×
Kunena 5.1.7 Released - Security Release (20 Nov 2018)

The Kunena team has announce the arrival of Kunena 5.1.7 [K 5.1.7] which is now available for download as a native Joomla extension for J! 3.9.x. This version addresses most of the issues that were discovered in K 5.1 and issues discovered during the development stages of K 5.1. This is a Security release.

× Topics must relate to a currently supported version of Kunena. If you are unsure what is the current supported version of Kunena, please go to the download page.

If you are having problems then, for your own benefit, it would save us all a lot of time if you would kindly post your configuration report when you ask for help from this forum. If you do not post your configuration report we will not ask you for it but you will probably not get your problem solved, either.

Question Receiving mail from illegal visitor

More
2 months 2 weeks ago #1 by rjzilver
Hi,

I' am receiving a mail (see attachment) from a visitor (no member of the site). This answer on an existing topic is not published on the site. It looks like there is some vulnerability?

Regards,
Roelof Jan
Attachments:

Please Log in or Create an account to join the conversation.

More
2 weeks 15 hours ago #2 by ASSIRENE
I am receiving similar email notifications to the administrator (many from two days ago).
it looks like a user is sending spam messages to the forum, but the message is not visible on the site.
what happen? How can I block this email flow?
thanks
Patrizio
Attachments:

Please Log in or Create an account to join the conversation.

More
2 weeks 11 hours ago #3 by Slacker
Take a look in the notifications source code and see if it is sent from your site like a normal notification mail or if a joker is sending from his email. If you find it sent from another ip-adress note it and search your database for it. If its a member you will figure out who it is.

Please Log in or Create an account to join the conversation.

More
1 week 6 days ago #4 by ASSIRENE
Thanks for your answer.
what I can see is the attached screenshot.
It's look like a normal notification..
any suggestion, please?

Patrizio
Attachments:

Please Log in or Create an account to join the conversation.

More
1 week 6 days ago #5 by Slacker
Thats html code, but you should look in the e-mails header. Its looks like this:
From: Media Temple user (This email address is being protected from spambots. You need JavaScript enabled to view it.)
Subject: article: How to Trace a Email
Date: January 25, 2011 3:30:58 PM PDT
To: This email address is being protected from spambots. You need JavaScript enabled to view it.
Return-Path: <This email address is being protected from spambots. You need JavaScript enabled to view it.>
Envelope-To: This email address is being protected from spambots. You need JavaScript enabled to view it.
Delivery-Date: Tue, 25 Jan 2011 15:31:01 -0700
Received: from po-out-1718.google.com ([72.14.252.155]:54907) by cl35.gs01.gridserver.com with esmtp (Exim 4.63) (envelope-from <This email address is being protected from spambots. You need JavaScript enabled to view it.>) id 1KDoNH-0000f0-RL for This email address is being protected from spambots. You need JavaScript enabled to view it.; Tue, 25 Jan 2011 15:31:01 -0700
Received: by po-out-1718.google.com with SMTP id y22so795146pof.4 for <This email address is being protected from spambots. You need JavaScript enabled to view it.>; Tue, 25 Jan 2011 15:30:58 -0700 (PDT)
Received: by 10.141.116.17 with SMTP id t17mr3929916rvm.251.1214951458741; Tue, 25 Jan 2011 15:30:58 -0700 (PDT)
Read more here;
mediatemple.net/community/products/dv/20...ding-an-email-header

Please Log in or Create an account to join the conversation.

