Site contact email address spammed

Discussion regarding Joomla! 3.x security issues.

Moderators: Bernard T, mandville, fcoulter, PhilD, General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant / FPA - If you are serious about wanting help, you will use this tool to help you post.
Post Reply
sripoll
Joomla! Fledgling
Joomla! Fledgling
Posts: 1
Joined: Fri Sep 04, 2015 5:27 am

Site contact email address spammed

Post by sripoll » Wed Feb 27, 2019 2:51 pm

Hi,

For several days now, the contact address of my site (http://choeurdedicace.fr) has been spammed.
Something like 100 messages per day are sent to the contact@choeurdedicace .fr email address. ALl have a similar form such as :

Sujet :
Le Choeur Dédicace: You have received a new message
De :
Le Choeur Dédicace <webmaster@choeurdedicace .fr>
Date :
27/02/2019 à 13:22
Pour :
contact@choeurdedicace .fr

Ceci est un message expédié via http://choeurdedicace .fr/ par :
anthony. loguarro <anthony. loguarro@aapt. com.au>

You have a new answer to your question. Go to view - https://504348. drive.google.com/open?id= 1h7ZpPahS0ne_15Cv0Tuj_H4S1al6T3yk


I unsuccessfully inspected my site directory tree for weird and potentially hacked files, but found nothing suspect.

Could someone have a look on the FPA output hereafter, and come back with any findings ?
Anticipated thanks.
-- Stéphane --
-----------------------------------------------------------------------------------------------------------------------
Forum Post Assistant (v1.4.8 (koine)) : 27th February 2019 wrote:
Problem Description :: wrote:SPAM emails received
Basic Environment :: wrote:Joomla! Instance :: Joomla! 3.9.3-Stable (Amani) 12-February-2019
Joomla! Platform :: Joomla Platform 13.1.0-Stable (Curiosity) 24-Apr-2013
Joomla! Configured :: Yes | Read-Only (444) | Owner: --protected-- . (uid: /gid: ) | Group: --protected-- (gid: ) | Valid For: 3.9
Configuration Options :: Offline: false | SEF: true | SEF Suffix: false | SEF ReWrite: false | .htaccess/web.config: Yes | GZip: false | Cache: false | CacheTime: 15 | CacheHandler: file | CachePlatformPrefix: false | FTP Layer: false | Proxy: false | LiveSite: | Session lifetime: 15 | Session handler: database | Shared sessions: false | SSL: 0 | Error Reporting: none | Site Debug: false | Language Debug: false | Default Access: 1 | Unicode Slugs: false | dbConnection Type: mysqli | PHP Supports J! 3.9.3: Yes | Database Supports J! 3.9.3: Yes | Database Credentials Present: Yes |

Host Configuration :: OS: Linux | OS Version: 4.4.111-cluster-lts | Technology: x86_64 | Web Server: Apache | Encoding: gzip, deflate | Doc Root: --protected-- | System TMP Writable: Yes | Free Disk Space : 1679.33 GiB |

PHP Configuration :: Version: 7.0.30 | PHP API: cgi-fcgi | Session Path Writable: Yes | Display Errors: 1 | Error Reporting: 22527 | Log Errors To: | Last Known Error: | Register Globals: | Magic Quotes: | Safe Mode: | Open Base: | Uploads: 1 | Max. Upload Size: 32M | Max. POST Size: 32M | Max. Input Time: 60 | Max. Execution Time: 90 | Memory Limit: 192M

