Spam through admin/mail.php/login.php?action=send_email_to_user

[jferezy]

Hello,

I just had a spammer get into http://www.domain.com/admin/mail.php..._email_to_user and send out spam about Viagra to all the customers. Anyone else have this issue? Is there a way to fix this? I think it is a major issue that all of everyone's customer list is out there. I think this needs to be addressed. I just went to a few oscmax sites and viewed their customer list via this link. I removed my mail.php link for now.

Any help would be greatly appreciated...

Jason

[michael_s]

You need to upgrade your site. This is a known vulnerability that has been patched in the current version of osCMax:
r169 - oscmax2 - Project Hosting on Google Code

You can manually modify your application_top.php file with the changes shown on that page and it will close your vulnerability. It sounds like you are not subscribed to the security announcements list. I advise you subscribe now:
osCMax opt in

Also be sure to see this security announcement released yesterday:
Security Notice : osCMax 2.0.4 Released

[Fishman1908]

Hi, first post so please be gentle.

I came across this forum due to looking for help as we have also just experienced a huge spam email campaign through our customer base.

I have read quite a lot of the comments through this forum on the subjects but 99% of the advice is totally over my head, sorry.

I can see at the top of my OS pages it says V2.2 RC2 so I think I have quite an new updated package which I would have thought was already secure against known problems like this.

I have also had some one let me know privately that we are not secure by sending me a list of the first alphabetical page of all customers registered!

I have been on the link to the Wiki Doc but again, only a small amount makes sense to me

I have turned off the "tell a friend" which was easy but I cannot find an actual folder called Admin?

I could go on but this is long enough already but I'm sure you get the gist.

Please help and guide me if you can.


Robin

[Fishman1908]

Further to my last post I have found a load of folders and one named "admin" in my file manager but when I click on it, it doesn't give me any options to rename it, delete or anything?

All the files were in gobblygook so I pressed the reset button and their now all in english

I'm learning by default here but a little scared I'll bugger something up and remove something I shouldn't.


Robin

[michael_s]

Quote:

Originally Posted by Fishman1908

I can see at the top of my OS pages it says V2.2 RC2 so I think I have quite an new updated package which I would have thought was already secure against known problems like this.

Your version is extremely old and outdated. RC2 is years old and obsolete (Released in 2005. The RC2 means Release Candidate 2.

You have a lot of problems because your site is not patched against known security holes. The quickest way to secure your admin is to institute a second layer of password protection. Most hosting control panels have a simple feature to password protect folders. Use it to protect your admin folder, as right now you are wide open to anyone browsing through your database.

Most likely your site has been hacked too. You should examine the files of your site closely. Look at the very top of each file, if you see a long line of random letters and numbers, that is bad news. Each of your files will need to be cleaned, or you will need to restore from a clean backup.

[Fishman1908]

Thanks Michael,

I have only had the site up for a couple of months and the person who set it up for me (a so-called computer advisor) should have known how old it was and its weaknesses I would have thought.

Although it would be a total pain in the backside, would I not be better served getting the latest updated site and delete this one completely if its so old and obsolete and start a fresh.

Robin

[Fishman1908]

Also, although I don't want to but feel I must now with what I know, close the site down.

Unlike other sites I've had, I can't find anywhere how to take it offline so it shows as under maintenance etc.

please advise.


Robin

[michael_s]

PM me a the url to your site. I am thinking you are not running osCMax... I would like to confirm the version you are running. You may not be able to send a PM until you have 5 posts though so you can email it to me via the site's contact_us page (the link is at the very bottom of this forum.)

[Fishman1908]

Thanks Michael for your attention to this.

This reply is now my 5th post

I have had someone place the whole site off-line currently but I will pm you now.


Robin

[Fishman1908]

I have sent a PM although this site has not recorded it or shown me a copy of it

Let me know that you get it ok.

Robn