mandville, fcoulter, PhilD, General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant / FPA - If you are serious about wanting help, you will use this tool to help you post.
Windows Defender SmartScreen Issues <-- please read this if using Windows 10.
Post Reply
a2zcs
Joomla! Apprentice
Joomla! Apprentice
Posts: 27
Joined: Thu Dec 06, 2012 3:42 am
Location: Oakland, Maine
Contact:

Mail Settings Vulnerability

Post by a2zcs » Wed Mar 18, 2020 1:02 pm

Lately we have been receiving a lot of returned mail with headers indicating one of our sites with the email that is listed (from the installation) in mail settings. So I can only assume that somehow they have been able to get into the site and use the mailer to send spam, collect that information or something.

Is this possible?
Would removing email address from the Mail Setting in the Server Setting screen solve this?

 
Ch3vr0n
Joomla! Explorer
Joomla! Explorer
Posts: 382
Joined: Sat Sep 26, 2009 11:00 pm
Location: Belgium
Contact:

Re: Mail Settings Vulnerability

Post by Ch3vr0n » Wed Mar 18, 2020 4:16 pm

Are you using a contact form on your website and have contacts listed through the joomla contacts component? If so, disable the component. It's widely known for being abused to send spam through the "send a copy to myself" function.

a2zcs
Joomla! Apprentice
Joomla! Apprentice
Posts: 27
Joined: Thu Dec 06, 2012 3:42 am
Location: Oakland, Maine
Contact:

Re: Mail Settings Vulnerability

Post by a2zcs » Wed Mar 18, 2020 5:04 pm

I'm not using the contact component, so not likely that.

User avatar
mandville
Joomla! Master
Joomla! Master
Posts: 14886
Joined: Mon Mar 20, 2006 1:56 am
Location: The Girly Side of Joomla in Sussex

Re: Mail Settings Vulnerability

Post by mandville » Wed Mar 18, 2020 6:56 pm

a2zcs wrote:
Wed Mar 18, 2020 5:04 pm
I'm not using the contact component, so not likely that.
you may not be using it, but you may still have it enabled and spam bots can locate it and send mail using the "me too" function
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}

 

Post Reply

Return to “Security in Joomla! 3.x”