Database Configuration :: Version: 5.5.60-0+deb7u1-log (Client:mysqlnd 5.0.12-dev - 20150407 - $Id: b5c5906d452ec590732a93b051f3827e02749b83 $) | Host: --protected-- (--protected--) | default Collation: latin1_swedish_ci (default Character Set: latin1) | Database Size: 73.91 MiB | #of Tables: 360
Detailed Environment :: wrote:PHP Extensions :: Core (7.0.30) | date (7.0.30) | libxml (7.0.30) | openssl (7.0.30) | pcre (7.0.30) | sqlite3 (7.0.30) | zlib (7.0.30) | bcmath (7.0.30) | bz2 (7.0.30) | calendar (7.0.30) | ctype (7.0.30) | curl (7.0.30) | dba (7.0.30) | dom (20031129) | hash (1.0) | fileinfo (1.0.5) | filter (7.0.30) | ftp (7.0.30) | gd (7.0.30) | gettext (7.0.30) | SPL (7.0.30) | iconv (7.0.30) | session (7.0.30) | intl (1.1.0) | json (1.4.0) | mbstring (7.0.30) | mcrypt (7.0.30) | standard (7.0.30) | mysqlnd (mysqlnd 5.0.12-dev - 20150407 - $Id: b5c5906d452ec590732a93b051f3827e02749b83 $) | mysqli (7.0.30) | PDO (7.0.30) | pdo_mysql (7.0.30) | pdo_sqlite (7.0.30) | posix (7.0.30) | pspell (7.0.30) | Reflection (7.0.30) | imap (7.0.30) | shmop (7.0.30) | SimpleXML (7.0.30) | soap (7.0.30) | sockets (7.0.30) | exif (7.0.30) | tokenizer (7.0.30) | wddx (7.0.30) | xml (7.0.30) | xmlreader (7.0.30) | xmlrpc (7.0.30) | xmlwriter (7.0.30) | xsl (7.0.30) | zip (1.13.5) | cgi-fcgi () | imagick (3.4.3) | geoip (1.1.2-dev) | Zend Engine (3.0.0) |
Potential Missing Extensions ::

Switch User Environment (Experimental) :: PHP CGI: Yes | Server SU: Yes | PHP SU: Yes | Custom SU (LiteSpeed/Cloud/Grid): Yes
Potential Ownership Issues: No
Folder Permissions :: wrote:Core Folders :: images/ (755) | components/ (755) | modules/ (755) | plugins/ (755) | language/ (755) | templates/ (755) | cache/ (755) | logs/ (755) | tmp/ (755) | administrator/components/ (755) | administrator/modules/ (755) | administrator/language/ (755) | administrator/templates/ (755) | administrator/logs/ (755) |

Elevated Permissions (First 10) :: public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/administrator/components/com_chronoconnectivity5/chronoconnectivity/plugins/ (777) | public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/administrator/components/com_chronoforms5/chronoforms/fields/ (777) | public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/administrator/manifests/files/CLI_J2XML/ (777) | public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/components/com_cbjuice2/ (777) | public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/components/com_chronoforms5/extras/ (777) | public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/components/com_chronoforms5/extras/pChart/cache/ (777) | public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/components/com_chronoforms5/extras/pChart/examples/imageMap/tmp/ (777) | public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/components/com_chronoforms5/extras/pChart/examples/pictures/ (777) | public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/components/com_coalawebtraffic/ (777) | public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/images/banners/ (777) |
Database Information :: wrote:Database statistics :: Uptime: 26348189 | Threads: 2 | Questions: 12248291726 | Slow queries: 235446 | Opens: 109914014 | Flush tables: 2 | Open tables: 96000 | Queries per second avg: 464.862 |
Extensions Discovered :: wrote:Components :: SITE ::
Core :: com_mailto (3.0.0) 1 | com_wrapper (3.0.0) 1 |
3rd Party:: CB Mamblog Tab (1.2) ? | CB Mambo Author Tab (1.2) ? | Yanc Integration (1.2) ? | WF_AGGREGATOR_DAILYMOTION_TITLE (2.6.36) ? | WF_AGGREGATOR_VIMEO_TITLE (2.6.36) ? | WF_AGGREGATOR_VINE_TITLE (2.6.36) ? | WF_AGGREGATOR_[youtube]_TITLE (2.6.36) ? | WF_FILESYSTEM_JOOMLA_TITLE (2.6.36) ? | WF_LINKS_JOOMLALINKS_TITLE (2.6.36) ? | WF_POPUPS_JCEMEDIABOX_TITLE (2.6.36) ? | WF_POPUPS_WINDOW_TITLE (2.6.36) ? | WF_LINK_SEARCH_TITLE (2.6.36) ? | WF_ANCHOR_TITLE (2.6.36) ? | WF_ARTICLE_TITLE (2.6.36) ? | WF_AUTOSAVE_TITLE (2.6.36) ? | WF_BROWSER_TITLE (2.6.36) ? | WF_CHARMAP_TITLE (2.6.36) ? | WF_CLEANUP_TITLE (2.6.36) ? | WF_CLIPBOARD_TITLE (2.6.36) ? | WF_CONTEXTMENU_TITLE (2.6.36) ? | WF_DIRECTIONALITY_TITLE (2.6.36) ? | WF_EMOTIONS_TITLE (2.6.36) ? | WF_FONTCOLOR_TITLE (2.6.36) ? | WF_FONTSELECT_TITLE (2.6.36) ? | WF_FONTSIZESELECT_TITLE (2.6.36) ? | WF_FORMATSELECT_TITLE (2.6.36) ? | WF_FULLSCREEN_TITLE (2.6.36) ? | WF_HR_TITLE (2.6.36) ? | WF_IMGMANAGER_TITLE (2.6.36) ? | WF_INLINEPOPUPS_TITLE (2.6.36) ? | WF_KITCHENSINK_TITLE (2.6.36) ? | WF_LAYER_TITLE (2.6.36) ? | WF_LINK_TITLE (2.6.36) ? | WF_LISTS_TITLE (2.6.36) ? | WF_MEDIA_TITLE (2.6.36) ? | WF_NONBREAKING_TITLE (2.6.36) ? | WF_PREVIEW_TITLE (2.6.36) ? | WF_PRINT_TITLE (2.6.36) ? | WF_SEARCHREPLACE_TITLE (2.6.36) ? | WF_SOURCE_TITLE (2.6.36) ? | WF_SPELLCHECKER_TITLE (2.6.36) ? | WF_STYLE_TITLE (2.6.36) ? | WF_STYLESELECT_TITLE (2.6.36) ? | WF_TABLE_TITLE (2.6.36) ? | WF_TEXTCASE_TITLE (2.6.36) ? | WF_VISUALBLOCKS_TITLE (2.6.36) ? | WF_VISUALCHARS_TITLE (2.6.36) ? | WF_XHTMLXTRAS_TITLE (2.6.36) ? |

