bws Posted July 1, 2019 Share Posted July 1, 2019 For the past month I've received a few spam messages in my gmail account, and noticed that gmail thinks they were sent by me (by same email as my account) but this has happened in the past occasionally. My gmail account is set up so that I receive "all" mail sent by my own email address, this is so I get all the store emails when someone places an order, or I place a test order myself. Otherwise most of these would end up in the spam folder. So I get these spam as well as the genuine store mail in my inbox. I'm working on my store now, because I only use it part time and I'm thinking of having a July 4 sale now. I was reviewing the downloaded db and saw the same spam emails that I had received earlier in the month. I did some research to see if anyone using cubecart had had these types of problems before, but didn't see anything except something from about 10 years ago that had been fixed. I noticed that in the cubecart db log, in genuine order emails, the to and from fields are both my gmail address. In the spam emails, the to field is same but "from" is another email address. However, when it gets to my gmail inbox it says the sender is me, so somehow gmail is seeing the spam messages as being sent by me, even though the "from" field in the email log is a different address. It does say on the gmail inbox line - <[email protected]> wrote to jayscubecartstore.com: stupid spam message blah blah blah.. So I don't know why gmail thinks it was sent by me and I don't know how it's being done, but he may be able to send mail to others with it appearing to come from my gmail account, or from my server or cubecart store. That would cause my email account to get flagged as a spam account. By the way, I do not have email set up on my server, because I tried that at the server previous, and received 10-15 spam emails each day there. (Just like these coincidentally.) So I'll never do that again. Actually gmail works quite well at spam filtering and also with cubecart, and no problems until now with this hacker creating emails that appear to be sent from me, somehow using the cubecart store. Although I didn't open the spam email, I noticed in the gmail inbox list that it was not actually sent to my gmail address per se, but sent to mycubecartstore.com, which does not even have an email account set up! And then recorded in the cubecart mail log?! Is there any way I can beef up my store's security to stop these spam emails from going thru my cubecart email? I'm using cubecart 6.2.1 and probably will not upgrade due to some modifications done successfully with this version. Link to comment Share on other sites More sharing options...
Al Brookbanks Posted July 1, 2019 Share Posted July 1, 2019 Get Google reCaptcha Checkbox turned on ASAP. Link to comment Share on other sites More sharing options...
bws Posted July 1, 2019 Author Share Posted July 1, 2019 That sounds like a good idea. I went to the store to turn it on. Never used it before, there are 2 choices - v2 and Invisible. Which would be best to use? Link to comment Share on other sites More sharing options...
bsmither Posted July 1, 2019 Share Posted July 1, 2019 We would like to see the headers of one of these emails you received at your gmail account. The From: address is simply an indication - there is 'envelope-sender' in the headers that will show who actually sent it. The content certainly suggests it came from the store's Contact Us page. So, on the Store Settings, Advanced tab, that email address is the 'envelope-sender'. There is also the 'reply-to' header that email programs should use when replying (instead of back to the store's email address). Choose Invisible. If you are using a third-party skin that is not a direct adaptation from Foundation, you may need to have some assistance in getting it compliant to use the latest reCaptcha javascript. Link to comment Share on other sites More sharing options...
bws Posted July 1, 2019 Author Share Posted July 1, 2019 thanks for the advice, I will go with Invisible. Today I'll be learning about the reCAPTCHA.. About the headers of the email, I didn't want to open it up since I knew it was spam, but later today I can use a different computer and try it. I just open the email and copy everything? Link to comment Share on other sites More sharing options...
bsmither Posted July 1, 2019 Share Posted July 1, 2019 No. Each email program will have its own way of showing headers. The program may offer the user a "Source Code" view or similar. Link to comment Share on other sites More sharing options...
bws Posted July 1, 2019 Author Share Posted July 1, 2019 Okay, today I'll be learning about producing an email header using gmail. I'll post the header this afternoon. Link to comment Share on other sites More sharing options...
