The Arcive of Official vBulletin Modifications Site.It is not a VB3 engine, just a parsed copy! |
|
#1
|
|||
|
|||
Spam Email
Hi
I am getting a lot of spam sent through my server and I am trying to find the source. If I disable email from the admin CP they stop, so I am assuming it is going through the vbulletin email script somehow. I have fresh vbulletin 4.2 files uploaded and they continue. Is there a way to add something to the php file that sends the mail to get the referring page so I can see how it is getting through? I have also tried to log emails and can't get it to work. I created a folder in forum/Test and make it 777 and even added a file emails_file.log and made it 777. In the admin CP I put: /home/vbaexpress/forum/Test/email_file.log For error handling and logging but nothing is actually logged. I have tried different paths but can't seem to get it to work. Nothing is ever logged. Any help would be appreciated. |
#2
|
|||
|
|||
Someone recently posted about a similar problem and it turned out to be a problem with an add-on. I can't remember which one exactly - something with Gallery in the name, I think?
|
#3
|
|||
|
|||
I don't see any products or plugins with gallery in the name.
|
#4
|
|||
|
|||
I found the thread I was thinking of, it was vbgallery, but it sounds like you don't have that. Have you tried disabling "Allow Users to Email Other Members" under email options in the admincp (is the spam going out to members or to arbitrary addresses)?
To answer one of your questions, in the file includes/functions.php there's the vbmail() function. You could probably edit that file and put in code to log the referer to a file. If you have access to your web server logs you may be able to look there and figure out what's happening. |
#5
|
|||
|
|||
I disabled the usergroup permission to email users and there were a couple more which didn't stop it. If I set the global setting to disable emails then they stop but that would also stop registration emails and such.
--------------- Added [DATE]1375558037[/DATE] at [TIME]1375558037[/TIME] --------------- I tied disabling all plugins just to see and it didn't change anything. |
#6
|
|||
|
|||
Do you have "use mailqueue system" set to "yes". If so, some of the options might not stop the mail right away because you might have a lot queued. When you go to the main admincp page with the stats, do you have anything listed for "Number of Queued E-Mails"?
|
#7
|
|||
|
|||
It is set to yes and if I log in to my server there are queued emails. If I set this to no it wouldn't stop the emails though would it? Just stop them from queuing?
|
#8
|
|||
|
|||
I meant that if for example the "Allow Users to Email Other Members" was what was causing the spam, then setting it to no won't stop the queued mail from going out (maybe that's what you were saying).
If you have a large queue you may want to increase "Number of Emails to Send Per Batch" at least until it's gone. You could also delete the queue by truncating the mail queue database table, but of course you'd lose any legitimate emails as well. |
#9
|
|||
|
|||
Do you have an example of one of the emails? You should be able to tell from the format if it's coming from users emailing each other, or if someone's managed to hack things to send out arbitrary emails.
|
#10
|
|||
|
|||
here is the header:
Date: Sat, 03 Aug 2013 14:50:28 -0500 From: "Logistics Services" <no_reply@pubinposte.com> To: pircolator@aol.com Subject: Order Information Content-Type: multipart/alternative;boundary="----------137555942851FD5F0411218" Message-Id: <E1V5hqO-0007Bd-85@server.vbaexpress.com> Mime-Version: 1.0 Received: from vbaexpr1 by server.vbaexpress.com with local (Exim 4.80.1) (envelope-from <vbaexpr1@server.vbaexpress.com>) id 1V5hqO-0007Bd-85 for pircolator@aol.com; Sat, 03 Aug 2013 14:50:28 -0500 Return-Path: vbaexpr1@server.vbaexpress.com Sender: vbaexpr1@server.vbaexpress.com X-Mailer: FastMailer/Webmail(versionSM/1.2.6) X-PHP-Script: vbaexpress.com/ for 127.0.0.1 And here is the body: ------------137555942851FD5F0411218 Content-Type: text/plain; charset="ISO-8859-1"; format=flowed Content-Transfer-Encoding: 7bit If the links are not working, please move message to "Inbox" folder. DHL DHL Notification Your parcel has arrived on July 29th. Courier was unable to deliver the parcel to you. To get additional info about this shipment use any of these options: 1) Click the following URL in your browser: Get Shipment Info 2) Enter the shipment number on tracking page: Tracking Page For further assistance, please call DHL Customer Service. For International Customer Service, please use official DHL site. Disclaimer: This message was created by DHL System. No authentication of email address has been performed. Deutsche Post DHL 2013 DHL International GmbH. All rights reserved. ------------137555942851FD5F0411218 Content-Type: text/html; charset="ISO-8859-1"; Content-Transfer-Encoding: 7bit <html> <body> <font style="margin-left: 7px;"> If the links are not working, please move message to "Inbox" folder. </font> <br> <div style="background-color:#FFCC00;width:410px;height:50px;"> <font style="background-color:#FFCC00;font-family: Arial Black, Gadget, sans-serif; font-weight:bold;"> <font style="color:#D60915; font-size: 35px; margin-left: 310px; font-style:italic"> DHL </font> </font> </div> <div style="background-color:#D60915;width:410px;height:25px;"></div> <div style="position: relative;left: 20px; font-family:Arial,serif;font-size:13"> <br> <b>DHL Notification</b><br> <br> Your parcel has arrived on July 29th. Courier was unable to deliver<br> the parcel to you.<br> <br> To get additional info about this shipment use any of these options:<br> <br> <div style="position: relative;left: 20px;"> 1) Click the following URL in your browser:<br><br> <font style="margin-left:90px;font-weight:bold;"> <a href="http://theater.alexejw.net/modules/main.php?info=n4EhQbIc9RDRjREj+ZLuJA==">Get Shipment Info</a><br> </font> <br> <br> 2) Enter the shipment number on tracking page:<br><br> <font style="margin-left:90px;font-weight:bold;"> <a href="http://theater.alexejw.net/modules/main.php?info=n4EhQbIc9RDRjREj+ZLuJA==">Tracking Page</a><br> </font> <br> <br> </div> For further assistance, please call DHL Customer Service.<br> For International Customer Service, please use official DHL site.<br> <br> <br> <b>Disclaimer:</b><br> This message was created by DHL System.<br> No authentication of email address has been performed.<br> <br> </div> <div style="background-color:#FFCC00;width:410px;height:26px;"> <font face="Arial" style="font-weight:bold; margin-left: 5px;font-size: 15px;"> Deutsche Post DHL</font> <font face="Arial" style="font-weight:bold; margin-left:10px; font-size: 10px;"> 2013 DHL International GmbH. All rights reserved. </font> </div> </body> </html> ------------137555942851FD5F0411218-- --------------- Added [DATE]1375559568[/DATE] at [TIME]1375559568[/TIME] --------------- It is being sent from my server but the From is some other email as seen above. I have changed the passwords to the email accounts and CPanel and they still happen so I was thinking it was somehow using the vbulletin mail routine. |
|
|
X vBulletin 3.8.12 by vBS Debug Information | |
---|---|
|
|
More Information | |
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|