Components :: ADMIN ::
Core :: com_admin (3.0.0) 1 | com_ajax (3.2.0) 1 | com_associations (3.7.0) 1 | com_banners (3.0.0) 1 | com_cache (3.0.0) 1 | com_categories (3.0.0) 1 | com_checkin (3.0.0) 1 | com_config (3.0.0) 1 | com_content (3.0.0) 1 | com_contenthistory (3.2.0) 1 | com_cpanel (3.0.0) 1 | com_fields (3.7.0) 1 | com_finder (3.0.0) 1 | com_installer (3.0.0) 1 | com_joomlaupdate (3.6.2) 1 | com_languages (3.0.0) 1 | com_login (3.0.0) 1 | com_media (3.0.0) 1 | com_menus (3.0.0) 1 | com_messages (3.0.0) 1 | com_modules (3.0.0) 1 | com_newsfeeds (3.0.0) 1 | com_plugins (3.0.0) 1 | com_postinstall (3.2.0) 1 | com_redirect (3.0.0) 1 | com_search (3.0.0) 1 | com_tags (3.1.0) 1 | com_templates (3.0.0) 1 | com_users (3.0.0) 1 | com_weblinks (3.6.0) 1 | com_actionlogs (3.9.0) 1 | com_privacy (3.9.0) 1 |
3rd Party:: AcyMailing Module (3.7.0) 1 | AcyMailing : trigger Joomla Content (3.7.0) ? | AcyMailing Manage text (1.0.0) 1 | AcyMailing Tag : Website links (3.7.0) 1 | AcyMailing : share on social networ (1.0.0) ? | AcyMailing : Statistics Plugin (3.7.0) 1 | AcyMailing table of contents genera (1.0.0) ? | AcyMailing Tag and filter : Communi (3.7.2) ? | AcyMailing Tag and filter : Communi (3.7.2) ? | AcyMailing Tag : content insertion (3.7.0) 1 | AcyMailing Tag : Subscriber informa (5.10.4) ? | AcyMailing Tag : Manage the Subscri (5.10.4) ? | AcyMailing Tag : Date / Time (5.10.4) 1 | AcyMailing Tag : Joomla User Inform (5.10.4) ? | AcyMailing Template Class Replacer (5.10.4) 1 | AcyMailing Editor (5.10.4) 1 | AcyMailing JCE integration (5.10.4) 1 | AcyMailing : (auto)Subscribe during (5.10.4) ? | AcyMailing (5.10.4) 1 | Admintools (3.8.6) 1 | Akeeba (6.4.0) 1 | CBJUICE2 (V2-3.3.1) ? | ChronoConnectivity5 (5.0 RC4) 1 | com_chronoforms5 (5.0.16) 1 | COM_COALAWEBTRAFFIC (1.1.6) 1 | comprofiler (1.9.1) 1 | comprofiler (1.9.1) 1 | com_easybookreloaded (3.3.1) 1 | COM_J2XML (3.3.151.228) 1 | COM_JCE (2.6.36) 1 | JComments (3.0.7) ? | com_jDownloads (3.2.63) 1 |

