Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Another Method Of Spam


Guest

Recommended Posts

Good Day All,

 

I just got contacted from my service provider to say that they were contacted to report abuse from our server.

 

Doing some analysis I have found a bug in osCommerce which I am sure everybody will have with their system:

 

Basically, the hackers accessed the following URL: catalog/admin/mail.php/login.php and gained access to all of my customers names and email addresses.

 

The POST URL on my log is: catalog/admin/mail.php/login.php?action=send_email_to_user

 

I am pretty sure my server is now blacklisted, I have not checked but I have noticed my email queue sitting still for emails going to comcast and yahoo email addresses.

 

Any help on this will be greatly appreciated!

 

Regards,

ChildOTK

Link to comment
Share on other sites

 

 

This is a well known issue, apply all patches given here http://www.oscommerce.com/forums/index.php?showtopic=313323 including these to fix the issue.

Sam

 

Remember, What you think I ment may not be what I thought I ment when I said it.

 

Contributions:

 

Auto Backup your Database, Easy way

 

Multi Images with Fancy Pop-ups, Easy way

 

Products in columns with multi buy etc etc

 

Disable any Category or Product, Easy way

 

Secure & Improve your account pages et al.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...