Zeryk Posted August 9, 2021 Share Posted August 9, 2021 I'm getting spam emails via Contact Us page ( Webmaster / Customer service ) which I have deleted long time ago , so the URL doesn't exist at all. Before that , when using it , I had a captcha module implemented there. How come somebody can send the email trough the page which physically doesn't exist? Do they have some direct access to my DB in shop? How do I find that spam? Shouldn't that be flagged as the Security Issue ? Thanks. Link to comment Share on other sites More sharing options...
Shabab Posted August 9, 2021 Share Posted August 9, 2021 1 hour ago, Zeryk said: I'm getting spam emails via Contact Us page ( Webmaster / Customer service ) which I have deleted long time ago , so the URL doesn't exist at all. Before that , when using it , I had a captcha module implemented there. How come somebody can send the email trough the page which physically doesn't exist? Do they have some direct access to my DB in shop? How do I find that spam? Shouldn't that be flagged as the Security Issue ? Thanks. Hi, Can you please check the patterns of spam mails? Link to comment Share on other sites More sharing options...
SmartDataSoft Posted August 10, 2021 Share Posted August 10, 2021 Hello, @Zeryk Normally when you remove the page from your site listing but the controller already exits as it is open source software hacker or spammer know which url they need to post. I think they hit the contact controller and then post it. If possible you can share your site url in PM we will give a try with url from our localhost. Thank you Link to comment Share on other sites More sharing options...
Zeryk Posted August 16, 2021 Author Share Posted August 16, 2021 On 8/9/2021 at 1:14 PM, Shabab said: Hi, Can you please check the patterns of spam mails? I've deleted them but they all come from Russia I guess. I've seen that topic already some other place. I've sorted the problem. Thanks. Link to comment Share on other sites More sharing options...
Zeryk Posted August 16, 2021 Author Share Posted August 16, 2021 On 8/10/2021 at 12:20 PM, SmartDataSoft said: Hello, @Zeryk Normally when you remove the page from your site listing but the controller already exits as it is open source software hacker or spammer know which url they need to post. I think they hit the contact controller and then post it. If possible you can share your site url in PM we will give a try with url from our localhost. Thank you Yep, I've realized that after posting the question , so I deleted the controller as well. Thanks Link to comment Share on other sites More sharing options...
endriu107 Posted August 16, 2021 Share Posted August 16, 2021 There is easy fix for ContactController just check if $message contains word as 'www' or 'http' by strpos() function, if does just return without action. Link to comment Share on other sites More sharing options...
Zeryk Posted August 20, 2021 Author Share Posted August 20, 2021 On 8/16/2021 at 7:35 PM, endriu107 said: There is easy fix for ContactController just check if $message contains word as 'www' or 'http' by strpos() function, if does just return without action. Yep, removing controller altogether wasn't smart move. Messing up with other stuff in BO ;-( So I put it back. There is no 'www' in the script at all anywhere. there is only 1 http , but it's in $cm->user agent = $_SERVER ( 'HTTP_USER_AGENT'); so probably not the case. but thanks for trying to help Link to comment Share on other sites More sharing options...
Zeryk Posted August 20, 2021 Author Share Posted August 20, 2021 I don't want to use the customer service page , so neither the internal messenger of PS. Yet, I can not completely delete the controller because SEO & URL page ( url there ) can not be edited after ( getting blank page ). So I guess I need to edit the ContactCotroller.php Anybody can advise which lines in this script ( file ) I should exclude to avoid any messaging? Thank you! Link to comment Share on other sites More sharing options...
endriu107 Posted August 20, 2021 Share Posted August 20, 2021 In function postProcess() below $message = Tools::getValue('message'); add: if (strpos($message, 'www') !== false) { return; } if (strpos($message, 'http') !== false) { return; } Link to comment Share on other sites More sharing options...
Zeryk Posted August 20, 2021 Author Share Posted August 20, 2021 14 minutes ago, endriu107 said: In function postProcess() below $message = Tools::getValue('message'); add: if (strpos($message, 'www') !== false) { return; } if (strpos($message, 'http') !== false) { return; } thanks! I've applied that one. Will see within next couple of days if it works. Thanks again! Link to comment Share on other sites More sharing options...
endriu107 Posted August 20, 2021 Share Posted August 20, 2021 Now any message with words www or http will be blocked. Link to comment Share on other sites More sharing options...
Zeryk Posted October 15, 2021 Author Share Posted October 15, 2021 On 8/20/2021 at 12:23 PM, endriu107 said: Now any message with words www or http will be blocked. just a question , if I may. How do I stop any emails coming via customer service ( ContactCotroller.php ) ? Because I'm starting to receive spams again, this time without www or http , but just plain text with some various marketing offerings which I'm not interested. I don't use the customer service concept for emailing , so I don't need it at all. Means I don't mind to delete some file , module what needs to be done for that. Just if I delete ContactCotroller.php , some important functions don't work in back office, so might need to delete only some lines? Thanks a lot! Link to comment Share on other sites More sharing options...
endriu107 Posted October 15, 2021 Share Posted October 15, 2021 At the very begining of postProcess() function you can just add return; Link to comment Share on other sites More sharing options...
Zeryk Posted October 15, 2021 Author Share Posted October 15, 2021 11 hours ago, endriu107 said: At the very begining of postProcess() function you can just add return; Thank You! Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now