Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Hacker exploiting an automated email script?


JoeG

Recommended Posts

The following is a transcript of our host technician`s attempt to get to the bottom of this problem:

 

Tyler R: sorry for the delay, your server is running extremely slow, so there is a pretty long delay anytime I run commands.

Tyler R: Ok, I've gotten your mailserver mostly cleaned up I believe.

Tyler R: Can you go ahead and do a test order to see if you receive that mail.

Wendy G: yes

Tyler R: What email address should the message be going to?

Wendy G: [email protected]

Tyler R: A big part of the issue here is that your software that sends the emails, is sending them as [email protected]

Tyler R: that is causing them to be rejected

Tyler R: and marked as spam

Wendy G: ok, I did not see the order come into my in box or junk mail

Wendy G: nothing in spam either

Wendy G: not sure what [email protected] is...

Tyler R: that is the apache server, which is the web server

Tyler R: sending as the hostname of your server

Tyler R: that means your shopping cart that sends the mail

Tyler R: is not configured correctly

Tyler R: It should be setup to send as an actual email address...

 

...

Tyler R: You also have a LOT of deferred messages because your server is continually sending to a russian domain

Tyler R: No, it's in the configuration or the code of your shopping cart

Tyler R: Apr 1 11:47:37 64-150-182-92 postfix/smtp[27460]: 3DAFD27857B: to=<[email protected]>, relay=mx.cm.hc.ru[89.111.177.200]:25, delay=0.58, delays=0.05/0/0.53/0, dsn=4.0.0, status=deferred (host mx.cm.hc.ru[89.111.177.200] refused to talk to me

Wendy G: russian, does that mean hacked?

Tyler R: your server sends a pretty large amount of emails to this address

Tyler R: but they all bounce

Tyler R: If you don't email anyone in russia directly, probably

Tyler R: but the messages never go through

Tyler R: Your server is blocked for spam from most major hosts

Wendy G: no never e mail to russia, unless I have a question about an order which is once in a blue moon

Tyler R: I deleted several thousand emails and bouncebacks from spam being sent through the machine...

 

...

Tyler R: That was clogging up the queue pretty bad

Tyler R: You may have a hacked script on your page that is allowing them to send mail

Tyler R: since you don't have any mail accounts setup on the server itself, they aren't authenticating that way

Tyler R: Since it's sending as apache@

Tyler R: it's definitely a script on a page

Tyler R: And that is why you receive no messages from the server

Wendy G: I see

Tyler R: your server is blacklisted, and our mail system is rejecting the mail...

 

...

Tyler R: You may also need to see if there are any other scripts on your pages that allow mail sending. Anything like a contact us form, something like that.

 

 

 

If anyone has any information regarding this or a link to a page with information on this matter please do send as soon as possible. This is causing a major disruption in our business.

 

Thanks and have a great day!

Link to comment
Share on other sites

@@JoeG

 

Check your site for malicous code and anomalous files. If a hacker is exploiting your email, he / she more than likely has hacked your website and you will need to clean and secure it.

 

 

 

Chris

Link to comment
Share on other sites

@@JoeG

 

Could you say what version of osC your using, if any email related add-ons installed and what security measures you've applied.

Sam

 

Remember, What you think I ment may not be what I thought I ment when I said it.

 

Contributions:

 

Auto Backup your Database, Easy way

 

Multi Images with Fancy Pop-ups, Easy way

 

Products in columns with multi buy etc etc

 

Disable any Category or Product, Easy way

 

Secure & Improve your account pages et al.

Link to comment
Share on other sites

V 2.2 RC2 I have no email add-ons that I am aware of. I have applied the standard security measures such as renaming admin and setting all permissions very high, difficult passwords that are changed frequently and continuous monitoring of the site for malicious activity.

 

Thanks!

Link to comment
Share on other sites

Have you read this thread, it mi8ght point you to what you missed

Sam

 

Remember, What you think I ment may not be what I thought I ment when I said it.

 

Contributions:

 

Auto Backup your Database, Easy way

 

Multi Images with Fancy Pop-ups, Easy way

 

Products in columns with multi buy etc etc

 

Disable any Category or Product, Easy way

 

Secure & Improve your account pages et al.

Link to comment
Share on other sites

Great thread! I have seen it before and have instituted the majority of those. Obviously I could use to tighten it up a little more. I have been hesitant to put too much more into this site because I`m worried that it has almost reached the end of its usable lifspan. Hoping to migrate to Magento or something in the not too distant future before support for this dries up. But for now it still does its job wonderfully.

 

Thanks for your help. I will start adding the rest of your recommendations as soon as I get the files cleaned up.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...