Modules :: SITE ::
Core :: mod_articles_archive (3.0.0) 1 | mod_articles_categories (3.0.0) 1 | mod_articles_category (3.0.0) 1 | mod_articles_latest (3.0.0) 1 | mod_articles_news (3.0.0) 1 | mod_articles_popular (3.0.0) 1 | mod_banners (3.0.0) 1 | mod_breadcrumbs (3.0.0) 1 | mod_custom (3.0.0) 1 | mod_feed (3.0.0) 1 | mod_finder (3.0.0) 1 | mod_footer (3.0.0) 1 | mod_languages (3.5.0) 1 | mod_login (3.0.0) 1 | mod_menu (3.0.0) 1 | mod_random_image (3.0.0) 1 | mod_related_items (3.0.0) 1 | mod_search (3.0.0) 1 | mod_stats (3.0.0) 1 | mod_syndicate (3.0.0) 1 | mod_tags_popular (3.1.0) 1 | mod_tags_similar (3.1.0) 1 | mod_users_latest (3.0.0) 1 | mod_weblinks (3.6.0) 1 | mod_whosonline (3.0.0) 1 | mod_wrapper (3.0.0) 1 |
3rd Party:: AcyMailing Module (3.7.0) 1 | CB Login (1.9.1) 1 | ChronoForms5 (V5 RC1.2) 1 | MOD_COALAWEBTRAFFIC (1.1.6) 1 | CB Workflows (1.9) 1 | CB Online (1.9) 1 | J51_GridGallery (1.0) 1 | J51_Icons (1.0) 1 | J51_SlideshowModule (1.0) 1 | J51_ThumbsGallery (1.0) 1 | jDownloads Featured (3.2.45) 1 | jDownloads Last Updated (3.2.38) 1 | jDownloads Latest (3.2.38) 1 | jDownloads Most Recently Downloaded (3.2.38) 1 | jDownloads Rated (3.2.42) 1 | jDownloads Related (3.2.38) 1 | jDownloads Stats (3.2.31) 1 | jDownloads Top (3.2.38) 1 | jDownloads Tree (3.2.38) 1 | jDownloads View Limits (3.2.53) 1 | POWr Survey (3.0) 1 | sigplus (1.4.2.18) 1 |

Modules :: ADMIN ::
Core :: mod_custom (3.0.0) 1 | mod_feed (3.0.0) 1 | mod_latest (3.0.0) 1 | mod_logged (3.0.0) 1 | mod_login (3.0.0) 1 | mod_menu (3.0.0) 1 | mod_multilangstatus (3.0.0) 1 | mod_popular (3.0.0) 1 | mod_quickicon (3.0.0) 1 | mod_sampledata (3.8.0) 1 | mod_stats_admin (3.0.0) 1 | mod_status (3.0.0) 1 | mod_submenu (3.0.0) 1 | mod_title (3.0.0) 1 | mod_toolbar (3.0.0) 1 | mod_version (3.0.0) 1 | mod_privacy_dashboard (3.9.0) 1 | mod_latestactions (3.9.0) 1 |
3rd Party:: jDownloads admin stats (3.2.46) 1 |

Libraries :: SITE ::
Core ::
3rd Party:: file_fof30 (3.4.1) ? | Regular Labs Library (18.12.15489) 1 |

