Inviting Friend was hacked, No Captcha showed.

  • Somkiat Foongkiat
  • Topic Author
  • Offline
  • Junior Member
  • Junior Member
More
5 years 2 months ago #121076 by Somkiat Foongkiat
Inviting Friend was hacked, No Captcha showed. was created by Somkiat Foongkiat
Hi,

Recently there are many mail delivery system error reported from inviting friend module. It should be some hackers use inviting module from their own purposes.

After I enable captcha protection, a verification code label showed as in attachment. No input box or code display. What should I do?

So I have to disable inviting friend instead.

Please recommend,

Somkiat

======================================================

Below are mail errors returned back to my mail box. Should be from hackers.


This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed:

fatuvtl999789@gmail.com
host gmail-smtp-in.l.google.com [74.125.24.27]
SMTP error from remote mail server after RCPT TO:<fatuvtl999789@gmail.com>:
550-5.1.1 The email account that you tried to reach does not exist. Please try
550-5.1.1 double-checking the recipient's email address for typos or
550-5.1.1 unnecessary spaces. Learn more at
550 5.1.1 support.google.com/mail/?p=NoSuchUser j191si40847862pgc.15 - gsmtp

===============================

This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed:

gnidbob895575@tomcom
The mail server could not deliver mail to gnidbob895575@tomcom. The account or domain may not exist, they may be blacklisted, or missing the proper dns entries.

===============================

This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed:

xtsrr@163.com
host 163mx03.mxmail.netease.com [220.181.14.160]
SMTP error from remote mail server after RCPT TO:<xtsrr@163.com>:
550 User not found: xtsrr@163.com
Attachments:

Please Log in or Create an account to join the conversation.

More
5 years 2 months ago #121078 by Tuan Pham Ngoc
Replied by Tuan Pham Ngoc on topic Inviting Friend was hacked, No Captcha showed.
Mean you haven't configured recaptcha properly on your site. Please follow instructions at docs.joomla.org/J3.x:Google_ReCaptcha to configure recaptcha on your site and it will be OK on invite friend page

Alternative, you can go to Events Booking -> Configuration, set Show invite friend button config option to No to prevent spammers from using the feature to send emails

Tuan
The following user(s) said Thank You: Somkiat Foongkiat

Please Log in or Create an account to join the conversation.

  • Somkiat Foongkiat
  • Topic Author
  • Offline
  • Junior Member
  • Junior Member
More
5 years 2 months ago #121111 by Somkiat Foongkiat
Replied by Somkiat Foongkiat on topic Inviting Friend was hacked, No Captcha showed.
I have set No at invite friend button already however spammers can access this link to send mail:

abcd.com/training/public/system-test/inv...riend?tmpl=component

How to block or delete this link to stop spammer?

Somkiat

Please Log in or Create an account to join the conversation.

More
5 years 2 months ago #121113 by Tuan Pham Ngoc
Replied by Tuan Pham Ngoc on topic Inviting Friend was hacked, No Captcha showed.
The link could be accessed but no email will be sent

You can try to send invite and you will see that the system throws 403 error

Regards,

Tuan

Please Log in or Create an account to join the conversation.

  • Somkiat Foongkiat
  • Topic Author
  • Offline
  • Junior Member
  • Junior Member
More
5 years 2 months ago #121115 by Somkiat Foongkiat
Replied by Somkiat Foongkiat on topic Inviting Friend was hacked, No Captcha showed.
Thank you Tuan,

Although no email will be sent but it will cause error reports back to my mail box. It causes my website to slow down with thousands reports.

In order to stop this access, I have renamed invite folder in /com-eventbooking/theme and /view. Will it cause any effects to other system?

Somkiat

Please Log in or Create an account to join the conversation.

More
5 years 2 months ago #121117 by Tuan Pham Ngoc
Replied by Tuan Pham Ngoc on topic Inviting Friend was hacked, No Captcha showed.
No, that's not the right way. Please rename the folder back to how it was

The better way would be throws 403 error. Please get this file, unzip it, upload to folder components/com_eventbooking/view/invite and it should work as expected

Tuan
Attachments:

Please Log in or Create an account to join the conversation.

  • Somkiat Foongkiat
  • Topic Author
  • Offline
  • Junior Member
  • Junior Member
More
5 years 2 months ago #121119 by Somkiat Foongkiat
Replied by Somkiat Foongkiat on topic Inviting Friend was hacked, No Captcha showed.
Thank you so much Tuan.

403 now shows instead of 0 Error.

It should stop spammer which cause thousands mail error back. Spammers are from China. They use multiple IP address to use my server in each minute.

Regards,

Somkiat
Attachments:

Please Log in or Create an account to join the conversation.

  • Somkiat Foongkiat
  • Topic Author
  • Offline
  • Junior Member
  • Junior Member
More
5 years 2 months ago #121120 by Somkiat Foongkiat
Replied by Somkiat Foongkiat on topic Inviting Friend was hacked, No Captcha showed.
These are spammer IPs that hack to my server within a minute right now.

Your new file works. No more error reports return to my mailbox.

Thank you very much for your late night helps and have a good night,

Somkiat
Attachments:

Please Log in or Create an account to join the conversation.

More
5 years 2 months ago #121144 by Tuan Pham Ngoc
Replied by Tuan Pham Ngoc on topic Inviting Friend was hacked, No Captcha showed.
Great. Happy to hear that. I also added this change to core package, so you can still update to future releases of the extension if you want

Also, you can consider using a security plugin like Admin Tools to block users from certain IPs if you want.

Regards,

Tuan
The following user(s) said Thank You: Somkiat Foongkiat

Please Log in or Create an account to join the conversation.

Moderators: Tuan Pham Ngoc