Send to a friend - suspicious behaviour

[purplywurply]

Hi

My send a friend module works fine when I test it.

However I keep getting messages every day like this one:

This is the Postfix program at host deferred-out-118.livemail.co.uk.

I'm sorry to have to inform you that the message returned
below could not be delivered to one or more destinations.

For further assistance, please send mail to

If you do so, please include this problem report. You can
delete your own text from the message returned below.

The Postfix program

: connect to text2re.com[216.239.32.21]: Connection
timed out

When I check out the email addresses these are being sent to, they are non existent. The message sent is the normal send to a friend message.

Every single message is being sent to *@text2re.com

I can't find anything online about text2re.com

Can anyone suggest a way of stopping this person sending emails from my site? All I can think of is uninstalling the module for a while.

[ukbaz]

I have exactly the same thing and the same address! Anyone know what the hell is happening here?

[purplywurply]

I have now tried uninstalling the 'Send to a friend' module.

The problem still persists.

Can anyone help? I am concerned that this could be a security problem which could affect other prestashop stores.

[babyewok]

My client has EXACTLY the same problem - same text2re.com. The script must be being hijacked or something - it's definitely dodgey!

[purplywurply]

Despite removing my sent to a friend module I still get a few of these each day. This is a security threat to my shop, and I'd like to know how to prevent this happening. Do I contact my host?

[babyewok]

Oh, that's annoying. I just disabled the module hoping that would cure it. Maybe I'll go one step further and actually delete the module - it seems the email script is being used, but not from the send to a friend page - I notice in the emails I get, the link ot the product is just -0.html, which clearly doesn't exist!

[ukbaz]

Wouldn't it be nice if someone from the development team actually replied to what is possibly a security threat, and seems to be bothering quite a few people.

[babyewok]

I second that!

[purplywurply]

I thirds it!!!

[purplywurply]

I am now getting further identical emails from *@example.com

How do I safely remove the script from Prestastore to stop this happening?

[babyewok]

Well since, it's only the send to a friend module that is affected, I completely removed the 'sendtoafriend' folder from the module directory. My client hasn't reported anything since, so I assume it did the trick.

[purplywurply]

Thanks

What a shame that we have needed to remove this useful feature to get around this problem. I wonder if a similar script could be added that is more secure against 'bots.'

[tomerg3]

Thanks

What a shame that we have needed to remove this useful feature to get around this problem. I wonder if a similar script could be added that is more secure against 'bots.'

Ask, and you shall receive

http://www.prestashop.com/forums/viewthread/41926/modules___development/module_send_to_a_friend__with_a_security_key_to_prevent_automatic_submissions

[bamboozled]

I have installed the helpful module addition suggested and it seemed to work for a couple of days.
Now the same emails have returned, so I too am going to remove the entire module -
if I can work out how to do it?! - any help please - I cannot see it in the modules list of the back end.

anyway, I have now deleted the 'send a friend' folder on the remote server, so will see if that does the trick.