-
Posts
-
Hi @yigit,
i have been informed by my hoster that there have been hundreds of spammails sended over our website (probably php_mail).
I (and also the hosting company) checked for malware but couldnt find any.
Finally they told me that it might have been sended over the contact-form https://www.flugtraeumer.de/kontakt/Is that possible?
If yes, how do i prevent that spam is spreaded over my website?
If it isnt the form…how can i find out over which way the mails have been sended?Danny
The hosting company added this:
“Das kommt darauf an, wie Sie die Email versenden. Per SMTP (also wenn Sie sich mit Emailadresse und Passwort am Mailserver anmelden) wird i.d.R. automatisch die sich authentifizierende Adresse gesetzt.
Sofern Sie die “mail()”-Funktion in PHP verwenden, beachten Sie bitte deren 4. und 5. optionalen Parameter um weitere Header (insbesondere “envelope-from” im fünften Parameter) zu setzen.
Beispiel:
#————%<————%<————
mail( (Email address hidden if logged out) ‘,
‘Betreff’,
‘Nachricht’,
‘From: (Email address hidden if logged out) ‘,
‘-f (Email address hidden if logged out) ‘
);
#————%<————%<————
Siehe auch: http://php.net/manual/function.mail.phpBei der Bibliothek PHPMailer kann stattdessen die Funktion “SetFrom” verwendet werden: $mail->SetFrom( (Email address hidden if logged out) ‘, ‘Vorname Nachname’);
Eventuell bietet auch die von Ihnen verwendete Software eine entsprechende Einstellungsmöglichkeit.> 2: “und die von ‘cl……@de…….your-server.de’ (also dem
> Useraccount) versendet wurden” Diese Aussage ist kryptisch. Bitte
> verständlich.
Der Benutzername, den Ihr Account auf dem virtuellen managed Server namens ‘de……your-server.de’ verwendet, lautet ‘cl…….’. Wenn beispielsweise ein PHP Script (vgl. oben) eine Email an den Server zur Zustellung übergibt, wird das PHP Script vom Benutzer ‘cl……’ ausgeführt. Es wird dann automatisch als Absender ‘cl…..@de…….your-server.de’ nach dem Schema ‘Nutzername@Hostname’ generiert, falls der Absender nicht anderweitig überschrieben wird (erneut vgl. oben).”So they still say its the contact form but i have no idea how to solve the task they gave me.
Shouldnt it be done by the php which is used by the actual contactform?Danny
I got mail from my hoster, saying that the form is the issue:
Sehr geehrter Herr P.,
Wir haben eine Rückmeldung von t-online.de erhalten:
——%<——%<——%<——%<——%<——
Von dieser IP-Adresse aus wurde(n) allerdings Spam bzw. Phishingversuche
bei unseren Systemen eingeliefert, hier der Header einer solchen Mail:| Return-Path: <cl…..@…….server.de>
| Received: from de……server.de ([159.69.104.105]) by mailin72.aul.t-online.de
| with (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384 encrypted)
| esmtp id 1j6OfN-165WpE0; Tue, 25 Feb 2020 02:05:41 +0100
| Received: from localhost ([127.0.0.1] helo=de……server.de)
| by de…….server.de with esmtps (TLSv1.3:TLS_AES_256_GCM_SHA384:256)
| (Exim 4.92.3)
| (envelope-from <cl……..server.de>)
| id 1j6OfM-00089P-Q9
| for …@t-online.de; Tue, 25 Feb 2020 02:05:40 +0100
| To: …@t-online.de
| Subject: Neue Information vom Sicherheitsdienst
| MIME-Version: 1.0
| Subject: Test mail
| Content-Type: multipart/alternative;boundary=3046cc842d8456edbff9a7993cedf652
| From: Amazoп.de <service@amazПn.de>
| Reply-To: service@amazПn.de
| List-Unsubscribe: <mailto:service@amazПn.de>
| Message-Id: <E1j6OfM-00089H-Kp@………..server.de>
| Date: Tue, 25 Feb 2020 02:05:40 +0100Es könnte sich möglicherweise um einen kompromittierten Account auf
Ihrem System handeln. Bitte berichten Sie uns, welche Maßnahmen Sie
getroffen haben, um das Problem auch für die Zukunft aus der Welt zu
schaffen.
——%<——%<——%<——%<——%<——Offenbar befindet oder befand sich auf einer der Webseiten im Account cl…. ein Kontakt- oder Registrierungsformular, das ausgenutzt wurde um diese Emails zu versenden. Dafür kommen in Frage:
——%<——%<——%<——%<——%<————%<——%<——%<——%<——%<——
Bitte schützen Sie alle Kontaktformulare vor dem Zugriff durch Spammer, beispielsweise indem Sie ein Captcha einbinden. Anschließend geben Sie uns Bescheid, damit wir eine Delistung bei der Telekom erwirken können.