More
1 week 6 days ago #6 by ASSIRENE
good evening Slacker,
thanks for your help.
I was looking to the email headers, but not found differences between a "real" message and a "spam" message.
This is a spam message header (message.txt attached):

Return-Path: <This email address is being protected from spambots. You need JavaScript enabled to view it.>
Delivered-To: This email address is being protected from spambots. You need JavaScript enabled to view it.
Received: (qmail 10070 invoked by uid 89); 26 Nov 2018 17:27:59 -0000
Received: from unknown (HELO mxcmd11.ad.aruba.it) (62.149.157.68)
by mxavas2.ad.aruba.it with SMTP; 26 Nov 2018 17:27:59 -0000
Received: from smtplqs-out39.aruba.it ([62.149.158.79])
by mxcmd11.ad.aruba.it with bizsmtp
id 4hTi1z00a1j4Dby01hTzdG; Mon, 26 Nov 2018 18:28:00 +0100
Received: from webxc230s01.ad.aruba.it ([89.46.105.130])
by smartcmd02.ad.aruba.it with bizsmtp
id 4hTz1z00Z2opJgR01hTzdY; Mon, 26 Nov 2018 18:27:59 +0100
Received: by webxc230s01.ad.aruba.it (Postfix, from userid 19274138)
id E68EB20504E; Mon, 26 Nov 2018 18:27:59 +0100 (CET)
To: This email address is being protected from spambots. You need JavaScript enabled to view it.
Subject: All.Can : efficienza nella cura del cancro (Notizie da IRENE)
.....

and this is a "real" message header (message-2.txt attached)

Return-Path: <This email address is being protected from spambots. You need JavaScript enabled to view it.>
Delivered-To: This email address is being protected from spambots. You need JavaScript enabled to view it.
Received: (qmail 28047 invoked by uid 89); 29 Sep 2018 14:42:04 -0000
Received: from unknown (HELO mxcmd08.ad.aruba.it) (62.149.157.43)
by mxavas5.ad.aruba.it with SMTP; 29 Sep 2018 14:42:04 -0000
Received: from smtplqs-out41.aruba.it ([62.149.158.81])
by mxcmd08.ad.aruba.it with bizsmtp
id hSi11y00o1lfaGW01Si5Jr; Sat, 29 Sep 2018 16:42:05 +0200
Received: from webxc230s01.ad.aruba.it ([89.46.105.130])
by smartcmd02.ad.aruba.it with bizsmtp
id hSi51y00B2opJgR01Si5vh; Sat, 29 Sep 2018 16:42:05 +0200
Received: by webxc230s01.ad.aruba.it (Postfix, from userid 19274138)
id 646C6205021; Sat, 29 Sep 2018 16:42:05 +0200 (CEST)
To: This email address is being protected from spambots. You need JavaScript enabled to view it.
Subject: Una sensazione di acufene all'orecchio destro (Le nostre storie)

I don't see any difference...
Thanks for you help

Patrizio
Attachments:

Please Log in or Create an account to join the conversation.

More
1 week 5 days ago #7 by Slacker
It seems to be a notification mail from your site. What you can do is to check your access logs, when it sent to look for any suspicious activity. In phpMyAdmin look in kunena_user_topics. Search in this table for the topic_id for the spam and check what you find there. If it is a real notificatin you will find it there.

Please Log in or Create an account to join the conversation.

More
1 week 3 days ago #8 by ASSIRENE
It's not a real notification!
no trace in Kunena_user_topic.
it's spam, it's notipficated to the administrator for moderation but not published in the forum.
three weeks ago I detected some illegal user generated in Joomla and I purged them. (deleted from Joomla)
after that, I receives a dozen of messages like the last.
maybe there is a relation between deleting the illegal user and strange notifications received...
many thanks
Patrizio

Please Log in or Create an account to join the conversation.

More
1 week 1 day ago #9 by Slacker
Maybe someone found out a way to send out notifications without being a member, But if you look in access logs you might find out how.

Please Log in or Create an account to join the conversation.

More
5 days 20 hours ago #10 by NeilT
I also am getting the very same problem.

Please Log in or Create an account to join the conversation.

  • Not Allowed: to create new topic.
  • Not Allowed: to reply.
  • Not Allowed: to add attachements.
  • Not Allowed: to edit your message.
Time to create page: 0.138 seconds