Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Strange email issues


sandmanracing

Recommended Posts

G'day everyone,

 

I have serached and tried to find an answer, and at this time of the morning (1am Melbourne time) I must have skipped past it.

 

The store has sent email out to addresses that do not exist at my domain (eg [email protected]) and it has been filling up the inbox of the host. I have disabled the send emails option but can't work out what has caused this to happen in the first place.

 

It also directs me to click a link to a page at www.mysite.com/confirm.php that doesn't exist in the root of the site, and I couldn't find anything in the oscommerce files with that name either, so when it wants to confirm an email address what file or where should it point to?

 

I am really stumped as to what it could be :blink: .

 

Cheers,

 

Glenn

Link to comment
Share on other sites

  • 3 weeks later...

Thanks for the reply Mibble, both myself and my host have searched through the logs and found nothing relating to outside access to the website.

 

Here is a copy of one of the emails (all the same) that is being sent out:

 

Subject: Important Notification

From: [email protected]

Date: Mon, June 20, 2005 10:53 am

To:

Priority: Normal

 

 

Dear Valued Member,

 

 

According to our site policy you will have to confirm your account by the following

link or else your account will be suspended within 24 hours for security reasons.

 

 

http://www.mydomain.com.au/confirm.php?email=[removed]

 

 

Thank you for your attention to this question. We apologize for any inconvenience.

 

 

Sincerely,[store] Security Department Assistant.

 

 

 

 

 

I'm sure it is something simple, but I am not familiar enough with the layout of oscommerce to know exactly where to look at why these are being sent out and what this confirm.php file should contain.

Link to comment
Share on other sites

is it a standard install, if so ive not seen a standard oscomm site that requires email confirmation, sounds like a definate hack to me, im asuming your admin folder is secure...

 

Craig

Link to comment
Share on other sites

It is a standard install, with only a few mods made (shipping/payment modules and changing the title/logo and front screen text.

 

Admin is secured, one of the first things I did.

 

When I turned off sending of emails from the admin console, the messages stopped being sent, so that may play a big part in determining the answer.

 

It may be one of the changes I made, but none of the modules I installed involved email services at all.

 

I may install over the top and see what happens, but only if I can't get an answer on this easily enough.

Link to comment
Share on other sites

I would have said that your mail address was being 'spoofed' by someone, except that you say it stops when you disabled the sending of mail from your admin panel.

 

Best guess I can make is that someone has hacked your e-mail password, and is using your smtp service to send out the mails. You need to go to your web hosting control panel (where you set up the e-mail address) and change the password to the maximum number of letters/numbers allowed by your hosting control panel. While you are at it also change the password for accessing your web hosting control panel.

 

If the problem stops but then recurs after a time then it may well be someone with access to your hosting account who's misusing it.

 

Vger

Link to comment
Share on other sites

Thanks for the replies everyone on this subject.

 

I spoke to the host today and he sent me mail he was getting which came through to the domain postmaster as it was sending messages to a non-existant email address on my domain.

 

We were going through a few things and could it be something to do with the verify email address through dns?

 

I'll check on the misuse by an employee of the host, but I highly suspect it is unlikely.

 

The passwords are already at their maximum, I'm a former network admin so I usually have passwords that take forever to enter... B)

Link to comment
Share on other sites

Well there is no evidence of anything untoward from the staff of the host.

 

I have re-enabled the Send Emails option in the admin control panel and so far (2 hours) nothing has gone wrong.

 

Here's keeping the fingers crossed while I keep an eye on it until I head to the pub tonight...

 

Thanks for the help everyone, I'll let you know how it goes soon.

Link to comment
Share on other sites

The email message you describe sounds exactly like the kind that would send from a trojan or virus.

 

Since the email message nowehere near relates to anything set in oscommerce I would say that the emails are not related to the oscommerce installation but more likely to be sent by a virus or trojan.

Link to comment
Share on other sites

The email appears to be working fine now, I created multiple accounts and the only messages sent were the welcome messages.

 

While it may come across as a trojan virus Macro, it did stop when I disabled the Send Emails option which is why I suspected that it was somewhere within oscomm as opposed to any outside influence.

 

Does anyone actually know the process involved in the "Verify Email address via DNS" option? Basically what steps does it take and how does it do it is what I am after at the moment so I can understand it, as this is the only option I haven't re-enabled since I brought the email back online. More just to satisfy my curiosity.

 

Cheers,

 

Glenn

Link to comment
Share on other sites

While it may come across as a trojan virus Macro, it did stop when I disabled the Send Emails option which is why I suspected that it was somewhere within oscomm as opposed to any outside influence.

 

It could of been more of a coincidence, however if the emails were sent due to a vuln is oscommerce then your weblogs might give you some clues.

 

Does anyone actually know the process involved in the "Verify Email address via DNS" option? Basically what steps does it take and how does it do it is what I am after at the moment so I can understand it, as this is the only option I haven't re-enabled since I brought the email back online. More just to satisfy my curiosity.

 

This option does a lookup on the domain name to see if it has an MX record. If an MX record is found the domain is considered valid if it does not have an MX record then the domain would be unable to receive emails so its considered invalid.

Link to comment
Share on other sites

Thanks for the explanation Macro.

 

I really don't know how it started tosend out emails, but the logs don't show anything untoward, nor do they showanything that explained what happened.

 

As it has stopped, I am happy to leave it at that for now, last thing I needed was for customers to start complaining about email issues and confirming accounts when you don't need to.

 

Again, thanks everyone.

Link to comment
Share on other sites

Just one last thing. You don't have a forum operating on the same domain do you? If you do then the mass mailer from that would be the most likely culprit to get hacked.

 

Vger

Link to comment
Share on other sites

Just one last thing.  You don't have a forum operating on the same domain do you?  If you do then the mass mailer from that would be the most likely culprit to get hacked.

 

Vger

 

Nah, no forums on my site. We purely deal with IT for the Motorsport industry here in Oz and soon in NZ.

 

I prefer to lurk and contribute, rather than to run my own. There are enough headaches dealing with support issues for customers face to face without adding flame wars and abuse online to the mix lol.

 

There is a forum on another domain on the host, but not on my actual domain.

Link to comment
Share on other sites

One insecure forum on a shared server can take the whole server down. The problem with forums on a shared server is that people set them up and keep running old versions even when newer versions are released to patch security flaws.

 

There's not a lot you can do about it, especially if your hosting company offers automated forum installs via Fantastico or Ensim Power Tools - because their versions are often outdated for quite a while before new ones are made available.

 

Vger

Link to comment
Share on other sites

The forums are hosted on seperate servers from those without web hosting, and if you want any programs like oscomm or phpbb or similar you need to let them know and they will tell you what version they will allow (usually the latest) and then let you set things up.

 

It comes down to the usual process of being proactive which few people can really claim to be from both the host and the site owner perspective.

 

Once again, he's fingers crossed it has all settled down.

 

Cheers,

 

Glenn

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...