The 5th annual nopCommerce conference will take place in India on the 10th-11th of October. Please find more about this event here

SOS. Nopcommerce message queue got hacked!!!

< 1 2
Posted: June 11, 2019 at 1:23 PM Quote #237534
MaxM wrote:
... checked the message queue and I see a myriad of emails being sent ...

What kind of Emails?  Contact us?

It's not really a "security breach" if the spammers are using a public page (e.g. Contact Us).

I see two general types of 'spam' that can emanate from nopCommerce:

1) Messages that are only directed to you (e.g. [email protected]), which can come from Contact Us. They are spamming you.

2) Messages that could be directed to other emails but don't really contain spam. I see those only because some of them "bounce back" as undeliverable.  An example would be a 'spammer' Registering as a new user with someone else's email address.  The other person does not see 'spam' they just see a "welcome" message from your store (although they might consider it spam ;)
This post/answer is useful
0
This post/answer is not useful

Please login or register
to vote for this post.

(click on this box to dismiss)
www.noptools.com
Posted: June 13, 2019 at 1:54 AM Quote #237676
New York wrote:
What kind of Emails?  Contact us?


Thanks for your help!

The emails are of two different types: 1) template email forms and 2) spam emails (with links to phishing and other harmful sites).
I understand that with Type 1) the intention is purely spam. It’s with Type 2) however where uncertainty arises. They have managed to send emails from our send email address externally which will eventually get our domain black-listed by exchange servers.

How can we prevent this from happening apart from enabling CAPTCHA and implementing the honeypot method?
This post/answer is useful
0
This post/answer is not useful

Please login or register
to vote for this post.

(click on this box to dismiss)
Posted: June 13, 2019 at 9:06 PM Quote #237777
I'm not sure what you mean by "externally".  If it's external, then it's not coming from nopCommerce.  Could they have hacked your email account?  Is it just them just spoofing your email address, but it's not really coming from your email account/server?    How are you even seeing those, if they are going to someone else?  Is it as per above that you're getting 'rejections' from other mail servers?
This post/answer is useful
0
This post/answer is not useful

Please login or register
to vote for this post.

(click on this box to dismiss)
www.noptools.com
Posted: June 13, 2019 at 9:06 PM Quote #237778
I'm not sure what you mean by "externally".  If it's external, then it's not coming from nopCommerce.  Could they have hacked your email account?  Is it just them just spoofing your email address, but it's not really coming from your email account/server?    How are you even seeing those, if they are going to someone else?  Is it as per above that you're getting 'rejections' from other mail servers?
This post/answer is useful
0
This post/answer is not useful

Please login or register
to vote for this post.

(click on this box to dismiss)
www.noptools.com
Posted: June 14, 2019 at 3:59 AM Quote #237792
New York wrote:
I'm not sure what you mean by "externally".  If it's external, then it's not coming from nopCommerce.  Could they have hacked your email account?  Is it just them just spoofing your email address, but it's not really coming from your email account/server?    How are you even seeing those, if they are going to someone else?  Is it as per above that you're getting 'rejections' from other mail servers?


By externally I mean outside our organisation (e.g. to [email protected]).

I see the activity (i.e. the emails being sent) in the Message Queue in the nopCommerce admin section.
I also checked the login-log of that email account (on the exchange server) and no logins have been registered for the past few weeks. The email account is not an admin account, so they couldn't have deleted the log. Spoofing isn't an option either as a) I would see this on our exchange server and b) we have taken several security measure to prevent this from happening (not mentioning these because of security reasons).

I have no clue how they can send emails from nopCommerce's backend without logging in as an admin. This is obviously a security breach on the front-end of our nopCommerce shop.
This post/answer is useful
0
This post/answer is not useful

Please login or register
to vote for this post.

(click on this box to dismiss)
Posted: June 15, 2019 at 7:35 PM Quote #237974
RE: "to [email protected]  ...  in the Message Queue"
That can happen when a new customer Registers.  What is the subject (template) of the message - "Welcome ..."?

RE: "... checked ...the exchange server";  "...Spoofing isn't an option either as a) I would see this on our exchange server and b)..."
I don't think you understand what "spoofing" is.
This post/answer is useful
0
This post/answer is not useful

Please login or register
to vote for this post.

(click on this box to dismiss)
www.noptools.com
Posted: June 17, 2019 at 11:15 AM Quote #238056
New York wrote:
That can happen when a new customer Registers.  What is the subject (template) of the message - "Welcome ..."?

No the subject of the email is arbitrary text, sometimes Cyrillic letters sometimes text like "  Stairs and fences made of spyglass, wood, metal". I don't know why I'm not making this clear enough but they can actually send emails through our shop to email addresses around the world! I see the messages in the message queue.

I'm a certified exchange server admin so I'm fairly familiar with what spoofing is and what not. You can prevent spoofing with security measures with SPF, DMARC etc.

I would appreciate some valuable feedback.
This post/answer is useful
0
This post/answer is not useful

Please login or register
to vote for this post.

(click on this box to dismiss)
Posted: June 19, 2019 at 7:43 AM Quote #238155
If they are putting messages in the message queue, then either they are doing it directly via SQL, or there's some hacked code / plugin in your system. Do you have custom code?   Check your plugins / dlls (what are the date/timestamps, file sizes - do they match original release?)

Maybe you can set up a trigger on the MessageQueue table to detect / log caller info - e.g.

  SET @ProcName = OBJECT_NAME(@@PROCID);
  SET @login = ORIGINAL_LOGIN();
  SET @app = APP_NAME();

See what I posted here
https://www.nopcommerce.com/boards/t/55043/make-forum-moderators-to-hidedelete-spams-from-forums-when-nop-team-is-not-around.aspx#238009
This post/answer is useful
0
This post/answer is not useful

Please login or register
to vote for this post.

(click on this box to dismiss)
www.noptools.com
Posted: June 21, 2019 at 7:15 AM Quote #238377
New York wrote:
If they are putting messages in the message queue, then either they are doing it directly via SQL, or there's some hacked code / plugin in your system. Do you have custom code?


Very helpful, thanks a lot for your help. Will check and let you know.
This post/answer is useful
0
This post/answer is not useful

Please login or register
to vote for this post.

(click on this box to dismiss)
Posted: August 23, 2019 at 3:32 AM Quote #245113
Hi Guys

I would suggest you check your Blog/News Comments and check the following:

1) Allow guests to leave comments
2) Blog comments must be approved
3) Notify about new blog comments
4) Blog comments per store

And check the same for news, and also make sure you enable captcha for both if you want to use these, as they will fill up your DB if you are not careful.
This post/answer is useful
0
This post/answer is not useful

Please login or register
to vote for this post.

(click on this box to dismiss)
Please VOTE if this has been of some help.

Kind Regards
Ron Palmer (Xtreme Commerce Ltd)
Director & Developer at http://www.nopresponsive.com
nopCommerce Solutions Partner/Nop MVP

Email: [email protected]
Skype:xtremecommerce

Responsive Web Development for nopCommerce
< 1 2
Premium support services
  • Dedicated premium support services provided by core developers are intended for persons who run mission critical websites, work on projects with tight deadlines, or want to get dedicated support.
Professional services
  • Want to open a new store? Want to take your store to the next level? Need a custom extension? We can customize nopCommerce to fit your store perfectly. Request a quote to get started.