Plugins :: SITE ::
Core :: plg_authentication_cookie (3.0.0) 1 | plg_authentication_gmail (3.0.0) 0 | plg_authentication_joomla (3.0.0) 1 | plg_authentication_ldap (3.0.0) 0 | plg_captcha_recaptcha (3.4.0) 0 | plg_captcha_recaptcha_invisible (3.8) 0 | plg_content_emailcloak (3.0.0) 0 | plg_content_fields (3.7.0) 1 | plg_content_finder (3.0.0) 0 | plg_content_joomla (3.0.0) 1 | plg_content_loadmodule (3.0.0) 1 | plg_content_pagebreak (3.0.0) 1 | plg_content_pagenavigation (3.0.0) 1 | plg_content_vote (3.0.0) 1 | plg_content_confirmconsent (3.9.0) 0 | plg_editors-xtd_article (3.0.0) 1 | plg_editors-xtd_fields (3.7.0) 1 | plg_editors-xtd_image (3.0.0) 1 | plg_editors-xtd_menu (3.7.0) 1 | plg_editors-xtd_module (3.5.0) 1 | plg_editors-xtd_pagebreak (3.0.0) 1 | plg_editors-xtd_readmore (3.0.0) 1 | plg_extension_joomla (3.0.0) 1 | plg_fields_calendar (3.7.0) 1 | plg_fields_checkboxes (3.7.0) 1 | plg_fields_color (3.7.0) 1 | plg_fields_editor (3.7.0) 1 | plg_fields_imagelist (3.7.0) 1 | plg_fields_integer (3.7.0) 1 | plg_fields_list (3.7.0) 1 | plg_fields_media (3.7.0) 1 | plg_fields_radio (3.7.0) 1 | plg_fields_sql (3.7.0) 1 | plg_fields_text (3.7.0) 1 | plg_fields_textarea (3.7.0) 1 | plg_fields_url (3.7.0) 1 | plg_fields_user (3.7.0) 1 | plg_fields_usergrouplist (3.7.0) 1 | plg_fields_repeatable (3.9.0) 1 | plg_finder_categories (3.0.0) 1 | plg_finder_contacts (3.0.0) 1 | plg_finder_content (3.0.0) 1 | plg_finder_newsfeeds (3.0.0) 1 | plg_finder_tags (3.0.0) 1 | plg_finder_weblinks (3.6.0) 1 | PLG_INSTALLER_FOLDERINSTALLER (3.6.0) 1 | plg_installer_packageinstaller (3.6.0) 1 | PLG_INSTALLER_URLINSTALLER (3.6.0) 1 | plg_installer_webinstaller (1.1.1) 1 | plg_quickicon_extensionupdate (3.0.0) 1 | plg_quickicon_joomlaupdate (3.0.0) 1 | plg_quickicon_phpversioncheck (3.7.0) 1 | plg_quickicon_privacycheck (3.9.0) 1 | plg_search_categories (3.0.0) 1 | plg_search_contacts (3.0.0) 1 | plg_search_content (3.0.0) 1 | plg_search_newsfeeds (3.0.0) 1 | plg_search_tags (3.0.0) 1 | plg_search_weblinks (3.6.0) 1 | plg_system_cache (3.0.0) 0 | plg_system_debug (3.0.0) 1 | plg_system_fields (3.7.0) 1 | plg_system_highlight (3.0.0) 1 | plg_system_languagecode (3.0.0) 0 | plg_system_languagefilter (3.0.0) 0 | plg_system_log (3.0.0) 1 | plg_system_logout (3.0.0) 1 | plg_system_p3p (3.0.0) 1 | plg_system_redirect (3.0.0) 0 | plg_system_remember (3.0.0) 1 | plg_system_sef (3.0.0) 1 | plg_system_stats (3.5.0) 1 | plg_system_updatenotification (3.5.0) 1 | plg_system_sessiongc (3.8.6) 1 | plg_system_logrotation (3.9.0) 1 | plg_system_privacyconsent (3.9.0) 0 | PLG_SYSTEM_ACTIONLOGS (3.9.0) 0 | plg_twofactorauth_totp (3.2.0) 0 | plg_twofactorauth_yubikey (3.2.0) 0 | plg_user_contactcreator (3.0.0) 0 | plg_user_joomla (3.0.0) 1 | plg_user_profile (3.0.0) 0 | plg_user_terms (3.9.0) 0 | plg_privacy_consents (3.9.0) 1 | plg_privacy_content (3.9.0) 1 | plg_privacy_message (3.9.0) 1 | plg_privacy_user (3.9.0) 1 | plg_privacy_actionlogs (3.9.0) 1 | PLG_ACTIONLOG_JOOMLA (3.9.0) 1 |
