- Posts: 13
- Thank you received: 0
I had an attack on my site via Eventbooking
- Poul Melgaard
- Topic Author
- Offline
- New Member
Less
More
10 years 1 week ago #44117
by Poul Melgaard
I had an attack on my site via Eventbooking was created by Poul Melgaard
I had a robot using the Tell a Friend (Invite) button my events to send out an huge amount of spam via my server, and mannaged to get Blacklistet on one list.
I am missing a Captchas option here.
The Tell a Friend (Invite) option is turned on via the template, and as I understand always available if you know the right URL to inject data in the form.
Therefor I had to remove the Tell a Friend (Invite) from the code by renaming the invite function
components/com_eventbooking/views/invite/tmpl/complete.php -> complete.php????
components/com_eventbooking/views/invite/tmpl/default.php -> default.php????
Any other suggestions???
I am missing a Captchas option here.
The Tell a Friend (Invite) option is turned on via the template, and as I understand always available if you know the right URL to inject data in the form.
Therefor I had to remove the Tell a Friend (Invite) from the code by renaming the invite function
components/com_eventbooking/views/invite/tmpl/complete.php -> complete.php????
components/com_eventbooking/views/invite/tmpl/default.php -> default.php????
Any other suggestions???
Please Log in or Create an account to join the conversation.
- Tuan Pham Ngoc
- Offline
- Administrator
10 years 1 week ago #44118
by Tuan Pham Ngoc
Replied by Tuan Pham Ngoc on topic I had an attack on my site via Eventbooking
We are working to add captcha feature into the extension to invite friend form within this week and that should solve the issue.
For now, please follow the instruction below :
1. Open the file components/com_eventbooking/controller/controller.php
2. Find the code below :
3. Change it to :
That temp solution should work !
Regards,
Tuan
For now, please follow the instruction below :
1. Open the file components/com_eventbooking/controller/controller.php
2. Find the code below :
Code:
public function send_invite()
{
$model = & $this->getModel('invite');
$post = JRequest::get('post');
$model->sendInvite($post);
$this->setRedirect(JRoute::_('index.php?option=com_eventbooking&view=invite&layout=complete&tmpl=component&Itemid='.JRequest::getInt('Itemid'), false)) ;
}
3. Change it to :
Code:
public function send_invite()
{
die();
}
That temp solution should work !
Regards,
Tuan
The following user(s) said Thank You: Paulo Matos
Please Log in or Create an account to join the conversation.
- Poul Melgaard
- Topic Author
- Offline
- New Member
Less
More
- Posts: 13
- Thank you received: 0
10 years 1 week ago #44119
by Poul Melgaard
Replied by Poul Melgaard on topic I had an attack on my site via Eventbooking
Roger that
Please Log in or Create an account to join the conversation.
- Stephan Hodges
- Offline
- Premium Member
Less
More
- Posts: 146
- Thank you received: 11
10 years 1 week ago - 10 years 1 week ago #44160
by Stephan Hodges
Replied by Stephan Hodges on topic I had an attack on my site via Eventbooking
Will your temporary code fix be automatically replaced when the component is updated?
Are any of the other functions at risk?
Are any of the other functions at risk?
Last edit: 10 years 1 week ago by Stephan Hodges.
Please Log in or Create an account to join the conversation.
- Tuan Pham Ngoc
- Offline
- Administrator
10 years 1 week ago #44161
by Tuan Pham Ngoc
Replied by Tuan Pham Ngoc on topic I had an attack on my site via Eventbooking
Just this one. It is just spam email attack !
Regards,
Tuan
Regards,
Tuan
Please Log in or Create an account to join the conversation.
Moderators: Tuan Pham Ngoc
Support
Documentation
Information
Copyright © 2024 Joomla Extensions by Joomdonation. All Rights Reserved.
joomdonation.com is not affiliated with or endorsed by the Joomla! Project or Open Source Matters.
The Joomla! name and logo is used under a limited license granted by Open Source Matters the trademark holder in the United States and other countries.
The Joomla! name and logo is used under a limited license granted by Open Source Matters the trademark holder in the United States and other countries.