Jump to content
0121stephen

Spam from Welcome Email after registration

Recommended Posts

Someone is sending spam emails using my customer sign up.  They are signing up as a new customer and sending spam through the welcome email that the site sends out.  I am running Prestashop 1.6.1.19.  Does anyone know how to stop it?  I have disabled the welcome email but this isn't ideal.  Any ideas?

 

Many thanks,

Stephen

Share this post


Link to post
Share on other sites

Same problem.  I'm still on 1.6.1.23.

Share this post


Link to post
Share on other sites

Thanks Doekia  ....work, work, work !!!!

presta.jpg.f4c9421b123fe12b1e520c007ce7c1e1.jpg

Share this post


Link to post
Share on other sites

Yes this is an issue for me too when updating the customer.php file I have done so in UTF-8.  Did anyone get anywhere with this one?

Share this post


Link to post
Share on other sites

Thanks for the fix, it appears to have resolved the problem, only time will tell whether they find a way around the "fix"

Share this post


Link to post
Share on other sites

The purpose of the attack is to "invite" you to some porn related web site. As soon  as they cannot do such "invitation", attacking your shop looses interrest. The fix does that makes subscription  unable to promote any web site. Hence not usefull in their scenario

Share this post


Link to post
Share on other sites

Hello,

 

Can I just follow doekia's first post and manually edit Validate.php and Customer.php? Without having to run the patch file?

 

Thank you

 

Share this post


Link to post
Share on other sites
Posted (edited)

I applied this exactly, but it doest work.

Invalid customer firstname, invalid customer last name. 

1.6.1.20 prestashop

 

Could it maybe be PHP version related?

Edited by 01Park

Share this post


Link to post
Share on other sites

No it is not related to PHP in any case.

As I explained in the PM (after seeing your file) you are trying to manipulate your file with a web based filemanager rather than FTP.

This causes character encoding to be tampered and ruin the regex.

Share this post


Link to post
Share on other sites
Posted (edited)

the patch worked perfectly on 1.6.1.4

thanks!

 

 

Edited by greg barratt

Share this post


Link to post
Share on other sites

I edited the file in filemanager ( not trying to manipulate nothing). In another post there is a spanish video explaining how and what to change. 

 

Is it possible for you to create the correct files and just upload these to the post. Then everyone can just overwrite the old one.

 

Share this post


Link to post
Share on other sites

Sorry you do not understand my replies. I cannot help.

Your file is containing:

        return preg_match('/^[^0-9!\[\]<>,;?=+()@#"\A1\C6{}_$%:\/\\\*\^]*$/u',$name);

rather than

        return preg_match('/^[^0-9!\[\]<>,;?=+()@#"°{}_$%:\/\\\*\^]*$/u',$name);

Let hope someone here with appropriate language skill could explain it to you. Sorry I cannot

Share this post


Link to post
Share on other sites

On what line do you see this :

 

return preg_match('/^[^0-9!\[\]<>,;?=+()@#"\A1\C6{}_$%:\/\\\*\^]*$/u',$name);

Because I can see

 

return preg_match('/^[^0-9!\[\]<>,;?=+()@#"°{}_$%:\/\\\*\^]*$/u',$name);

Share this post


Link to post
Share on other sites

To make sure im doing the right thing. I also installed the fix on a prestashop 1.7.5. This worked. 

Just doesnt work for 1.6.1.20

Share this post


Link to post
Share on other sites

Ok, I solved the issue with 1.6.1.20 

The problem for 1.6.1 is that the validate file is not UTF-8 (EUC-KR, or something like that). I dont know how to create a file with UTF-8, So. I toke the whole code from 1.6.1 and copied that to the validate file from 1.7 ( this is UTF8). Uploaded and test. Fix works!

I added the files for 1.6.1 prestashop.

 

Validate.php

Customer.php

Share this post


Link to post
Share on other sites

Hello. 

 

The best way is to implement recaptcha v.3 in invisible mode because some people use for exemple "365.shop" like the company name (or lastname or firstname)  and the 1.6.1.24 do not allow this name 365.shop.

I already implemented recaptcha v.3 on the 1.6.1.23 and 1.6.1.24 and it is working very well.

 

It is also invisible for the client (no more boring pictures and clicks for the client) 

 

It is working also very well for the contact_form. 

 

Best regards 

 

Edited by bu_marius

Share this post


Link to post
Share on other sites

The protection only affects customer firstname and lastname so no impact on company name

Share this post


Link to post
Share on other sites

Hello. 

 

I have a lots of clients with 

 

Name: S.A.R.L 

And this is not a good way to force the client to change the name or the lastname. 

 

And if you use your prestashop with some market places (ebay for example) some times you have just one name for example 365.shop

 

It is not the best way to force the client to choose what you want. You have to accept what the client wants 

 

😏

Edited by bu_marius

Share this post


Link to post
Share on other sites

Do whatever you want. Once you shop will have been totally banned from mail exchanger all arround the world, refrain to came back here complaining for help.

 

Share this post


Link to post
Share on other sites
On 4/20/2019 at 3:20 PM, SpySly said:

Thanks Doekia  ....work, work, work !!!!

presta.jpg.f4c9421b123fe12b1e520c007ce7c1e1.jpg

Yes for www.pimp.com it is fine but what about porn.net

 

You have to put a dictionary there 😬😬😱

Share this post


Link to post
Share on other sites

porn.net is forbidden porn. net is accepted

Problem is mail client (google for instance) tend to convert what seems to be domain name / url to links (porn.net is converted but not porn. net) so it looses interrest form spammers

Neat, simple and efficient

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×

Important Information

Cookies ensure the smooth running of our services. Using these, you accept the use of cookies. Learn More