Menu

Topic-icon Emails Sending Randomly to Users

  • BGould
  • BGould's Avatar Topic Author
  • Offline
  • Fresh Boarder
  • Fresh Boarder
More
2 years 3 months ago #5601 by BGould
Emails Sending Randomly to Users was created by BGould
I recently reported an issue with the Track Actions Plugin, now another issue.

Since 3 days ago another issue, random users have been emailed from the plugin with the Subject: Latest User Actions

and the email body

PLG_SYSTEM_USERLOGS_EMAIL_SUBJECT
PLG_SYSTEM_USERLOGS_EMAIL_DESC
COM_USERLOGS_MESSAGE

COM_USERLOGS_DATE

COM_USERLOGS_EXTENSION

COM_USERLOGS_USER

COM_USERLOGS_IP_ADDRESS

They are receiving emails every 20 minutes, if I disable plugin the whole site crashes.

Please Help!

Please Log in or Create an account to join the conversation.

More
2 years 3 months ago #5602 by Jose
Replied by Jose on topic Emails Sending Randomly to Users
Hi BGould,

I have just published a new version of Track Actions disabling the option to send emails. Please, update it and tell me if it works.

Regards,
Jose

Please Log in or Create an account to join the conversation.

  • BGould
  • BGould's Avatar Topic Author
  • Offline
  • Fresh Boarder
  • Fresh Boarder
More
2 years 3 months ago #5643 by BGould
Replied by BGould on topic Emails Sending Randomly to Users
Hi Jose,

I updated plugin and the emails then stopped sending to users so thank you for fixing.

4 user email addresses were included in the To address for notifications and I have no idea why these specific users were mailed as there seems to be no pattern. The email had the plugin tags included and unfortunately included a separate users name and IP address with the email sent.

Unfortunately I had not realised how many emails were being automatically sent by plugin and it seems as though these users had received hundreds of emails.

This incident has triggered a data protection review with a client and I now need to explain why this happened. Can you please assist me in determining the cause, I understand it may be coding bug but I need to know why these specific users were issued email. The plugin had been installed for 3 weeks.

I had experienced an earlier problem with mail function code which was causing an major error to site which I reported on 16th March 2018 via forum and you confirmed bug updated trackactions plugin to version 1.0.2. I installed the plugin update via joomla admin and it fixed the issue whereby the plugin was causing the site to crash.

From the 16th March and presumably when plugin was updated and mail function was fixed, these 4 users started receiving repeated emails with the following body below and another users name and IP address with data edited for which I really need to determine why these users were mailed, and how is was fixed.

Sent: 26 March 2018 13:19
To: This email address is being protected from spambots. You need JavaScript enabled to view it.; This email address is being protected from spambots. You need JavaScript enabled to view it.; This email address is being protected from spambots. You need JavaScript enabled to view it.; This email address is being protected from spambots. You need JavaScript enabled to view it.
Subject: Latest User Actions

PLG_SYSTEM_USERLOGS_EMAIL_SUBJECT
PLG_SYSTEM_USERLOGS_EMAIL_DESC
COM_USERLOGS_MESSAGE

COM_USERLOGS_DATE

COM_USERLOGS_EXTENSION

COM_USERLOGS_USER

COM_USERLOGS_IP_ADDRESS

User “Another Users Name“ data edited

2018-03-26 13:19:13

xxx.xxx.xxx.xxx< xxx.xxx.xxx.xxx >

Many Thanks

Please Log in or Create an account to join the conversation.

More
2 years 3 months ago #5644 by Jose
Replied by Jose on topic Emails Sending Randomly to Users
Hi BGould,

This incident has triggered a data protection review with a client and I now need to explain why this happened. Can you please assist me in determining the cause, I understand it may be coding bug but I need to know why these specific users were issued email. The plugin had been installed for 3 weeks.

I really apologize about this. Privacy is one of the most important things for me, so I'm really disgusting about this incident. Of course I will you assist on everything on my hand.

There was a bug in the Track Actions plugin causing this issue; users to be notified where selected using this query:
$query->select('a.email, a.params')
			->from($this->db->quoteName('#__users', 'a'))
			->where($this->db->quoteName('params') . ' LIKE ' . $this->db->quote('%"logs_notification_option":"1"%'));

So, in theory, nobody should have been notified because I don't add a "logs_notification_option" in users account. The explanation for this could be that other plugin added something like this and this is why users where notified in this site and not in other sites.

After receiving your report I fixed the bug disabling the email function, so nobody will be notified anymore.

Regards,
Jose

Please Log in or Create an account to join the conversation.

  • BGould
  • BGould's Avatar Topic Author
  • Offline
  • Fresh Boarder
  • Fresh Boarder
More
2 years 3 months ago #5645 by BGould
Replied by BGould on topic Emails Sending Randomly to Users
Hi Jose,

Thanks for coming back so quickly really appreciate. I understand these things happen so thank you also for your concern regarding security and privacy.

The code snippet you sent really helped me to narrow down issue and I can see that these users had the log notification = 1

I am going to try and work out why these 5 users had this option selected but understand this will not be related to plugin and you have also fixed the issue with plugin regarding notifcations.

Securitycheck Pro is excellent component and has greatly helped securing site after some other security issues we had experienced. Please let me offer my gratitude in what you have developed and also thanks again for responding so quickly!

Kind Regards
The following user(s) said Thank You: chrishall57

Please Log in or Create an account to join the conversation.

More
2 years 3 months ago #5646 by Jose
Replied by Jose on topic Emails Sending Randomly to Users
You're welcome BGould.

I'm glad to hear you like my extensions; that's why I workd hard every day.

Regards,
Jose

Please Log in or Create an account to join the conversation.

Time to create page: 0.101 seconds
Powered by Kunena Forum

Login or Sign In