1
Hi.
Today I noticed that a spambot has broken my 2.0.x default contact module in some way.
The website is running an old version of XOOPS, before the security token has been implemented - I've done various core code hacking on that website..
So, here the details.
Early, this morning, I've found these things of email in my box (I'll post only one, the last one. But I got other 4 similar mails, if someone is interested).
Quote:
And later, this evening (21.00 on GMT+1), the spam has started.
I don't know if this spam arrived only to me, the guy who get the mails from the contact module, or if other peoples in the .net get this spam too - I don't have access to the mail server.
I don't post any of those spam maill 'cause they are very long.. if someone is interested I can post one later.
I've looked in the Apache server logs, I've found that several IPs have simply done a POST request masking the referer with my domain name -> there is not a GET request from those IPs (and i think this method can broke the security token too).
Right now I've disabled the contact form.
Any ideas, someone?
banned,