someone is using a script on my shop to send out spam!! Urgent help needed

[splitybus]

My hosting company has suspended my account as someone is using a script on my shop to send out spam. Thery have said that they suspect my mailing script is not secure.
What files should i look at and what should i do to make them more secure.
Please help.

[tomerg3]

Without any more information I doubt anyone can help you.

The only way I cant think of that will let someone do that is using the "send to a friend" module, but as I said, there is no way of knowing without more information from your host.

There's a free version of that module with a captcha on my site.

[splitybus]

I am learning all the time with prestashop. is it possible to put a captcha on the contact us.php?

how would i do this?

[sk8hack]

Here is what i did using reCaptcha
Download recaptcha lib here http://code.google.com/p/recaptcha/downloads/list?q=label:phplib-Latest
unzip it in /js, so the lib is located like '/js/recaptcha-php-1.10/recaptchalib.php'.

open /contact-form.php
Look for

include(dirname(__FILE__).'/header.php');

change it to

include(dirname(__FILE__).'/header.php');
require_once(dirname(__FILE__).'/js/recaptcha-php-1.10/recaptchalib.php');
//you camn get your keys for free here https://admin.recaptcha.net/recaptcha/createsite/
$publickey = YOUR PUBLIC KEY;
$privatekey = YOUR PRIVATE KEY;

//recaptcha style
$captcha_style="< script>
var RecaptchaOptions = {
  theme : 'white',
  lang: 'es'
};
< /script>";

//get html
$recaptcha="" . recaptcha_get_html($publickey);
$smarty->assign('recaptcha', $recaptcha);

Look for

if (Tools::isSubmit('submitMessage'))
{

Change it to

if (Tools::isSubmit('submitMessage'))
{
    $res = recaptcha_check_answer ($privatekey,
                               $_SERVER["REMOTE_ADDR"],
                               Tools::getValue('recaptcha_challenge_field'),
                               Tools::getValue('recaptcha_response_field'));

Look for

if (!($from = Tools::getValue('from')) OR !Validate::isEmail($from))
    $errors[] = Tools::displayError('invalid e-mail address');

Change it to

    if (!($from = Tools::getValue('from')) OR !Validate::isEmail($from))
    $errors[] = Tools::displayError('invalid e-mail address');
   elseif (!($res->is_valid))
   $errors[] = Tools::displayError('incorrect validation code'); 

Now open /themes/YOURTHEME/contact-form.tpl
Look for

Add before

        

{l s='Verification code'}
       {$recaptcha}

That's it

[splitybus]

thankyou for the great reply i have now added captcha

Many thanks

[jhnstcks]

You could try http://www.freeprestashopmodules.com/2010/02/23/contact-form-with-captcha/

[andrewb84uk]

sk8hack, after doing what you said I get a parse error as follows;
Parse error: syntax error, unexpected T_STRING in /home/xxx/public_html/xxx/shop/contact-form.php on line 9

Can you help or anyone help please.

EDIT: SOLUTION IS:

$publickey = YOUR PUBLIC KEY;
$privatekey = YOUR PRIVATE KEY;

change to;

$publickey = "YOUR PUBLIC KEY";
$privatekey = "YOUR PRIVATE KEY";

[sk8hack]

of course, you are supposed to change YOUR PUBLIC KEY to whathever your public key is
you can get your keys for free here https://admin.recaptcha.net/recaptcha/createsite/
for example $publickey = "6LdlQQwAAAAAACKKcUVX2E07Q9JfQi_TfsBJzB8n";
the same for $privatekey

[andrewb84uk]

of course, you are supposed to change YOUR PUBLIC KEY to whathever your public key is
you can get your keys for free here https://admin.recaptcha.net/recaptcha/createsite/
for example $publickey = "6LdlQQwAAAAAACKKcUVX2E07Q9JfQi_TfsBJzB8n";
the same for $privatekey

I know this! You forgot to add the " " between the key itself! I'm no coding [spam-filter] but if you RE-READ my post I was getting parse errors!

[Sanis]

//recaptcha style
$captcha_style="[removed]
var RecaptchaOptions = {
  theme : 'white',
  lang: 'es'
};
[removed]";

I cant seen to change the default recaptcha theme, as if the above settings dont aply.
Any ideas?

[MrBaseball34]

//recaptcha style
$captcha_style="[removed]
var RecaptchaOptions = {
  theme : 'white',
  lang: 'es'
};
[removed]";

I cant seen to change the default recaptcha theme, as if the above settings dont aply.
Any ideas?

Yes, it is a shame that this board takes out any javascript code., even when it is in a code block

[sk8hack]

I'm sorry i didn't realize the forum changed the sintax.
Instead of [removed] you should put < script> and < /script>.
I edited my previous post, however there is a space between < and s, so you should remove that space.

[Sanis]

Of course i used 'script' tags instead of 'removed'. You can test it yourself, it just doesn't work in php.
I eventually added it in contact-form.tpl

< script type="text/javascript">
{literal}
var RecaptchaOptions = {
   theme : 'white',
   lang: 'en'
};
{/literal}
< /script >

Theme works, but recaptcha is not w3c compliant.

[Sanis]

Any thoughts on how to make recaptcha w3c compliant?
Placing {$recaptcha} in tpl file as described in this thread puts script and noscript tags in the wrong place, hence the w3c errors.

I think it need to be done with ajax api, but no idea how to implement it.

[Sanis]

Anyone?
I really need my site green again.