Jump to content
USB83

Spam sent from my website using Send to a friend feature

Recommended Posts

Hello everyone,

 

These last two days, thousands of emails were sent from my store using the Send to a friend functionnality.

What's weird is that even after disabling then completely deactivating the module, emails continue to be sent

 

I received more than 3000 emails in my mailbox's spam folder saying that the sending failed.

Here's what it looks like : 

 

--------------------------------------------------------

This is the mail system at host smtp1.******.net.

I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It'
s attached below.

For further assistance, please send mail to postmaster.

If you do so, please include this problem report. You can
delete your own text from the attached returned message.

The mail system

<854060936@qq.com>: host mx3.qq.com[184.105.206.82] said: 550 Mail content denied.
http://service.mail.qq.com/cgi-bin/help?subtype=1&&id=20022&&no=1000726 (in reply to end of DATA command)

Final-Recipient: rfc822; 854060936@qq.com
Original-Recipient: rfc822;854060936@qq.com
Action: failed
Status: 5.0.0
Remote-MTA: dns; mx3.qq.com
Diagnostic-Code: smtp; 550 Mail content denied.
http://service.mail.qq.com/cgi-bin/help?subtype=1&&id=20022&&no=1000726

---------- Forwarded message ----------
From: My Store's name <contact@myurl.com>
To: <854060936@qq.com>
Cc:
Date: Sat, 07 May 2016 22:54:55 +0100
Subject: [My Store's name] A friend sent you a link to Product's name

HI 125643许多年前你曾是朴素的少年,XBET全球最大的老虎机运营商免费注册首存送888元,安全稳定支持[spam-filter]扫码最低充值10元起 WWW.XBET008.COM WKBGMJMIVF,


A FRIEND HAS SENT YOU A LINK TO A PRODUCT THAT (S)HE THINKS MAY INTEREST YOU.

Click here to view this item: Product's name

--------------------------------------------------------

 

The sending stops when I put the store in maintenance mode and then it starts again as soon as it is live again.

 

The emails always 'recommend' the same product.

 

If anyone has the slightest clue about what causes this or how to fix it, it'll be a great help

 

The store is running 1.6.1.1 with prestashop stock modules 

 

Thanks

 

Edited by USB83

Share this post


Link to post
Share on other sites

Hello MacRoy,

 

Thanks for the recommendation, i'll give it a try.

 

Apart from this solution, i'd like to understand where the problem comes from.

Since the Send to friend functionality is no longer available (i disabled then uninstalled the module completely) those messages shouldn't be sent anymore and that's what i don't understand  :wacko:

 

Cheers

Share this post


Link to post
Share on other sites

I am also having this issue, send to a friend module is disabled, but these emails are still coming in.

 

I am using prestashop 1.6.0.14, someone must have a solution as to how the emails can still be sent when the module is disable?

Share this post


Link to post
Share on other sites

I found this on another thread and seems to have done the trick to stop them coming in for now, just need a solution to re-enable the module at some point:

 

-----

 

The solution to this is to delete the send to a friend module entirely, you CANNOT just disable it.

go to your back end in the modules section;
search for send to a friend;
from the drop down choose delete.

The emails will stop immediately

Share this post


Link to post
Share on other sites

Hi

 

I faced this issue recently, and the problem did not go away even after  i deleted the module from the back office. I had to ftp into the folder and manually delete the module to solve this issue.

Share this post


Link to post
Share on other sites

Hi

 

I faced this issue recently, and the problem did not go away even after  i deleted the module from the back office. I had to ftp into the folder and manually delete the module to solve this issue.

I tried this method first and it did not stop the emails. even with the folder deleted the spam continued. It was not until I also removed it from the admin section also that the emails stopped sending.

Share this post


Link to post
Share on other sites

Intesting. I'm going to be watching this topic.

 

I've also heard a lot of spam complaints recently and when looking at the PrestaShop's it looks like it is possible to send a simple email with just a simple GET request to a URL which I'm not going to disclose for now as it looks like spammers have discovered this trick as well.

 

PrestaShop should check the cookie and the browser before sending an email. Only being able to use the feature with JavaScript also keeps the bots away :)

Share this post


Link to post
Share on other sites

I encountered the problem too on several websites.

 

In order to avoid spammers to do ajax requests you have to either *remove* (or rename)

sendtoafriend module from your server (uninstalling is not enough because requests are triggered by calling

directly the sendtoafriend_ajax.php file with POST requests)

or apply the Eolia patch.

