Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

I'm getting buried by spam...


Guest

Recommended Posts

As the topic description says, I'm spammed to death by some unknown bot-thing-whatever that abuses the possibility there is to send requests through the 'Contact Us' form. Worst, I'm getting, like, 10 emails every 3-4 minutes that states ''Unsuccessful mail delivery'' and such the likes, as if someone was able to spam other people using MY email adress!!

 

I don't have the courage to dig for help about this, I was gone for a few minutes only and got, like, 100 new ''Returned mail''... plus all those ''Request from your webshop'' mails.

 

I tried turning off the option that allows email to be sent, but it doesn't seem to work... Worse even, when I look in the ''Who's online'' list, I have some weirdos, notably one that has like, 545$ worth of merchandise in it's cart... while we only have a few, low-priced items for sale. And these are things you don't buy in duplicates. And all that in, like, one second after it arrived on the site, if the stats are correct.

 

Help :'(

Link to comment
Share on other sites

Hi Lirale,

 

IM in the same boat as you. In fact I just logged into the forum to find if anyone had had this.. and yours was first post that come up i search :)

 

I havnt 'seen' anything suspicious in the 'whos online' .. in fact, ive not even seen anyone online when they've been there.

 

BUT,

 

Im getting HEAPS of returned mail notifications from many different domains mailer daemons. Hundreds today..

 

I seem to have been getting more and more of these since our stroe went 'live' last wek.. but todays flooding of these is unbelievable...

 

 

Anyone else?? Anyone know how to 'combat' this scourge...

 

Also.. im wondering how much 'damage' this is doing the 'reputation' of my domain.. is it likely to be blocked isp's and email services that im -apparently- spamming..

 

 

THanks in advance.. now back to the search :)

Link to comment
Share on other sites

Go to the contributions site, and several options are available there...

 

I use the contact for members only, and it is a brilliant piece of work... I am sure the others are too, as all are trying to beat the spammer by whatever means.

 

You MUST do something, as this can get you into real trouble with your host, even though it's not your fault! Act NOW!

 

Success to you,

Mark

Link to comment
Share on other sites

First open another e-mail account on your server then change your store e-mail to the new one.

 

Then the account that the bot is using will change.

 

This will give you a chance to address your attacker.

 

Do you have IP tracking and blocking on your server? If you do you can isolate the attackers IP address and block him from entering your site?

 

If you don't have a IP tracker get Adds Free Stats. It will track all IP addresses. Your .htaccess is capable of blocking IP addresses. Search Yahoo for IP banning .htaccess and you will get the instructions.

Link to comment
Share on other sites

Go to the contributions site, and several options are available there...

 

I use the contact for members only, and it is a brilliant piece of work... I am sure the others are too, as all are trying to beat the spammer by whatever means.

 

You MUST do something, as this can get you into real trouble with your host, even though it's not your fault! Act NOW!

 

Success to you,

Mark

You can also install a contribution that requires the contact form be validated by copying letters in an image and entering them in a text field. This way you can keep your contact us open for non members if you wish.

 

Sorry I can't remember the name of the contribution but when I get home later i'll check it and post it here.

Link to comment
Share on other sites

http://www.oscommerce.com/community/contri...arch,contact+us

 

 

You can also install a contribution that requires the contact form be validated by copying letters in an image and entering them in a text field. This way you can keep your contact us open for non members if you wish.

 

Sorry I can't remember the name of the contribution but when I get home later i'll check it and post it here.

Link to comment
Share on other sites

The cause of the returned email may have nothing whatsoever to do with your ecommerce site.

 

I too have been receiving hundreds of these daily (Over 350 waiting for me when I connected this a.m) - but I have checked bandwith and with my hosting company to confirm that they are not comming from my site.

 

I suspected that they were not, as I suffered a similar attack a couple of years ago when using different software.

 

The problem is caused by the very simple fact that you can forge the `sent from` address in an email - this is usually done by `bots` - what happens is a virus takes over some innocents mailbox, and then sends out mail - and it may just pick an email address within the innocents address book to use as a sender and return address.