Bitte lassen Sie uns wissen, falls wir Ihnen weiter behilflich sein können.
Hi,
Sorry for the late reply! If your case is urgent, please add “urgent” to your title description and we will try to look into it as soon as we can. When you reply to your own threads, it is changing order in our queue.
That being said, you can add following code to bottom of Functions.php file in Appearance > Editor to set “from” mail address
function change_cf_from() { return " (Email address hidden if logged out) "; } add_filter('avf_form_from', 'change_cf_from', 10);Also, please refer to this post – https://kriesi.at/documentation/enfold/contact-form/#captcha and enable captcha. You can also consider using an anti-spam plugin.
Best regards,
YigitHello,
1: I guess ” (Email address hidden if logged out) ” is a placeholder and i have to put (Email address hidden if logged out) . Correct?
2: How does using the “Enfold numeric captcha” influences my GDPR/Dataprotection declaration?
2.1:Do i need to add something?
2.2: Something to care about the Cookie-modal?
2.3.: How good is the “Enfold numeric captcha” in terms of preventing spam?
3: ” anti-spam plugin” – which one can you recommend? (Please consider GDPR)kind regards
DannyPS: The captcha-description says: “Our form is already spamproof. Enable the captcha only if YOU RECEIVE spam over the form”
To avoid misunderstandings:
I dont get spam.
OTHERS get spam from us.
And our hoster said that the form has been used to do so.
Your recomendations are meant to prevent this??additional:
i dont see how the code you gave me is supposed to solve the issue.
The documentation says this:
“2. Check if WordPress is able to send e-mails
Go to the login screen of your WordPress installation and attempt to recover your user password, if you do get the e-mail then it may be that your server is only allowing e-mails sent from the default WP address (should be like “ (Email address hidden if logged out) ”). In this case, you can set the Enfold contact form to send messages from that address, just add the following snippet to your theme/child theme functions.php file:”But i dont want that my customers get mails from ” (Email address hidden if logged out) ” since this is not the mailadress we communicate with
Hi,
1- Yes, you would need to update the email to your domain.
2- Please use reCaptcha V3 instead. Once you activate it, it will display Google’s privacy policy link below Contact Form.
2.1- No, you can simply refer to this post – https://kriesi.at/documentation/enfold/contact-form/#captcha
2.2- No, links are automatically appended. Here is a screenshot from my local installation – https://imgur.com/a/FqdUweX
2.3- It is good but reCaptcha is more advanced as you could guess.
3- You can try using Akismet. Please note that I am not aware how they handle GDPR however if they need to set a cookie, you can use Additional Custom Cookies section.Your hosting providers recommended to set From mail and adding that code to bottom of Functions.php file in Appearance > Editor will set “from” address. You can change email address to (Email address hidden if logged out)
Best regards,
YigitHi,
“Please use reCaptcha V3 instead.”
We want to use as few as possible google services to minify the risk of catching a GDPR lawsuits“2.2: Something to care about the Cookie-modal?”
“2.2- No, links are automatically appended. Here is a screenshot from my local installation – https://imgur.com/a/FqdUweX”
Your answer did not reply to my question.“3- ….GDPR however if they need to set a cookie, you can use Additional Custom Cookies section. ”
In another supportthread you said that Additional Custom Cookies is NOT FOR ADDING cookies. (You want me to search for the thread?)Hi,
If you are not going to be using Google reCaptcha, nothing to worry about cookie modal window either. Enfold numeric captcha displays a simple math question.
I have been telling that Additional Custom Cookies are for 3rd party plugins.
Let us get back to the issue at hand. Has setting “from” address helped with your spam issue?
Best regards,
YigitHi,
not sure, i have to monitor it over a longer time.Questions:
What if i have two forms with two different mailadresses, lets say “info@” and “contact@”??I have to add them both into the functions, correct?
But how?Like this??
function change_cf_from() {
return ” (Email address hidden if logged out) “;
return ” (Email address hidden if logged out) “;
}
add_filter(‘avf_form_from’, ‘change_cf_from’, 10);And what if the mailadress that has added to the form does not belong to the domain?
Example:
Domain is flugtraeumer.de
Mail used for the form: (Email address hidden if logged out)Hi,
Sorry for my late reply!
Adding the code replaces “from” mail on all contact forms and if you would like to set different “from” address, you can simply edit contact forms and change “from” address in Content > Backend tab of Contact Form separately. It is recommended to use email address connected to your domain.
Best regards,
Yigit
- You must be logged in to reply to this topic.