SOS. Nopcommerce message queue got hacked!!!

2 years ago
Every minute, thousands of spam email were putting into my message queue!!!
I have shut down my email services connection, so they don't get sent out. I have changed my admin password, checked on the server for suspicious process..etc. I still see thousands of email pouring into my message queue and stuck there every minute.

Anyone has an idea where to look into? Many thanks!
2 years ago
I got it resolved. It turned out a bot has been using Email Friend feature to send massive spam emails. I enabled captcha on Email Friend page and it stopped.

I would recommend you do the same just in case your site is the next target.
2 years ago
Talen wrote:
I got it resolved. It turned out a bot has been using Email Friend feature to send massive spam emails. I enabled captcha on Email Friend page and it stopped.

I would recommend you do the same just in case your site is the next target.


Thank you for sharing this! +1
2 years ago
I'm in the same situation.  Where is Email friend page by the way.
2 years ago
Found it
8 months ago
Talen wrote:
I got it resolved. It turned out a bot has been using Email Friend feature to send massive spam emails. I enabled captcha on Email Friend page and it stopped.

I would recommend you do the same just in case your site is the next target.


Same issue with me. I found many spam mail sent with Russian language from and to store mail account.

So, I enabled CAPTCHA and honeypot. and just wait to see.

NopTeam Please Keep it in mind for security reasons (Nop Version is 4.10).

Example of mails:
----------------------
From:
[email protected] (our mail account)

To:
[email protected] (our mail account)

replay to:
[email protected]

Subject:
Отель Нижний Новгород

Body:
Недорогой отель Владимирский находится рядом с центром Нижнего Новгорода. Ближайшая станция метро Ленинская находится в 640 м от гостиницы, что позволяет попасть в центр города за 10-15 минут. Гостиница располагается в Нижнем Новгороде рядом с ЖД вокзалом.
  
<a href=http://vladimir-otel.ru>Отель в Нижнем Новгороде</a>
---------------------

Best regards.
5 months ago
Hi everyone, our shop (running on 3.80) has been compromised as well. Captcha is activated but this does not prevent fraud emails from being sent from our webshop. Urgent assistance is required!
Thanks
5 months ago
Welcome to the world of spammers. This is the breakdown with email - anyone can pretend to be anyone
All they need is your email address and they can email anyone (and you) from that address
They dont need to use your website to do it
5 months ago
MaxM wrote:
Hi everyone, our shop (running on 3.80) has been compromised as well. Captcha is activated but this does not prevent fraud emails from being sent from our webshop. Urgent assistance is required!
Thanks


Did you enabled CAPTCH on ContactUS, Refer a fried and all other open form which show on public side?

Also are you sure that email is sending from your nopCommerce site? Are you able to see logs of spam email in message queue? if so then you should be able to figure out based on email template content that from where spam email is sending out from your site and you should enable captcha appropriately.
5 months ago
satyanam wrote:

Did you enabled CAPTCH on ContactUS, Refer a fried and all other open form which show on public side?

Also are you sure that email is sending from your nopCommerce site? Are you able to see logs of spam email in message queue? if so then you should be able to figure out based on email template content that from where spam email is sending out from your site and you should enable captcha appropriately.


Thank you for your help on this.
CAPTCHA has been enabled on all pages.
I checked the message queue and I see a myriad of emails being sent from our email address ([email protected], I son’t want to disclose this email address). A total disaster! The hackers haven’t used any email template. They’re sending emails with suspicious content using our  nopcommerce shop and [email protected] email address. This is clearly a security breach and I wonder why nopcommerce isn’t aware of this issue.
Any further assistance would be appreciated.