The Email a Friend function has a vulnerability. I found my site was sending out spam emails via the scripts for this feature. I had to go into the files and delete the emailFriend.php file and all related functions of emailafriend in other files (then clear your sites cache).
Please be aware that if you do not delete this then your site will be used to send spam and your IP's will be blacklisted more than likely. Right now the developer is aware and he said there is not a solution to fix this problem as of yet.
The same just happened to me.
I hope the latest versions (newer than 2.8.0) have this fixed.
As the hosting company said the spam emails are being send through the following link:
I renamed the file "components\com_eshop\themes\default\views\product\emailafriend.php" to something else.
I commented the code of the function "processEmailAFriend" in the file "components\com_eshop\models\product.php".
I hope this is enough.
Last edit: 6 months 3 weeks ago by Impression eStudio.