SPAM undeliverable email

2 months 4 weeks ago #324036 by michaedt
SPAM undeliverable email was created by michaedt
I've recently been getting a lot of mail returned from hackers attempting to send email through my Joomla site.

I get returned email like the following:
Your message wasn't delivered to hehimself@gerhardwilhelms.de because the address couldn't be found, or is unable to receive mail.

Based on the email address, this person (or bot) never actually created an account (there is no such email anywhere in the system). But they seem to be using the login page (or somewhere else?) to send emails, no doubt fishing for a vulnerability.

RSFirewall shows lots of blocked hits on my login page.
Any advice on where to look for the problem?

Please Log in to join the conversation.

2 months 4 weeks ago #324038 by krileon
Replied by krileon on topic SPAM undeliverable email
Emails don't send for simply attempting to login unless you've setup something to do that.

My best guess is they're trying to abuse the forgot login page. You can use CB AntiSpam to output captcha on the forgot login page, which should help some. You can enable this within CB AntiSpam > Parameters > Captcha > Legacy.

CB AntiSpam can also be used to block login abuse. Within CB AntiSpam > Parameters > Login > Auto Block you can configure it to automatically block someone who has failed too many login attempts. For example the following would block their ip address for 1 hour if they fail to login 5 times.

Attempts Limit: 5
Block Method: Block IP Address
Block Duration: +1 HOUR


Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.

Please Log in to join the conversation.

2 months 4 weeks ago - 2 months 4 weeks ago #324041 by michaedt
Replied by michaedt on topic SPAM undeliverable email
Thank you for your response. Yes, I've used the CB AntiSpam captcha since its inception, but there's been a sudden surge. So I just wanted to make sure that I'm not missing some new twist. Its almost as if they've figured out some API URL to exploit the login page and bypass the Captcha, but that doesn't seem possible. I'm stumped.

Blocking IPs can sometimes be overkill, particularly if the hacker is spoofing their IP address. It would be nice to implement a temporary block as a middle way.

Please Log in to join the conversation.

2 months 4 weeks ago #324042 by michaedt
Replied by michaedt on topic SPAM undeliverable email
Following up on my last reply, it appears there are already temporary blocks built into the Anti-Spam plugin (not sure how I missed that). I'll give it a go.

Please Log in to join the conversation.

2 months 4 weeks ago #324045 by krileon
Replied by krileon on topic SPAM undeliverable email
I don't see why logging in would send an email to begin with though. Are you able to find out what email is attempting to be sent? Sometimes the bounced email includes the original email attempting to be sent. That original email might give a clue as to what is actually sending the email.


Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.

Please Log in to join the conversation.

2 months 4 weeks ago #324049 by michaedt
Replied by michaedt on topic SPAM undeliverable email
I viewed the email and its coming from SMTP on our site, and its SPAM for sure (sex vids, etc.). It's possible that they are mass emailing batches of people in our name.
Just can't tell what its using to send the email. It might not be CB. I'll examine other plugins to see if I can find a culprit.

Please Log in to join the conversation.

Moderators: beatnantkrileon
Time to create page: 0.422 seconds

Facebook Twitter LinkedIn