Menu

Topic-icon Spam issues and possible hack

  • chevreriecb
  • chevreriecb's Avatar Topic Author
  • Offline
  • New Member
  • New Member
More
9 months 4 weeks ago - 9 months 4 weeks ago #8339 by chevreriecb
Spam issues and possible hack was created by chevreriecb
Dear Jose,for a few months I get some spam issues using the JSN Uniform extension for contact form.Using RE-CAPTCHA v2, INVISIBLE RECAPTCHA or SECURIMAGE don't change anything.Last week I got an EMail from my internet provider, telling me that my EMail account used for this extension has probably beeing hacked because it has been used for spam issues.This EMail account is ONLY used for the form answer and has a real complex password.Therefore I'm wondering if the module hasn't been hacked.Informations:PHP 7.4.11Joomla 3.9.23JSN Uniform 3.9.23I use SecurityCheck Pro to secure the site. I receive at twice a day a firewall issue to inform me that there are hacking trials. You'll find attached the log file from the firewall. You'll see there are issue about com_uniform module. Maybe this could help you.I keep all module up to date and block every IP address in firewall warnings but this don't change anything.I couldn't get any help from Joomlashine about the module, and don't know if there could be a solution to block these spam using Securitycheck.Thanks for your helpDenis
Last edit: 9 months 4 weeks ago by Jose. Reason: Remove attached file

Please Log in or Create an account to join the conversation.

More
9 months 4 weeks ago #8340 by Jose
Replied by Jose on topic Spam issues and possible hack
Hi Denis,

I have been checking the logs and there are many attempts trying to save data into JsnUniform. Did you check if they are new emails created?

The firewall has stopped many of those attempts using the "Second level filter" but I want to know if you noticed new entries in the extension.

Regards,
Jose

Please Log in or Create an account to join the conversation.

More
9 months 4 weeks ago #8341 by Jose
Replied by Jose on topic Spam issues and possible hack
Also did the file integrity report new/modified files? I suppose the cron is enabled and tasks are launched periodically.

Regards,
Jose

Please Log in or Create an account to join the conversation.

  • chevreriecb
  • chevreriecb's Avatar Topic Author
  • Offline
  • New Member
  • New Member
More
9 months 4 weeks ago #8342 by chevreriecb
Replied by chevreriecb on topic Spam issues and possible hack
Hi Jose,
it looks like if for each entry blocked by Securitycheck there is no mail received in JSN Uniform, so that's fine.
But I still receive some spam, neither blocked from Securitycheck nor from JSN Uniform with ReCaptcha activated.
You'll find hereafter the received spam Emails.

Regarding your last question, I got only once an alert from Securitycheck about a file modification, but it was a spam in which there was an attached file. No security issue found in this attachment. This was the first time I got this alert.
Cron is activated every 4 hours.

I changed also 2 parameters. Don't know if this was right ... (see screen copy).

Thanks a lot

Denis
Attachments:

Please Log in or Create an account to join the conversation.

More
9 months 4 weeks ago #8343 by Jose
Replied by Jose on topic Spam issues and possible hack
You're welcome Denis.

Delete com_uniform from xss exceptions and replace "input a" for "a". This will filter all the emails with a href tag into it (almost 99% in my case).

However, if you're receiving only emails you should have not been warned by your hoster... Anyway could also ask them to configure DKIM and SPF policies in your email accounts as a way to prevent someone send emails with your accounts out of your domain.

Regards,
Jose

Please Log in or Create an account to join the conversation.

  • chevreriecb
  • chevreriecb's Avatar Topic Author
  • Offline
  • New Member
  • New Member
More
9 months 4 weeks ago #8344 by chevreriecb
Replied by chevreriecb on topic Spam issues and possible hack
Hi Jose,
I tried to insert tag a in XSS exception, but as a result the site is unable to receive the contact form and sending a confirmation email.
Any idea how to solve this ?
Thanks

Please Log in or Create an account to join the conversation.

Time to create page: 0.083 seconds
Powered by Kunena Forum

Login or Sign In