Share this post


Link to post
Share on other sites

I uninstalled the module from the backend and deleted it. I could no longer find the module directories in the backend via ftp. is there somewhere else I need to look? Spams are still coming.

Share this post


Link to post
Share on other sites

I have the same problem. Too many spam email, I have to keep my website in maintenance. As soon as the website go out of maintenance, Spams are coming again.

Share this post


Link to post
Share on other sites

I had the same problem, same mails 454808@qq.com

I found in the logs that it comes from China, so I blocked all chinese IP addresses.  As the webshop I run only focuses on european customers it is not a problem for us.

However, the solution above looks promising.  (from Eolia)
Or in /sendtoafriend_ajax.php replace
if (!$friendName || !$friendMail || !$id_product)

set

if (!$friendName || !$friendMail || !$id_product || !$module->context->cookie->customer_firstname)

 
I will try this too.

Share this post


Link to post
Share on other sites

Have the same problem - spamming send to a friend from qq.com mail domain.

I've applied the Eolia method.

Will see will it take any effect...

Share this post


Link to post
Share on other sites

Have the same problem - spamming send to a friend from qq.com mail domain.

I've applied the Eolia method.

Will see will it take any effect...

if the spam is active delete this module now, it's too late...

Share this post


Link to post
Share on other sites

if the spam is active delete this module now, it's too late...

I'd like to test the solution first )

May be this solution will work. Who knows...

Anyway, I have some usage of this module and wouldn't like to remove it.

Share this post


Link to post
Share on other sites

Hi guys,

 

Having the same problem but with the contact form. It keeps sending mails. I'm getting pretty crazy of it because I have to check all emails to search for real messages from my customers. I disabled the contact form and deleted the entire module from the backoffice.  However it keeps sending emails. As if there is some mailersoftware installed on my server...

 

Please help!

Share this post


Link to post
Share on other sites

I'd like to test the solution first )

May be this solution will work. Who knows...

Anyway, I have some usage of this module and wouldn't like to remove it.

Till now this solution seems working.

The spam messages stopped just after applying this code change.

Hope it will work further.

Share this post


Link to post
Share on other sites

Hi guys,

 

Having the same problem but with the contact form. It keeps sending mails. I'm getting pretty crazy of it because I have to check all emails to search for real messages from my customers. I disabled the contact form and deleted the entire module from the backoffice.  However it keeps sending emails. As if there is some mailersoftware installed on my server...

 

Please help!

 

As I was writing: they spammed me by the contact form. I discovered they sent the messages to only one contact you can select in the contact form. So I deleted the contact and the mails stopped immediatly. Now I have to delete more than 130.000 messages from the back office. Anyone knows how to do this at once? (instead of bulk delete max 1000 a time?) Thanks!

Share this post


Link to post
Share on other sites

 

The method described above does work.  

The spam bot cannot set the visitor name cookie automatically, so spam stops after adding that line of code!

 

Eolia thanks!!!

 

In the file   /sendtoafriend_ajax.php

 

replace
if (!$friendName || !$friendMail || !$id_product)

with
if (!$friendName || !$friendMail || !$id_product || !$module->context->cookie->customer_firstname)

Share this post


Link to post
Share on other sites

 

Or in /sendtoafriend_ajax.php replace

 if (!$friendName || !$friendMail || !$id_product) 

set

if (!$friendName || !$friendMail || !$id_product || !$module->context->cookie->customer_firstname)

 

I tried this just now and the module no longer sends an email if sender is not logged in.

Share this post


Link to post
Share on other sites

Allez hop c'est mon tour.

 

30 000 message reçu via le formulaire de contact. Et pourtant avec un captcha google :unsure:

 

Dans le doute j'ai viré le module sendtoafriend et banni les ip chinoise en esperant que ca tienne.

 

Voila ce que je reçoit comme message

 

 

Message : ‖新‖祝‖册‖会‖员‖免‖费‖即‖送“58元‖幸‖运‖金”情‖义‖相‖挺,月‖月‖返‖利。每‖月‖最‖高‖领‖娶‖66666¥
‖欧‖洲‖杯‖期‖间‖体‖育‖扌殳‖祝‖反‖水‖高‖达‖2%,反‖水‖无‖需‖打‖石马‖可‖直‖扌妾‖出‖款。
‖更多亻尤惠请打开:《 www.660022.c》 查看详情!

