Site shut down due to excessive emails being sent

[lildog]

I help a lady with her site and most of the time I do not hear a peep from her and her shop just keeps running. Today I got an email saying her site was suspended due to excessive emails being sent... To be honest it has been a while since I did any work on her osCommerce cart and have absolutely no idea where to start. Are there some common places to look for this problem? What should I be loooking for? Any help is greatly appreciated. Is there a way to find out what file is generating these emails?

 

Thank you,

Todd

[greasemonkey]

Sounds like it may have been hacked?

 

I'm no expert - maybe visit the security forum.

 

 

[lildog]

Certainly hacked...we haven't done anything to this site for months, other than add products.

[greasemonkey]

Check the files... You should be able to easily see if there's been edits based on the last modified date.

 

If there have been any changes you know your in "deep".

 

Good luck.

[Guest]

@@lildog

 

The 'tell a friend' module is a commonly exploited function for sending out emails from unsuspecting osCommerce sites. Disable the module to see if that corrects the problem..

 

 

 

 

Chris

[Jack_mcs]

@@lildog It's a common problem nowadays. As Chris menioned, the tell a friend is usually at fault but the spammers have scripts that can use any form on the site so the contact us and create account are also pssibilities. The host can say for sure where the emails were sent for. The way to stop it is to install the google recaptcha package.

[germ]

@@lildog

 

Personally I think any recaptcha is for the birds - I've hated every single one I've ever tried to decipher.

 

And I'm sure teams of spammers all over the globe are furiously working on image recognition software so they can break them.

 

You could try something like this, a "challenge question" instead. A text entry as an answer to a question as an anti-robot measure.

 

The code at that link isn't for "Tell A Friend" module, but you're a bright guy I'm sure you can figure it out.

 

Just something to consider.

[MrPhil]

Personally I think any recaptcha is for the birds - I've hated every single one I've ever tried to decipher.

Yes, to crank up their "difficulty" level high enough to stop bots results in a puzzle almost no human can solve. In other words, CAPTCHA (including reCAPTCHA) now keeps out the people and lets in the bots!

 

And I'm sure teams of spammers all over the globe are furiously working on image recognition software so they can break them.

You're about a year or so behind in your prediction. CAPTCHA has long been broken. Time to move on to other methods.

[Jack_mcs]

I disagree. The captcha code isn't meant as a stop-all but it works quite well. We have had many problems with the sites of our hosting members sending out thousands of emails per account before installing recaptcha. After installing - not one problem. This has also been the case where people have contacted me saying their host suspended their sites for too many emails. After the installation - no more problems with suspension for that reason. It wouldn't surprise me to learn there are scripts out there that allow hackers to get by captcha systems. But, if there are, it is not wide-spread as of yet, in my experience, since this method works each and every time.

[germ]

By far the most common exploit of this module is caused by the store owners themselves.

 

In an effort to boost sales, the ignorant go into the admin and set "Allow Guest to Tell a Friend" to TRUE.

 

Little do they realize that without a "recaptcha" or "challenge question" or some other measure to deter SPAMBOTS this turns the module into a SPAM engine just waiting for some wandering robot to start it up.

[♥Biancoblu]

Just wondering, seeing as Tell a Friend is protected by action recorder, doesn't that stop, or at least slow down, the spam bots a bit?

[germ]

On v2.3.x

 

I've assumed this thread was about a v2.2x shop.

[♥Biancoblu]

@@germ

 

oh right, got it, my mistake :blush: