vb.org Archive
Page 2 of 2 1 2
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB4 General Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=251)
-   -   How can Spammers abuse my apache sendmail? (https://vborg.vbsupport.ru/showthread.php?t=302369)

mefromspace 09-17-2013 06:37 PM
Quote:
Originally Posted by Zachery (Post 2446273)
There is no such code in the default product.
You referring to me or? what code u referring to?

--------------- Added [DATE]1379446734[/DATE] at [TIME]1379446734[/TIME] ---------------

Quote:
Originally Posted by nhawk (Post 2446288)
There are two places for each usergroup where email can be sent.

1) Can Use Email to a Friend
2) Can Email Members

Be sure both of those are turned off for these usergroups..

Unregistered/Not Logged In
Users Awaiting Email Confirmation
Users Awaiting Confirmation

and optionally..
Registered Users
Any other usergroups you want to turn it off for.
As per: https://vborg.vbsupport.ru/showpost....17&postcount=6

I already triple checked this :)

nhawk 09-17-2013 06:52 PM
I'm pretty sure Zachery was saying there is no code in register.php where email (or the code to send email) can be injected.

And personally I think the techs at your host are making a bad assumption. They are probably seeing a ton of these in your logs..

POST /register.php?do=checkdate
POST /register.php?do=addmember

That is not an injection taking place. That is a bot trying to gain access to your site by guessing at the human verification or whatever other verification scheme you're using.

mefromspace 09-17-2013 08:56 PM
Quote:
Originally Posted by nhawk (Post 2446297)
I'm pretty sure Zachery was saying there is no code in register.php where email (or the code to send email) can be injected.

And personally I think the techs at your host are making a bad assumption. They are probably seeing a ton of these in your logs..

POST /register.php?do=checkdate
POST /register.php?do=addmember

That is not an injection taking place. That is a bot trying to gain access to your site by guessing at the human verification or whatever other verification scheme you're using.
ahhh gotcha now i understand what hes referring to :)

I submitted the server logs from the host and a ticket at vb so time will tell what they get back with of info.:)


All times are GMT. The time now is 04:54 AM.
Page 2 of 2 1 2
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.00952 seconds
  • Memory Usage 1,726KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (3)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (1)pagenav_pagelink
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (3)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete