Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Getting strange emails


snights

Recommended Posts

Started getting strange emails with what appers to be scramble html

C9mt4z a hrefhttp:ppkizndukdzx.comppkizndukdzxa urlhttp:asoptdxujcnt.comasoptdxujcnturl linkhttp:ispoevtwrjbg.comispoevtwrjbglink http:tanxlamyorme.com

 

is one of all..

I belive its a try for inserting some script? correct? i want to belive that the reason im getting this email is becuse im using security pro?

 

Or is it sometinge else? im a beeing paranoid?

Link to comment
Share on other sites

  • 3 weeks later...

Started getting strange emails with what appers to be scramble html

 

Looks to me like sanitized html from your contact_us page. Nothing to worry about.

 

You may consider adding captcha to your contact_us page.

Link to comment
Share on other sites

looks like a spam attack that's been cleaned so no worries. you must be cleaning the post with something, contact_us uses the post method & security pro has no effect on that wink.gif

 

 

You can prevent these spammers getting anywhere with this type of attack with this change to contact_us that will detect any links in the message.

 

at the very start, after

 

 

  Released under the GNU General Public License
*/

 

add:

$error = false;
 if (preg_match('/(http:\/\/)/i',$_POST['enquiry']) || preg_match('/(<a.*href.*=)/i',$_POST['enquiry'])) {
 $error = true;
 $messageStack->add('contact', 'Links are not allowed within the message,<br />please just put www part if needed.');
}

 

 

then remove the later:

 

$error = false;

 

 

Generally if the spammers can't send live links they just give up, as it makes their spam pointless.

Sam

 

Remember, What you think I ment may not be what I thought I ment when I said it.

 

Contributions:

 

Auto Backup your Database, Easy way

 

Multi Images with Fancy Pop-ups, Easy way

 

Products in columns with multi buy etc etc

 

Disable any Category or Product, Easy way

 

Secure & Improve your account pages et al.

Link to comment
Share on other sites

I have added spooks code to my shop.

 

On testing a "clean" email goes through as normal but if I put a hyperlink into the email it goes to a blank page with http://www.xxxxxxxxx...php?action=send in the URL bar of the browser.

 

Is this correct please

 

Martin

Live shop Phoenix 1.0.8.4 on PHP 7.4 Working my way up the versions.

Link to comment
Share on other sites

 

Is this correct please

 

Martin

 

 

Oops, sorry, there is an error in the code blush.gif , its a snippit I used on a non-osC site, it needs a small change for osC

 

remove the line added b4:

 

   $messageStack->add('contact', 'Links are not allowed within the message,<br />please just put www part if needed.');

 

 

then after:

 require('includes/application_top.php');

 

add:

 

 if ($error) $messageStack->add('contact', 'Links are not allowed within the message,<br />please just put www part if needed.'); 

Sam

 

Remember, What you think I ment may not be what I thought I ment when I said it.

 

Contributions:

 

Auto Backup your Database, Easy way

 

Multi Images with Fancy Pop-ups, Easy way

 

Products in columns with multi buy etc etc

 

Disable any Category or Product, Easy way

 

Secure & Improve your account pages et al.

Link to comment
Share on other sites

  • 1 month later...

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...