One or several fu*kheads have recently abused our system to send spam mails. I recieved some tons of mail error messages from a non-existent mail address on our system.


I am using Captcha on our Liaise module, and this module are set to send mail to one of our adresses only.

The only module I suspect been unsecure regarding terror attacks like this might be the "Tip A Friend" option in the Weblinks module. I have disabled the whole module now (with hundreds of links not beeing accessible any more) and I have not got any more mail messages.

Anyone with similar experiences? Does this sound like a reasonable explanation? What can I do with this module in order to not have this vulnability - how to make it impossible to send more than one mail from "Tip a Friend" in the weblinks? Or might it be other explanations??

Yes, I have installed protector.
Yes, I would love to break the neck on the **ckheads!

Using: XOOPS 2.0.16
Weblinks 1.0
Frameworks installed

There was an issue reported by Subzero (from Xoopsdesign) with Weblinks. I have contacted the author over this, but I still have not received a reply.

There is, however, a new release of 1.31 ... so you may want to see if this deals with your problem. Please let me know if it does.

(Dont forget to backup etc etc)

I am still in a mess, spam mail in return are flooding my inbox!

My only option now was to close down the site!

Weblinks were removed from public display, then the spammhackfuc**rs must have used some other vulnerability on the system, I don't have any clue what it might be.

Anyone with any advice what to do then? Should i relave XOOPS as a platform and go for something else??

First thing: Don't Panic!

Second thing: Can you PM me the site URL so I can see if theres any other module that may be an issue?

Finally it all has been sorted out, after som serious digging. Some f**khead were using a fake email address and pretending using us a sender. This was not the case, hwever, but we set up a catch all at the server, and then recieved all returning error messages from those the spammer had mailed.
So our XOOPS are safe and now even safer.
And spammers? Well, I hope they all vanish into a deep hole. In all cases they have contributed in the blacklisting on our domain in a lot of places.

Tip: use WF-Links instead of Weblinks.