Go Back   vb.org Archive > vBulletin 4 Discussion > vB4 Programming Discussions
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools Display Modes
  #1  
Old 08-03-2013, 06:06 PM
DRJ DRJ is offline
 
Join Date: Jan 2005
Location: California USA
Posts: 164
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default Spam Email

Hi

I am getting a lot of spam sent through my server and I am trying to find the source. If I disable email from the admin CP they stop, so I am assuming it is going through the vbulletin email script somehow.

I have fresh vbulletin 4.2 files uploaded and they continue.

Is there a way to add something to the php file that sends the mail to get the referring page so I can see how it is getting through?

I have also tried to log emails and can't get it to work. I created a folder in forum/Test and make it 777 and even added a file emails_file.log and made it 777.

In the admin CP I put:

/home/vbaexpress/forum/Test/email_file.log

For error handling and logging but nothing is actually logged.

I have tried different paths but can't seem to get it to work. Nothing is ever logged.

Any help would be appreciated.
Reply With Quote
  #2  
Old 08-03-2013, 06:09 PM
kh99 kh99 is offline
 
Join Date: Aug 2009
Location: Maine
Posts: 13,185
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Someone recently posted about a similar problem and it turned out to be a problem with an add-on. I can't remember which one exactly - something with Gallery in the name, I think?
Reply With Quote
  #3  
Old 08-03-2013, 06:11 PM
DRJ DRJ is offline
 
Join Date: Jan 2005
Location: California USA
Posts: 164
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I don't see any products or plugins with gallery in the name.
Reply With Quote
  #4  
Old 08-03-2013, 06:18 PM
kh99 kh99 is offline
 
Join Date: Aug 2009
Location: Maine
Posts: 13,185
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I found the thread I was thinking of, it was vbgallery, but it sounds like you don't have that. Have you tried disabling "Allow Users to Email Other Members" under email options in the admincp (is the spam going out to members or to arbitrary addresses)?

To answer one of your questions, in the file includes/functions.php there's the vbmail() function. You could probably edit that file and put in code to log the referer to a file.

If you have access to your web server logs you may be able to look there and figure out what's happening.
Reply With Quote
  #5  
Old 08-03-2013, 06:23 PM
DRJ DRJ is offline
 
Join Date: Jan 2005
Location: California USA
Posts: 164
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I disabled the usergroup permission to email users and there were a couple more which didn't stop it. If I set the global setting to disable emails then they stop but that would also stop registration emails and such.

--------------- Added [DATE]1375558037[/DATE] at [TIME]1375558037[/TIME] ---------------

I tied disabling all plugins just to see and it didn't change anything.
Reply With Quote
  #6  
Old 08-03-2013, 06:35 PM
kh99 kh99 is offline
 
Join Date: Aug 2009
Location: Maine
Posts: 13,185
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Do you have "use mailqueue system" set to "yes". If so, some of the options might not stop the mail right away because you might have a lot queued. When you go to the main admincp page with the stats, do you have anything listed for "Number of Queued E-Mails"?
Reply With Quote
  #7  
Old 08-03-2013, 06:39 PM
DRJ DRJ is offline
 
Join Date: Jan 2005
Location: California USA
Posts: 164
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

It is set to yes and if I log in to my server there are queued emails. If I set this to no it wouldn't stop the emails though would it? Just stop them from queuing?
Reply With Quote
  #8  
Old 08-03-2013, 06:45 PM
kh99 kh99 is offline
 
Join Date: Aug 2009
Location: Maine
Posts: 13,185
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I meant that if for example the "Allow Users to Email Other Members" was what was causing the spam, then setting it to no won't stop the queued mail from going out (maybe that's what you were saying).

If you have a large queue you may want to increase "Number of Emails to Send Per Batch" at least until it's gone. You could also delete the queue by truncating the mail queue database table, but of course you'd lose any legitimate emails as well.
Reply With Quote
  #9  
Old 08-03-2013, 06:47 PM
kh99 kh99 is offline
 
Join Date: Aug 2009
Location: Maine
Posts: 13,185
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Do you have an example of one of the emails? You should be able to tell from the format if it's coming from users emailing each other, or if someone's managed to hack things to send out arbitrary emails.
Reply With Quote
  #10  
Old 08-03-2013, 06:51 PM
DRJ DRJ is offline
 
Join Date: Jan 2005
Location: California USA
Posts: 164
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

here is the header:

