|
Spam via sendmessage.php? Not sure if this is just a clever spoof, a bug, or a security issue. But, it looks like someone is able to send spam from my install of vB (via the sendmessage.php). I have been getting one or two the following bounced emails every day for a week or so. (I cleaned it of site, domain, and server names). Quote: This message was created automatically by mail delivery software. A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed: [email protected] SMTP error from remote mail server after RCPT TO:: host bcgsa.com [206.130.110.179]: 550 5.1.1 ... User unknown ------ This is a copy of the message, including all the headers. ------ Return-path: Received: from SERVERNAME ([127.0.0.1] helo=localhost) by DOMAINNAME with esmtp (Exim 4.63) (envelope-from ) id 1M132x-0000od-U4 for [email protected]; Mon, 04 May 2009 13:37:55 -0500 Date: Mon, 04 May 2009 18:37:47 +0000 To: [email protected] From: "SITENAME" Auto-Submitted: auto-generated Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 8bit X-Priority: 3 X-Mailer: vBulletin Mail via PHP X-EZbouncer: http://www.DOMAINNAME/admincp/ezbounce.php?u= Subject: [email protected] X-Spam-Report: Spam detection software, running on the system "SERVERNAME.DOMAINNAME", has identified this incoming email as possible spam. The original message has been attached to this so you can view it (if it isn't spam) or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Della Riley, This is a message from Kayla Trujillo ( mailto: ) from the SITENAME ( http://www.DOMAINNAME/ ). The message is as follows: [...] Content analysis details: (-0.2 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -1.4 ALL_TRUSTED Passed through trusted hosts only via SMTP 2.5 URI_NOVOWEL URI: URI hostname has long non-vowel sequence -1.3 AWL AWL: From: address is in the auto white-list Della Riley, This is a message from Kayla Trujillo ( mailto: ) from the SITENAME ( http://www.DOMAINNAME/ ). The message is as follows: 38jkwskkr2m1lzdb tplnh mzfv http://wjcwhrvwwdtz.com msxhfpz idyfjga http://cwzyvgtldb.com SITENAME takes no responsibility for messages sent through its system. The usernames (Della Riley and Kayla Trujillo) do not exist (in my user table), nor does the email address: [email protected]. I notice the ( mailto: ) is blank and the userid is missing from: /admincp/ezbounce.php?u= Thanks for any assistance or insight. --RayJ |
| الساعة الآن 10:04 AM |
Powered by vBulletin® Copyright ©2000 - 2025, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.5.2 TranZ By
Almuhajir