 

I am afraid that there is not much you can do about it (I wish there was its reallly ****** me off).

 

I've looked at the Spamhaus project site, and they basically confirm what I have said above.

Link to comment
Share on other sites

Just thought I would add (though it is no help) that the Spamhaus project, and other anti spam organisations, say that the bouncing of SPAM email is now considered a form of SPAM itself as the emails are [b]never bounced [/b]to the originating source but to some innocent third party - and may therefore be used as part of Denial of Service Attack,

Link to comment
Share on other sites

WHAT???????? :blink:

 

 

Just thought I would add (though it is no help) that the Spamhaus project, and other anti spam organisations, say that the bouncing of SPAM email is now considered a form of SPAM itself as the emails are [b]never bounced [/b]to the originating source but to some innocent third party - and may therefore be used as part of Denial of Service Attack,
Link to comment
Share on other sites

I assume you are asking about a denial of service attack. The principle is quite simple - you bombard a target site with so much email (for example) that you effectively take the site offline - as genuine people cannot get through.

 

And don't forget that you are the one paying for the bandwidth.

Link to comment
Share on other sites

... Worst, I'm getting, like, 10 emails every 3-4 minutes that states ''Unsuccessful mail delivery'' and such the likes, as if someone was able to spam other people using MY email adress!!

...

I had this problem too. My issue was solved by adding a bit of code to the function that generates the contactus_us email in the general.php (in functions).

 

http://www.oscommerce.com/forums/index.php?sho...168903&st=0

http://www.oscommerce.com/community/bugs,3...arch,contact_us

http://www.oscommerce.com/community/bugs,3...arch,contact_us

 

Basically there is a known vulnerability that spammers use by putting code into your contact_us form and using you as their SPAM distributor. This code prevents certain characters so those emails do not get sent properly. (ie. the spam bots just get errors, and cannot send emails)

"The reasonable man adapts himself to the world; the unreasonable one persists in trying to adapt the world to himself.

Therefore, all progress depends upon the unreasonable man."

-- George Bernard Shaw

Link to comment
Share on other sites

The reason you probably didn't find any other posts about the abuse of the Contact Us form is that the exploit happened last year. The exploit was fixed in the update which was released last November, and there's been another update to osCommerce since then, in September of this year.

 

No one should be running osCommerce without patching their sites to the latest level.

 

The 'person' who's loading shed loads of stuff in their shopping basket is probably a search engine spider. Either you don't have 'Prevent Spider Sessions' set to true in osCommerce admin --> Configuration --> Sessions, or else the spider is not listed in the includes/spiders.txt file.

 

If you haven't done so already you need to set 'Prevent Spider Sessions' to true, and also install the LARGE spiders.txt contribution.

 

You can prevent a lot of the spam bounced mail by going to your web hosting control panel and deleting the alias 'catch-all'. The catch-all collects all mail which is not routed to a genuine email address on your domain, so should be deleted.

 

Vger

Link to comment
Share on other sites

Vger - thanks for the suggestion to delete the `catch all`.

 

One reason I put in my earlier post that the spam may not have anything to do with oscommerce is that the mail address being used in my case was removed by me over two years ago for the same reason (someone had spoofed the email address.

 

I have only been using oscommerce since August 2006, the email address was removed two years ago, so anyone accessing my website would not have been able to find that address.

 

I perhaps should mention that some of the `returned mail` originates from addresses that have never existed on my site.

Link to comment
Share on other sites

In the past I have been a source of spam (been hacked).

Yet I did not receive any bouncing e-mails.

 

I just noted my bandwidth had increased some more than I could account for.

Since I closed a hole in joomla my issue was solved.

I do not use the osc contact_us.php (in fact the page does not exist on my server).

 

An option I am still considdering is to load all e-mail that is supposed to be send into a database, and let the database be mailed empty by a cronjob, that runs every few minutes. If more than 10 mails in there to not send any e-mails, yet notify me to check the mails instead, and if correct to manually allow all mails to be send.

 

the delay is not nice, but it would be far more secure, and would be able to catch many (if not all) future mail exploits from my domain(s), since spamming still always is done by the thousands.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...