Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Spam sent from contact_us.php (hacked)


Guest

Recommended Posts

Posted

Hi all!

 

I see many fixes for contact_us.php to prevent spammers use your website.

 

But what is the best fix or contribution to prevent this ?

 

Why has contact_us.php and email.php not changed in releases RC1/RC2/RC2a while the first fixes (contributions) are from 2005 ?

 

Or are these fixes not enough to prevent it ?

 

And why is this subject not discussed one time in first topic 'How to secure your site' ?

Posted

There are patches available for MS2 shops (already in RC2) that deal with this. And there are the VVC contributions that also help prevent it.

 

Hi Jack,

 

Thanks for your answer.

 

Are there fixes in RC2 so you don't need the VVC contribution anymore ? Or do you need both ?

 

I am busy to upgraded some MS2 websites for security reasons (first topic in this forum, but not ready yet) but when I study the list of changes since MS2 in RC1/RC2/2a I don't see one to fix this problem for contact_us.php, but I go to study them again .... or do you know which fix ?

Posted

No, RC2 doesn't have VVC. There is a patch file included in the installation that explains what each patch is for.

 

Hi Jack,

 

Thanks for your answer.

 

I moved this topic to 'How to secure your site' ..

Posted

Hi Jack,

 

Thanks for your answer.

 

I moved this topic to 'How to secure your site' ..

 

Dear Jack,

 

You solved the problem with your excellent contribution 'Sitemonitor'. Very funny, you presented a list of possible hacked code and one of it was catalog/includes/languages/english/contact_us.php full with code to sent mass of emails. As you can remember from questions a month of 1,5 ago (see my name) a customers website was hacked for jp morgan bank and paypall. I think the same had changed that code in that period because they can't come in anymore now but they still try (seeing the logs). So they have a way to use contact_us.php in that time and now. But you reported more on your list and go to find out (but maybe that was not hacked).

 

Strange I checked in that period the dates of the programs and could not find changes (of course I could find the criminal programs) so maybe it is possible to change programs without changing dates ...

 

Thanks again, great contribution ...

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...