Guest lcools Posted November 23, 2007 Share Posted November 23, 2007 This morning I received 30-35 emails (all sent within 14 minutes) titled: 'Mail failure - no recipient addresses' that seem to be from my server. The emails are blank shop order forms that start like this: Dear , Thank you for your order no: 999999%'/**/or/**/basket=(SELECT(IF((ASCII(SUBSTRING(password,1,1))=55),benchmark(2000000,sha1('suntzu')),0))/**/FROM/**/CubeCart_admin_users/**/WHERE/**/isSuper=1)/* placed on Dec 31 1969, 19:00 PM The transaction was successful and we will ship your goods right away (within next shipping day) and confirm once that's done. I checked my shop's stats and admin logs. Nothing seems unusual there. I have 3.0.8 and use mail() because smtp would not work after many tries. Does anyone have any idea whats going on? Thanks~ Leila Quote Link to comment Share on other sites More sharing options...
Guest lcools Posted November 27, 2007 Share Posted November 27, 2007 It happened again last night, but 850+ times. I've had lots of spam attacks on this website (webforms) but how are they accessing the order confirmation form? I have no idea if this is a cubecart or hostfile issue? Anyone, please? Quote Link to comment Share on other sites More sharing options...
Guest EverythingWeb Posted November 27, 2007 Share Posted November 27, 2007 Upgrade to the latest version - 3.0.17 3.0.8 is VERY outdated. Quote Link to comment Share on other sites More sharing options...
Guest lcools Posted November 27, 2007 Share Posted November 27, 2007 Hi...Thanks, I'm on a Mac so I don't have the option of Winmerge. Past upgrades were basically a reinstall. I an't possibly do that until after Christmas. I'm hoping to get through December and upgrade, or buy #4, in January. Just need to know what's going on. Thanks! Leila Quote Link to comment Share on other sites More sharing options...
Guest Posted November 28, 2007 Share Posted November 28, 2007 This morning I received 30-35 emails (all sent within 14 minutes) titled: 'Mail failure - no recipient addresses' that seem to be from my server. The emails are blank shop order forms that start like this: Dear , Thank you for your order no: 999999%'/**/or/**/basket=(SELECT(IF((ASCII(SUBSTRING(password,1,1))=55),benchmark(2000000,sha1('suntzu')),0))/**/FROM/**/CubeCart_admin_users/**/WHERE/**/isSuper=1)/* placed on Dec 31 1969, 19:00 PM The transaction was successful and we will ship your goods right away (within next shipping day) and confirm once that's done. I checked my shop's stats and admin logs. Nothing seems unusual there. I have 3.0.8 and use mail() because smtp would not work after many tries. Does anyone have any idea whats going on? Thanks~ Leila Just Spam bombs. Quote Link to comment Share on other sites More sharing options...
Guest lcools Posted November 29, 2007 Share Posted November 29, 2007 thanks~ Quote Link to comment Share on other sites More sharing options...
Guest Hostpac Posted December 5, 2007 Share Posted December 5, 2007 We also have clients having this same problem. Can anyone point me in the right direction to overcome these bounce errors. One client is receiving over 1000 per day using latest version of CC Cheers Quote Link to comment Share on other sites More sharing options...
jerseyjoe Posted December 5, 2007 Share Posted December 5, 2007 It's worth knowing that if you pay for the copyright license removal, it also removes the CC version number from your footer. That information makes it a simple matter of Googling to find stores with outdated vulnerable scripts. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.