Guest Posted December 7, 2006 Posted December 7, 2006 As the topic description says, I'm spammed to death by some unknown bot-thing-whatever that abuses the possibility there is to send requests through the 'Contact Us' form. Worst, I'm getting, like, 10 emails every 3-4 minutes that states ''Unsuccessful mail delivery'' and such the likes, as if someone was able to spam other people using MY email adress!! I don't have the courage to dig for help about this, I was gone for a few minutes only and got, like, 100 new ''Returned mail''... plus all those ''Request from your webshop'' mails. I tried turning off the option that allows email to be sent, but it doesn't seem to work... Worse even, when I look in the ''Who's online'' list, I have some weirdos, notably one that has like, 545$ worth of merchandise in it's cart... while we only have a few, low-priced items for sale. And these are things you don't buy in duplicates. And all that in, like, one second after it arrived on the site, if the stats are correct. Help :'(
spelchek Posted December 8, 2006 Posted December 8, 2006 Hi Lirale, IM in the same boat as you. In fact I just logged into the forum to find if anyone had had this.. and yours was first post that come up i search :) I havnt 'seen' anything suspicious in the 'whos online' .. in fact, ive not even seen anyone online when they've been there. BUT, Im getting HEAPS of returned mail notifications from many different domains mailer daemons. Hundreds today.. I seem to have been getting more and more of these since our stroe went 'live' last wek.. but todays flooding of these is unbelievable... Anyone else?? Anyone know how to 'combat' this scourge... Also.. im wondering how much 'damage' this is doing the 'reputation' of my domain.. is it likely to be blocked isp's and email services that im -apparently- spamming.. THanks in advance.. now back to the search :)
BigMark Posted December 8, 2006 Posted December 8, 2006 Go to the contributions site, and several options are available there... I use the contact for members only, and it is a brilliant piece of work... I am sure the others are too, as all are trying to beat the spammer by whatever means. You MUST do something, as this can get you into real trouble with your host, even though it's not your fault! Act NOW! Success to you, Mark
usernamenone Posted December 8, 2006 Posted December 8, 2006 First open another e-mail account on your server then change your store e-mail to the new one. Then the account that the bot is using will change. This will give you a chance to address your attacker. Do you have IP tracking and blocking on your server? If you do you can isolate the attackers IP address and block him from entering your site? If you don't have a IP tracker get Adds Free Stats. It will track all IP addresses. Your .htaccess is capable of blocking IP addresses. Search Yahoo for IP banning .htaccess and you will get the instructions.
muttsnuts Posted December 8, 2006 Posted December 8, 2006 Go to the contributions site, and several options are available there... I use the contact for members only, and it is a brilliant piece of work... I am sure the others are too, as all are trying to beat the spammer by whatever means. You MUST do something, as this can get you into real trouble with your host, even though it's not your fault! Act NOW! Success to you, Mark You can also install a contribution that requires the contact form be validated by copying letters in an image and entering them in a text field. This way you can keep your contact us open for non members if you wish. Sorry I can't remember the name of the contribution but when I get home later i'll check it and post it here.
usernamenone Posted December 8, 2006 Posted December 8, 2006 http://www.oscommerce.com/community/contri...arch,contact+us You can also install a contribution that requires the contact form be validated by copying letters in an image and entering them in a text field. This way you can keep your contact us open for non members if you wish. Sorry I can't remember the name of the contribution but when I get home later i'll check it and post it here.
csjwoodward Posted December 10, 2006 Posted December 10, 2006 The cause of the returned email may have nothing whatsoever to do with your ecommerce site. I too have been receiving hundreds of these daily (Over 350 waiting for me when I connected this a.m) - but I have checked bandwith and with my hosting company to confirm that they are not comming from my site. I suspected that they were not, as I suffered a similar attack a couple of years ago when using different software. The problem is caused by the very simple fact that you can forge the `sent from` address in an email - this is usually done by `bots` - what happens is a virus takes over some innocents mailbox, and then sends out mail - and it may just pick an email address within the innocents address book to use as a sender and return address. I am afraid that there is not much you can do about it (I wish there was its reallly ****** me off). I've looked at the Spamhaus project site, and they basically confirm what I have said above.