3rd Party:: AcyMailing : trigger Joomla Content (3.7.0) ? | AcyMailing Manage text (1.0.0) 1 | AcyMailing Tag : Website links (3.7.0) 1 | AcyMailing : share on social networ (1.0.0) ? | AcyMailing : Statistics Plugin (3.7.0) 1 | AcyMailing table of contents genera (1.0.0) ? | AcyMailing Tag and filter : Communi (3.7.2) ? | AcyMailing Tag and filter : Communi (3.7.2) ? | AcyMailing Tag : content insertion (3.7.0) 1 | AcyMailing Tag : Subscriber informa (5.10.4) ? | AcyMailing Tag : Manage the Subscri (5.10.4) ? | AcyMailing Tag : Date / Time (5.10.4) 1 | AcyMailing Tag : Joomla User Inform (5.10.4) ? | AcyMailing Template Class Replacer (5.10.4) 1 | Authentication - Master User (2.1.1) 1 | ChronoConnectivity5 (V5.0) 1 | Chronoforms5 (V5.0) 1 | plg_content_jce (2.6.36) 1 | plg_content_jcomments (1.0) 1 | Content - jDownloads (3.2.42) 1 | PLG_MP3BROWSER_SYS_NAME (0.4.1) 1 | POWr Shortcodes (3.0) 1 | PLG_CONTENT_RAZZOORGCOUNTDOWN (1.1.1) 1 | Content - Image gallery - sigplus (1.4.2.18) 1 | plg_content_jdownloads_tags_fix (3.2.61) 1 | plg_editors-xtd_jcommentsoff (1.0) 1 | plg_editors-xtd_jcommentson (1.0) 1 | Button - jDownloads Content (3.2.60) 1 | POWr Icon (1.0) 1 | plg_editors-xtd_sliders (7.7.2) 1 | AcyMailing Editor (5.10.4) 1 | plg_editors_codemirror (5.40.0) 1 | plg_editors_jce (2.6.36) 1 | plg_editors_tinymce (4.5.9) 1 | plg_extension_jce (2.6.36) 1 | plg_fields_mediajce (2.6.36) 1 | Smart Search - mp3 Browser Fork (0.4.1) 1 | plg_installer_jce (2.6.36) 1 | JComments - AutoSubscribe (2.2.1) 1 | JComments - Avatar (4.1.8) 0 | jDownloads Example (3.2) 0 | plg_quickicon_akeebabackup (1.0) 1 | plg_quickicon_jce (2.6.36) 1 | plg_quickicon_jcomments (1.0) 1 | plg_search_jcomments (1.0) 1 | plg_search_jdownloads (3.2.32) 0 | System - Admin Tools (3.8.6) 1 | PLG_SYSTEM_AKEEBAUPDATECHECK (1.1) 0 | PLG_SYSTEM_BACKUPONUPDATE (3.7) 1 | manage.myJoomla.com Secure Plugin (n/a) 0 | PLG_CWGEARS (0.5.3) 1 | PLG_CWTRAFFICCLEAN (1.1.6) 1 | PLG_CWTRAFFICCOUNT (1.1.6) 1 | PLG_CWTRAFFICONLINE (1.1.6) 1 | PLG_FORCEPASSWORDCOMPLEXITY (3-1) 1 | PLG_SYSTEM_J2XML (3.4.34.61) 0 | plg_system_jce (2.6.36) 1 | AcyMailing JCE integration (5.10.4) 1 | plg_system_jcomments (1.0) 1 | plg_system_jdownloads (3.2.42) 1 | AcyMailing : (auto)Subscribe during (5.10.4) ? | plg_system_regularlabs (18.12.15489) 1 | plg_system_sliders (7.7.2) 1 | PLG_SYSTEM_VIDEOBOX (4.0.1 RC1) 1 | PLG_SYSTEM_AKEEBAACTIONLOG (1.0) 0 | plg_user_jcomments (1.0) 1 | PLG_VIDEOBOX_HTML5VIDEO (4.0.1 RC1) 1 | PLG_VIDEOBOX_SC (4.0.1 RC1) 1 | PLG_VIDEOBOX_VIMEO (4.0.1 RC1) 1 | PLG_VIDEOBOX_[youtube] (4.0.1 RC1) 1 |
Templates Discovered :: wrote:Templates :: SITE :: beez3 (3.1.0) 1 | J51_Polaris (1.1) 1 | protostar (1.0) 1 |
Templates :: ADMIN :: hathor (3.0.0) 1 | isis (1.0) 1 |
Last edited by sripoll on Wed Feb 27, 2019 3:59 pm, edited 2 times in total.