Share this post


Link to post
Share on other sites

Ça fait quelque temps que les captcha ne gênent plus vraiment les robots (il faut aussi voir comment il est implanté...)

La seule solution est celle que j'ai proposée, à savoir autoriser l'envoi si le customer est loggé.

 

On peut améliorer le truc en créant une table qui enregistre id_customer, time et nombre envoyé et limité à 3 mails par heure par exemple.

Share this post


Link to post
Share on other sites

Manouille : j'ai le même souci depuis 3 jours (spam sur mon formulaire de contact, apres application du correctif d'Eolia), est ce que cela a fonctionné de ton côté ?
merci ! 

 

Allez hop c'est mon tour.

 

30 000 message reçu via le formulaire de contact. Et pourtant avec un captcha google :unsure:

 

Dans le doute j'ai viré le module sendtoafriend et banni les ip chinoise en esperant que ca tienne.

 

Voila ce que je reçoit comme message

 


Share this post


Link to post
Share on other sites

 

Manouille : j'ai le même souci depuis 3 jours (spam sur mon formulaire de contact, apres application du correctif d'Eolia), est ce que cela a fonctionné de ton côté ?

merci ! 

 

 

 

 

J'ai viré le module (je ne m'en sers pas).

Je pense que le plus simple est de bannir les IP chinoise (voir le htacess plus haut). Voir post #21

Pour le moment plus de problèmes

Edited by manouille

Share this post


Link to post
Share on other sites

 

Manouille : j'ai le même souci depuis 3 jours (spam sur mon formulaire de contact, apres application du correctif d'Eolia),

 

 

Tu as eu du spam avec le patch d'Eolia appliqué ou alors avant ?

 

Pour ma part le patch d'Eolia a réglé le problème à 100%, un grand merci à lui :)

Edited by KevinNash

Share this post


Link to post
Share on other sites

Tu as eu du spam avec le patch d'Eolia appliqué ou alors avant ?

 

Pour ma part le patch d'Eolia a réglé le problème à 100%, un grand merci à lui :)

 

j'ai eu du spam via les "emails à un ami", j'ai du coup appliqué le patch (sans désinstallé le module), ensuite j'ai eu du spam sur ma boite contact.

Pour le banissement des IP chinoises j'ai cru comprendre que cela ralentissait pas mal le site de blacklister trop d'IP dans les htaccess, est ce vrai ?

Share this post


Link to post
Share on other sites

C'est vrai vu que le serveur doit vérifier les IPs avant d'autoriser l'accès, cela est inutile avec le patch ;)

Edited by KevinNash

Share this post


Link to post
Share on other sites

Re bonjour,

 

donc voila ca recommence ce matin. 300 message reçus.

 

Tout passe par le formulaire de contact et non le module sendtoafriend (je l'ai complétement viré de mon site).

 

Donc le blocage des IP n'est pas encore suffisant.

 

 

Il n'y aurait pas un moyen de bloquer ces IP niveau serveur et non via un simple htacess ?

Edited by manouille

Share this post


Link to post
Share on other sites

Tu dois identifier l'ip en question dans tes logs de connexion serveur, il s'agit surement d'un script. Les pires ont des rolling IPs , elles changent régulièrement.

 

Si tu y a accès tu peux ajouter les IPs dans le firewall du serveur mais c'est exactement le même résultat qu'avec le .htaccess

Edited by KevinNash

Share this post


Link to post
Share on other sites

Had the same issue last night.

 

update "Send to a friend" module from back office not spam stoped

 

unistall module and not spam stoped

 

delete "Send to a friend" module also not spam stoped

 

what is that solution?

Edited by new_sra

Share this post


Link to post
Share on other sites

I have this same problem. I uninstalled and deleted modules sendtoafriend module and spam still coming out.
On server I dont have folder module/sendtoafraid/ (because I deleted it from BO), anyway spam still caming out (i see it in log on server)
Have anybody method to repair this?

Share this post


Link to post
Share on other sites

I have this same problem. I uninstalled and deleted modules sendtoafriend module and spam still coming out.

On server I dont have folder module/sendtoafraid/ (because I deleted it from BO), anyway spam still caming out (i see it in log on server)

Have anybody method to repair this?

Same problem here. Module deleted, spam is still comming...

 

Update:

I just found out, that the source was actually a standard contact form. Strange thing is, that it uses reCaptcha... Solved by blocking IP in .htaccess

If your problem still persists, focus on the contact form.

Edited by j.kaspar

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×