csjwoodward Posted December 10, 2006 Posted December 10, 2006 Just thought I would add (though it is no help) that the Spamhaus project, and other anti spam organisations, say that the bouncing of SPAM email is now considered a form of SPAM itself as the emails are [b]never bounced [/b]to the originating source but to some innocent third party - and may therefore be used as part of Denial of Service Attack,
usernamenone Posted December 10, 2006 Posted December 10, 2006 WHAT???????? :blink: Just thought I would add (though it is no help) that the Spamhaus project, and other anti spam organisations, say that the bouncing of SPAM email is now considered a form of SPAM itself as the emails are [b]never bounced [/b]to the originating source but to some innocent third party - and may therefore be used as part of Denial of Service Attack,
csjwoodward Posted December 10, 2006 Posted December 10, 2006 I assume you are asking about a denial of service attack. The principle is quite simple - you bombard a target site with so much email (for example) that you effectively take the site offline - as genuine people cannot get through. And don't forget that you are the one paying for the bandwidth.
yomama360 Posted December 14, 2006 Posted December 14, 2006 ... Worst, I'm getting, like, 10 emails every 3-4 minutes that states ''Unsuccessful mail delivery'' and such the likes, as if someone was able to spam other people using MY email adress!!... I had this problem too. My issue was solved by adding a bit of code to the function that generates the contactus_us email in the general.php (in functions). http://www.oscommerce.com/forums/index.php?sho...168903&st=0 http://www.oscommerce.com/community/bugs,3...arch,contact_us http://www.oscommerce.com/community/bugs,3...arch,contact_us Basically there is a known vulnerability that spammers use by putting code into your contact_us form and using you as their SPAM distributor. This code prevents certain characters so those emails do not get sent properly. (ie. the spam bots just get errors, and cannot send emails) "The reasonable man adapts himself to the world; the unreasonable one persists in trying to adapt the world to himself. Therefore, all progress depends upon the unreasonable man." -- George Bernard Shaw
♥Vger Posted December 15, 2006 Posted December 15, 2006 The reason you probably didn't find any other posts about the abuse of the Contact Us form is that the exploit happened last year. The exploit was fixed in the update which was released last November, and there's been another update to osCommerce since then, in September of this year. No one should be running osCommerce without patching their sites to the latest level. The 'person' who's loading shed loads of stuff in their shopping basket is probably a search engine spider. Either you don't have 'Prevent Spider Sessions' set to true in osCommerce admin --> Configuration --> Sessions, or else the spider is not listed in the includes/spiders.txt file. If you haven't done so already you need to set 'Prevent Spider Sessions' to true, and also install the LARGE spiders.txt contribution. You can prevent a lot of the spam bounced mail by going to your web hosting control panel and deleting the alias 'catch-all'. The catch-all collects all mail which is not routed to a genuine email address on your domain, so should be deleted. Vger
csjwoodward Posted December 15, 2006 Posted December 15, 2006 Vger - thanks for the suggestion to delete the `catch all`. One reason I put in my earlier post that the spam may not have anything to do with oscommerce is that the mail address being used in my case was removed by me over two years ago for the same reason (someone had spoofed the email address. I have only been using oscommerce since August 2006, the email address was removed two years ago, so anyone accessing my website would not have been able to find that address. I perhaps should mention that some of the `returned mail` originates from addresses that have never existed on my site.
jdvb Posted December 15, 2006 Posted December 15, 2006 In the past I have been a source of spam (been hacked). Yet I did not receive any bouncing e-mails. I just noted my bandwidth had increased some more than I could account for. Since I closed a hole in joomla my issue was solved. I do not use the osc contact_us.php (in fact the page does not exist on my server). An option I am still considdering is to load all e-mail that is supposed to be send into a database, and let the database be mailed empty by a cronjob, that runs every few minutes. If more than 10 mails in there to not send any e-mails, yet notify me to check the mails instead, and if correct to manually allow all mails to be send. the delay is not nice, but it would be far more secure, and would be able to catch many (if not all) future mail exploits from my domain(s), since spamming still always is done by the thousands.
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.