User avatar
Webdongle
Joomla! Master
Joomla! Master
Posts: 37282
Joined: Sat Apr 05, 2008 9:58 pm

Re: Site contact email address spammed

Post by Webdongle » Wed Feb 27, 2019 3:44 pm

You have an old version of chronoforms and folders set 777. Recommend that you treat your site as hacked viewtopic.php?f=714&t=946026
http://www.weblinksonline.co.uk/
https://www.weblinksonline.co.uk/updating-joomla.html
"The definition of insanity is doing the same thing over and over again, but expecting different results": Albert Einstein

User avatar
PhilTaylor-Prazgod
Joomla! Ace
Joomla! Ace
Posts: 1198
Joined: Sat Aug 20, 2005 12:32 pm
Location: Jersey, Channel Islands
Contact:

Re: Site contact email address spammed

Post by PhilTaylor-Prazgod » Wed Feb 27, 2019 4:39 pm

As I already repeated mentioned on twitter in the last 48 hours...

Some new spam farm is attacking Joomla sites where people have contacts in com_contact

They load your page http://choeurdedicace.fr?option=com_con ... ntact_id=1

They see you have contacts they go to the category http://choeurdedicace.fr/index.php/comp ... Itemid=101

Then onto the contact
http://choeurdedicace.fr/index.php/comp ... Itemid=101

Then they "see" that you have not bothered securing your forms with google reCAPTCHA and then they abuse your form, by abusing the "Send a copy to your address" and then entering their victim's email address in the FROM.

This has been happening for years, the issue recently is that some spam bot is doing this A LOT over the last week, and especially the last 48 hours.

This email is NOT sent from Chronoforms - as evidenced by "Ceci est un message expédié via" which is a core Joomla contact form sentance (in french I guess) - that and the fact I know what Im talking about because Ive now seen 100s of these, all with the same google links.

However, you should take a whole approach, and upgrade Chronoforms too as well as enabling google reCAPTCHA
Phil Taylor - Full Time Joomla/PHP Security Expert
Blue Flame Digital Solutions Limited.
-- https://myJoomla.com/ Multi Award Winning Joomla Security & Auditing Service
-- https://www.phil-taylor.com/

User avatar
JAVesey
Joomla! Hero
Joomla! Hero
Posts: 2045
Joined: Tue May 14, 2013 1:21 pm
Location: Cardiff, Wales, UK
Contact:

Re: Site contact email address spammed

Post by JAVesey » Wed Feb 27, 2019 5:17 pm

sripoll wrote:
Wed Feb 27, 2019 2:51 pm
Elevated Permissions (First 10) :: public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/administrator/components/com_chronoconnectivity5/chronoconnectivity/plugins/ (777)
This directory structure :eek:
John V
Cardiff, Wales, UK
Uses Joomla 3.9.11 and PHP7.3

User avatar
Webdongle
Joomla! Master
Joomla! Master
Posts: 37282
Joined: Sat Apr 05, 2008 9:58 pm

Re: Site contact email address spammed

Post by Webdongle » Wed Feb 27, 2019 7:06 pm

Because of the 777 folders and you have several old extensions
AcyMailing
Chronoforms
jDownloads
And possibly others
I suggest you treat as hacked.
http://www.weblinksonline.co.uk/
https://www.weblinksonline.co.uk/updating-joomla.html
"The definition of insanity is doing the same thing over and over again, but expecting different results": Albert Einstein


Post Reply

Return to “Security in Joomla! 3.x”