SOS. Nopcommerce message queue got hacked!!!

1 2 >
Posted: August 04, 2017 at 12:44 PM Quote #190893
Every minute, thousands of spam email were putting into my message queue!!!
I have shut down my email services connection, so they don't get sent out. I have changed my admin password, checked on the server for suspicious process..etc. I still see thousands of email pouring into my message queue and stuck there every minute.

Anyone has an idea where to look into? Many thanks!
This post/answer is useful
0
This post/answer is not useful

Please login or register
to vote for this post.

(click on this box to dismiss)
Posted: August 04, 2017 at 1:01 PM Quote #190894
I got it resolved. It turned out a bot has been using Email Friend feature to send massive spam emails. I enabled captcha on Email Friend page and it stopped.

I would recommend you do the same just in case your site is the next target.
This post/answer is useful
3
This post/answer is not useful

Please login or register
to vote for this post.

(click on this box to dismiss)
Posted: August 05, 2017 at 2:10 AM Quote #190915
Talen wrote:
I got it resolved. It turned out a bot has been using Email Friend feature to send massive spam emails. I enabled captcha on Email Friend page and it stopped.

I would recommend you do the same just in case your site is the next target.


Thank you for sharing this! +1
This post/answer is useful
1
This post/answer is not useful

Please login or register
to vote for this post.

(click on this box to dismiss)
Pls up-vote the answer, if it helps you! :)

nopAccelerate - Faster, Reliable & Scalable nopCommerce

http://www.nopAccelerate.com | http://www.xcellence-it.com | http://shop.xcellence-it.com

Need any professional assistance? Drop us your requirements on sales(at)nopaccelerate.com
Posted: November 08, 2017 at 8:41 PM Quote #195844
I'm in the same situation.  Where is Email friend page by the way.
This post/answer is useful
0
This post/answer is not useful

Please login or register
to vote for this post.

(click on this box to dismiss)
http://www.snapnzip.com
Posted: November 08, 2017 at 8:44 PM Quote #195845
Found it
This post/answer is useful
0
This post/answer is not useful

Please login or register
to vote for this post.

(click on this box to dismiss)
http://www.snapnzip.com
Posted: February 19, 2019 at 6:02 AM Quote #221136
Talen wrote:
I got it resolved. It turned out a bot has been using Email Friend feature to send massive spam emails. I enabled captcha on Email Friend page and it stopped.

I would recommend you do the same just in case your site is the next target.


Same issue with me. I found many spam mail sent with Russian language from and to store mail account.

So, I enabled CAPTCHA and honeypot. and just wait to see.

NopTeam Please Keep it in mind for security reasons (Nop Version is 4.10).

Example of mails:
----------------------
From:
[email protected] (our mail account)

To:
[email protected] (our mail account)

replay to:
[email protected]

Subject:
Отель Нижний Новгород

Body:
Недорогой отель Владимирский находится рядом с центром Нижнего Новгорода. Ближайшая станция метро Ленинская находится в 640 м от гостиницы, что позволяет попасть в центр города за 10-15 минут. Гостиница располагается в Нижнем Новгороде рядом с ЖД вокзалом.
  
<a href=http://vladimir-otel.ru>Отель в Нижнем Новгороде</a>
---------------------

Best regards.
This post/answer is useful
1
This post/answer is not useful

Please login or register
to vote for this post.

(click on this box to dismiss)
Posted: June 11, 2019 at 1:41 AM Quote #237477
Hi everyone, our shop (running on 3.80) has been compromised as well. Captcha is activated but this does not prevent fraud emails from being sent from our webshop. Urgent assistance is required!
Thanks
This post/answer is useful
0
This post/answer is not useful

Please login or register
to vote for this post.

(click on this box to dismiss)
Posted: June 11, 2019 at 2:53 AM Quote #237482
Welcome to the world of spammers. This is the breakdown with email - anyone can pretend to be anyone
All they need is your email address and they can email anyone (and you) from that address
They dont need to use your website to do it
This post/answer is useful
0
This post/answer is not useful

Please login or register
to vote for this post.

(click on this box to dismiss)
www.SelectSystems.com.au
Select Systems International is a computer systems technology solution developer and integration service provider.
Posted: June 11, 2019 at 5:47 AM Quote #237496
MaxM wrote:
Hi everyone, our shop (running on 3.80) has been compromised as well. Captcha is activated but this does not prevent fraud emails from being sent from our webshop. Urgent assistance is required!
Thanks


Did you enabled CAPTCH on ContactUS, Refer a fried and all other open form which show on public side?

Also are you sure that email is sending from your nopCommerce site? Are you able to see logs of spam email in message queue? if so then you should be able to figure out based on email template content that from where spam email is sending out from your site and you should enable captcha appropriately.
This post/answer is useful
1
This post/answer is not useful

Please login or register
to vote for this post.

(click on this box to dismiss)
Please up-vote the answer, if it helps you! :)

Need any professional assistance? Drop us your requirements on [email protected]

http://www.satyanamsoft.com/
nopCommerce Solution Partner
Posted: June 11, 2019 at 10:36 AM Quote #237514
satyanam wrote:

Did you enabled CAPTCH on ContactUS, Refer a fried and all other open form which show on public side?

Also are you sure that email is sending from your nopCommerce site? Are you able to see logs of spam email in message queue? if so then you should be able to figure out based on email template content that from where spam email is sending out from your site and you should enable captcha appropriately.


Thank you for your help on this.
CAPTCHA has been enabled on all pages.
I checked the message queue and I see a myriad of emails being sent from our email address ([email protected], I son’t want to disclose this email address). A total disaster! The hackers haven’t used any email template. They’re sending emails with suspicious content using our  nopcommerce shop and [email protected] email address. This is clearly a security breach and I wonder why nopcommerce isn’t aware of this issue.
Any further assistance would be appreciated.
This post/answer is useful
0
This post/answer is not useful

Please login or register
to vote for this post.

(click on this box to dismiss)
1 2 >
Premium support services
  • Dedicated premium support services provided by core developers are intended for persons who run mission critical websites, work on projects with tight deadlines, or want to get dedicated support.
Professional services
  • Want to open a new store? Want to take your store to the next level? Need a custom extension? We can customize nopCommerce to fit your store perfectly. Request a quote to get started.
eCommerce CONFERENCE 2019
Learn more