- Forums
- Support and Presales
- CB Paid Subscriptions Support
- [SOLVED] Are there any known existing attacks against CBSubs?
[SOLVED] Are there any known existing attacks against CBSubs?
- MarkRS
- OFFLINE
-
Senior Member
- Posts: 62
- Thanks: 0
- Karma: 0
10 years 9 months ago - 10 years 9 months ago #231020
by MarkRS
[SOLVED] Are there any known existing attacks against CBSubs? was created by MarkRS
I have just had two (non-administrator) subscribers call to say they have received the administrator email telling them someone else has registered on the site.
They each (I think) received notifications of the two latest registrations, free accounts from bogus looking users ("bogus" because they strange addresses, ks.a.d.f.o.w.eu.o@gmail.com & s.zxa.i.j.k.o@gmail.com).
I have no indication of any break in, although I think my CBSubs (GPL) isn't working and hasn't for a few weeks, but this looks very strange.
What would be good to look for?
I've looked in the #__extensions table and there don't appear to be any strange entries.
CBSubs GPL 3.0.0, CB 1.9, Linux hosting.
horsemanshipmagazine.co.uk
They each (I think) received notifications of the two latest registrations, free accounts from bogus looking users ("bogus" because they strange addresses, ks.a.d.f.o.w.eu.o@gmail.com & s.zxa.i.j.k.o@gmail.com).
I have no indication of any break in, although I think my CBSubs (GPL) isn't working and hasn't for a few weeks, but this looks very strange.
What would be good to look for?
I've looked in the #__extensions table and there don't appear to be any strange entries.
CBSubs GPL 3.0.0, CB 1.9, Linux hosting.
horsemanshipmagazine.co.uk
Last edit: 10 years 9 months ago by krileon.
Please Log in to join the conversation.
krileon
Team Member- OFFLINE
- Posts: 68551
- Thanks: 9095
- Karma: 1434
10 years 9 months ago - 10 years 9 months ago #231023
by krileon
Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.
Replied by krileon on topic Are there any known existing attacks against CBSubs?
CBSubs has no known vulnerabilities and is checked regularly. What you're seeing is just typical spam registrations, which Captcha of some form can protect against. I suggest becoming a Professional subscriber and obtaining CB AntiSpam to help fight spam or at the very least Advanced subscriber for CB Captcha. Alternative is to search for free captcha solutions for CB if any.
If you don't actually have a free subscription then they registered then simply didn't pay and cancelled the basket. They however should be completely disabled (blocked) unless you didn't disable free registrations without a subscription within CBSubs > Settings > Globals.
If you don't actually have a free subscription then they registered then simply didn't pay and cancelled the basket. They however should be completely disabled (blocked) unless you didn't disable free registrations without a subscription within CBSubs > Settings > Globals.
Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.
Last edit: 10 years 9 months ago by krileon.
Please Log in to join the conversation.
- MarkRS
- OFFLINE
-
Senior Member
- Posts: 62
- Thanks: 0
- Karma: 0
10 years 9 months ago #231025
by MarkRS
Replied by MarkRS on topic Are there any known existing attacks against CBSubs?
Hi Krileon,
No, it's not just the spam registrations. Yes, I expect those. It's the fact that notices of those registrations went to two non-administrator subscribers.
Good to know there are no known vulnerabilities though.
I'll check further on who gets notified.
No, it's not just the spam registrations. Yes, I expect those. It's the fact that notices of those registrations went to two non-administrator subscribers.
Good to know there are no known vulnerabilities though.
I'll check further on who gets notified.
Please Log in to join the conversation.
- krileon
- Team Member
- OFFLINE
- Posts: 68551
- Thanks: 9095
- Karma: 1434
10 years 9 months ago #231028
by krileon
Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.
Replied by krileon on topic Are there any known existing attacks against CBSubs?
Edit those two users within CB > User Management and ensure they're not set to receive moderator emails. It could also be the spam user simply spamming them with fake emails if you have the email form enabled and they were able to login.
Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.
Please Log in to join the conversation.
- MarkRS
- OFFLINE
-
Senior Member
- Posts: 62
- Thanks: 0
- Karma: 0
10 years 9 months ago #231045
by MarkRS
Replied by MarkRS on topic Are there any known existing attacks against CBSubs?
Ah! That's the thing. I misunderstood what that field was for. Now fixed. Thank you.
In fact, there were about 70 non-admins set to receive admin mail. I wonder why it's not happened before? Very strange.
Thank you again.
In fact, there were about 70 non-admins set to receive admin mail. I wonder why it's not happened before? Very strange.
Thank you again.
Please Log in to join the conversation.
Moderators: beat, nant, krileon
- Forums
- Support and Presales
- CB Paid Subscriptions Support
- [SOLVED] Are there any known existing attacks against CBSubs?
Time to create page: 0.483 seconds
-
You are here:
- Home
- Forums
- Support and Presales
- CB Paid Subscriptions Support
- [SOLVED] Are there any known existing attacks against CBSubs?