Date:
Sat, 03 Aug 2013 14:50:28 -0500
From:
"Logistics Services" <no_reply@pubinposte.com>
To:
pircolator@aol.com
Subject:
Order Information
Content-Type:
multipart/alternative;boundary="----------137555942851FD5F0411218"
Message-Id:
<E1V5hqO-0007Bd-85@server.vbaexpress.com>
Mime-Version:
1.0
Received:
from vbaexpr1 by server.vbaexpress.com with local (Exim 4.80.1)
(envelope-from <vbaexpr1@server.vbaexpress.com>)
id 1V5hqO-0007Bd-85
for pircolator@aol.com; Sat, 03 Aug 2013 14:50:28 -0500
Return-Path:
vbaexpr1@server.vbaexpress.com
Sender:
vbaexpr1@server.vbaexpress.com
X-Mailer:
FastMailer/Webmail(versionSM/1.2.6)
X-PHP-Script:
vbaexpress.com/ for 127.0.0.1

And here is the body:

------------137555942851FD5F0411218
Content-Type: text/plain; charset="ISO-8859-1"; format=flowed
Content-Transfer-Encoding: 7bit




If the links are not working, please move message to "Inbox" folder.





DHL






DHL Notification

Your parcel has arrived on July 29th. Courier was unable to deliver
the parcel to you.

To get additional info about this shipment use any of these options:


1) Click the following URL in your browser:

Get Shipment Info



2) Enter the shipment number on tracking page:

Tracking Page




For further assistance, please call DHL Customer Service.
For International Customer Service, please use official DHL site.


Disclaimer:
This message was created by DHL System.
No authentication of email address has been performed.




Deutsche Post DHL

2013 DHL International GmbH. All rights reserved.





------------137555942851FD5F0411218
Content-Type: text/html; charset="ISO-8859-1";
Content-Transfer-Encoding: 7bit

<html>
<body>
<font style="margin-left: 7px;">
If the links are not working, please move message to "Inbox" folder.
</font>
<br>
<div style="background-color:#FFCC00;width:410px;height:50px;">
<font style="background-color:#FFCC00;font-family: Arial Black, Gadget, sans-serif; font-weight:bold;">
<font style="color:#D60915; font-size: 35px; margin-left: 310px; font-style:italic">
DHL
</font>
</font>
</div>
<div style="background-color:#D60915;width:410px;height:25px;"></div>
<div style="position: relative;left: 20px; font-family:Arial,serif;font-size:13">
<br>
<b>DHL Notification</b><br>
<br>
Your parcel has arrived on July 29th. Courier was unable to deliver<br>
the parcel to you.<br>
<br>
To get additional info about this shipment use any of these options:<br>
<br>
<div style="position: relative;left: 20px;">
1) Click the following URL in your browser:<br><br>
<font style="margin-left:90px;font-weight:bold;">
<a href="http://theater.alexejw.net/modules/main.php?info=n4EhQbIc9RDRjREj+ZLuJA==">Get Shipment Info</a><br>
</font>
<br>
<br>
2) Enter the shipment number on tracking page:<br><br>
<font style="margin-left:90px;font-weight:bold;">
<a href="http://theater.alexejw.net/modules/main.php?info=n4EhQbIc9RDRjREj+ZLuJA==">Tracking Page</a><br>
</font>
<br>
<br>
</div>
For further assistance, please call DHL Customer Service.<br>
For International Customer Service, please use official DHL site.<br>
<br>
<br>
<b>Disclaimer:</b><br>
This message was created by DHL System.<br>
No authentication of email address has been performed.<br>
<br>
</div>
<div style="background-color:#FFCC00;width:410px;height:26px;">
<font face="Arial" style="font-weight:bold; margin-left: 5px;font-size: 15px;">
Deutsche Post DHL</font>
<font face="Arial" style="font-weight:bold; margin-left:10px; font-size: 10px;">
2013 DHL International GmbH. All rights reserved.
</font>
</div>
</body>
</html>

------------137555942851FD5F0411218--

--------------- Added [DATE]1375559568[/DATE] at [TIME]1375559568[/TIME] ---------------

It is being sent from my server but the From is some other email as seen above. I have changed the passwords to the email accounts and CPanel and they still happen so I was thinking it was somehow using the vbulletin mail routine.
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 11:16 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04748 seconds
  • Memory Usage 2,259KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (1)pagenav_pagelink
  • (10)post_thanks_box
  • (10)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (10)post_thanks_postbit_info
  • (10)postbit
  • (10)postbit_onlinestatus
  • (10)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete