Cubecart mailer

[Guest]

My site was temporarily suspended by my hosting company as someone apparently was using cubecart mailer to send spam from one of my stores. Is there a way to disable the cubecart mailer? I never use it since I send all email via outlook and would like to make sure this never happens again. I haven't been able to find the mailer script in the site.

I have changed from mail() in general settings to smtp without entering any smtp information - will this prevent mail being processed thru cubecart?

[vokf]

You could deliberately specificy incorrect details, but your webhost may see this as a brute force attack and automatically block the site (in some form!).

I'd suggest getting more information from the webhost, ie server logs, and then providing them to CC Admin. If there is a vulnerability, then I'm very sure it will be patched quickly.

What should be considered, is any recent modifications that can send emails. Whilst CubeCart 3 & 4 have been security audited, I don't know of any 3rd party mods that have been.. If mods are coded within the framework of cubecart (ie, cleansing all data, validation etc) then it should be fine.

I assume this is a fairly up to date version of CC3 and passwords are fairly strong?

Server logs should show how the attack took place, and the script used.

[Guest]

I think I solved it for now and renamed the stmp.php file to something else so cubecart is no longer able to call it at all. I removed the "tell a friend" link as I've read thats the most likely place a hacker can get into. Only done it on the site that was hacked right now, but will for my other stores as well.

Actually most of my stores run v3.014 - I have so many changes in the files, most of them my own, I didn't want to update all 12 stores. I might give it a go on one of my slower stores and see how much of a pain it will be, but since I didn't document my changes, it would be hard to do and I've never had the time. Was kinda waiting to see if I wanted to upgrade to v5 before I tackled all that.