Joomla Extensions by Joomdonation

I had an attack on my site via Eventbooking

  • Poul Melgaard
  • Topic Author
  • Offline
  • New Member
  • New Member
More
10 years 1 week ago #44117 by Poul Melgaard
I had an attack on my site via Eventbooking was created by Poul Melgaard
I had a robot using the Tell a Friend (Invite) button my events to send out an huge amount of spam via my server, and mannaged to get Blacklistet on one list.
I am missing a Captchas option here.
The Tell a Friend (Invite) option is turned on via the template, and as I understand always available if you know the right URL to inject data in the form.

Therefor I had to remove the Tell a Friend (Invite) from the code by renaming the invite function

components/com_eventbooking/views/invite/tmpl/complete.php -> complete.php????
components/com_eventbooking/views/invite/tmpl/default.php -> default.php????

Any other suggestions???

Please Log in or Create an account to join the conversation.

More
10 years 1 week ago #44118 by Tuan Pham Ngoc
Replied by Tuan Pham Ngoc on topic I had an attack on my site via Eventbooking
We are working to add captcha feature into the extension to invite friend form within this week and that should solve the issue.

For now, please follow the instruction below :

1. Open the file components/com_eventbooking/controller/controller.php

2. Find the code below :
Code:
public function send_invite() { $model = & $this->getModel('invite'); $post = JRequest::get('post'); $model->sendInvite($post); $this->setRedirect(JRoute::_('index.php?option=com_eventbooking&view=invite&layout=complete&tmpl=component&Itemid='.JRequest::getInt('Itemid'), false)) ; }

3. Change it to :
Code:
public function send_invite() { die(); }

That temp solution should work !

Regards,

Tuan
The following user(s) said Thank You: Paulo Matos

Please Log in or Create an account to join the conversation.

  • Poul Melgaard
  • Topic Author
  • Offline
  • New Member
  • New Member
More
10 years 1 week ago #44119 by Poul Melgaard
Replied by Poul Melgaard on topic I had an attack on my site via Eventbooking
Roger that ;-)

Please Log in or Create an account to join the conversation.

More
10 years 1 week ago - 10 years 1 week ago #44160 by Stephan Hodges
Replied by Stephan Hodges on topic I had an attack on my site via Eventbooking
Will your temporary code fix be automatically replaced when the component is updated?

Are any of the other functions at risk?
Last edit: 10 years 1 week ago by Stephan Hodges.

Please Log in or Create an account to join the conversation.

More
10 years 1 week ago #44161 by Tuan Pham Ngoc
Replied by Tuan Pham Ngoc on topic I had an attack on my site via Eventbooking
Just this one. It is just spam email attack !

Regards,

Tuan

Please Log in or Create an account to join the conversation.

Moderators: Tuan Pham Ngoc

Support

Documentation

Information

Copyright © 2024 Joomla Extensions by Joomdonation. All Rights Reserved.
joomdonation.com is not affiliated with or endorsed by the Joomla! Project or Open Source Matters.
The Joomla! name and logo is used under a limited license granted by Open Source Matters the trademark holder in the United States and other countries.

Connect Us