bws Posted July 1, 2019 Author Share Posted July 1, 2019 Original Message Message ID <9541e247dfa7019cfb8ff4529ff72395@jayscubecartstore> Created at: Mon, Jun 17, 2019 at 4:50 AM (Delivered after 1 second) From: "jayscubecartstore" <[email protected]> Using PHPMailer 5.2.21 (https://github.com/PHPMailer/PHPMailer) To: "jayscubecartstore" <[email protected]> Subject: cheap essays to buy vcen DKIM: 'PASS' with domain jayscubecartstore Learn more Delivered-To: [email protected] Received: by 2002:a25:4b01:0:0:0:0:0 with SMTP id y1csp2470020yba; Mon, 17 Jun 2019 03:50:22 -0700 (PDT) X-Google-Smtp-Source: APXvYqxJJWxHuaP51q1l71u9y5gz40kQ43cqGx1/m3tyrcQfRl4C13MslGCfERtgGHgo/s9ZX05b X-Received: by 2002:a19:c383:: with SMTP id t125mr48739009lff.89.1560768621923; Mon, 17 Jun 2019 03:50:21 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1560768621; cv=none; d=google.com; s=arc-20160816; b=pw+e/PR7VdS6Q6QkqugelGsSYw0DQ43eSBZjG9/lZvwCzwdmq6xa4mtlHkiIilwVpU p74ueQ84NVkmtWwEZyHs6BQHKfAMlzUXa3wPZqHXr56vRsyGfcOfaT0QacUq1PvIMvwU zPEmbDb+xgiKuntwlznl51fBa3CKjfqmy/NJ0RLGMb5/GrVrqi95k+fMdjky3iGZJZLV V1f/w31ww7D9xTvZd/xok+1g4TZAYyieoIaTmckHm74LH/C0OfVXOeMfDRz4Tpfx07rN fkRQfJyB0K+wHY3DCBBaC3CENbmqcmpYuA1HIbaJZcG73Jf6rocq9ygx1cM1bxScAnOy meZw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=mime-version:message-id:reply-to:from:date:subject:to :dkim-signature; bh=u2T92kM7bQ+55vStknbNs3cYzCpHISMOodRe81+lnrg=; b=dfkVPjHBPgWKFhlxDw/eL0FKifK5zr0hrBebWcms3l6fTvaTZVlX1iDnipc3MJsKD3 A9kyKk+t6l9lWU+/Z7FeLHtMZ5t8WImOKt1dIN/feKrHFhjVjbzwU6FWlrIpwqwnu8tD I1ltniWbpTE3I8g9B5VVbdAZLluWk1dv5kSM76ocR0hRBr86aK5brKRVugW0X4XB6cE/ JesMMsRSMNBpfPN97h+Kn8vcQcfmrjemYhKFvd3zXKzYFsoKpN6eo0mTocw/0p/KNnQZ Euf0uC+5kJfMF/TYwZSZfvLk6ZPF0uzb3QeWawdXyihtqppu91xGaTbc2VKreObrJMLR qtlw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@jayscubecartstore header.s=default header.b="JZyn/3g7"; spf=pass (google.com: best guess record for domain of [email protected] designates 109.95.210.24 as permitted sender) [email protected]; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: <[email protected]> Received: from sr2.rustelekom.net (sr2.rustelekom.net. [109.95.210.24]) by mx.google.com with ESMTPS id 25si11570018ljs.122.2019.06.17.03.50.21 for <[email protected]> (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 17 Jun 2019 03:50:21 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of [email protected] designates 109.95.210.24 as permitted sender) client-ip=109.95.210.24; Authentication-Results: mx.google.com; dkim=pass header.i=@jayscubecartstore header.s=default header.b="JZyn/3g7"; spf=pass (google.com: best guess record for domain of [email protected] designates 109.95.210.24 as permitted sender) [email protected]; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=jayscubecartstore; s=default; h=Content-Type:MIME-Version:Message-ID: Reply-To:From:Date:Subject:To:Sender:Cc:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=u2T92kM7bQ+55vStknbNs3cYzCpHISMOodRe81+lnrg=; b=JZyn/3g7XDalGnksdNKP3bfSmE RM0QXanupFlS5kOavAp8pgQ1fKM1VA8aAyVYsNrJb5nly4YFO2CP9t0SPawq411AviKYFdX8lZ9+9 QVVbQatmTWF79fLOXD9TNYpBNuGSyEcTxXTKDZodtm2eOm+u7+x6bulzIfhIeNjLcUiYUGSITq0Fm 81aJ5mPF/JRWW6N0NKKMpfAQQ0RU68Yg+2K6y/p5wleWe/HkffInDD+WZbKQv6H2tShinw6fw+NZn ixvtU4Yv+tUig7fFI+FrnrsMk+G/ORpq3zaONpI3r7FxvlSMHjz7U1zZXiAX1zYdtNUuHnqZjhyli LFhqGrHw==; Received: from user3067 by sr2.rustelekom.net with local (Exim 4.91) (envelope-from <[email protected]>) id 1hcpDR-0003ZK-5f for [email protected]; Mon, 17 Jun 2019 13:50:21 +0300 To: "jayscubecartstore" <[email protected]> Subject: cheap essays to buy vcen X-PHP-Script: jayscubecartstore/v6.2.1/index.php for 5.188.210.6 Date: Mon, 17 Jun 2019 04:50:20 -0600 From: "jayscubecartstore" <[email protected]> Reply-To: e5w7u9m0 <[email protected]> Message-ID: <9541e247dfa7019cfb8ff4529ff72395@jayscubecartstore> X-Mailer: PHPMailer 5.2.21 (https://github.com/PHPMailer/PHPMailer) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - sr2.rustelekom.net X-AntiAbuse: Original Domain - gmail.com X-AntiAbuse: Originator/Caller UID/GID - [1208 993] / [47 12] X-AntiAbuse: Sender Address Domain - sr2.rustelekom.net X-Get-Message-Sender-Via: sr2.rustelekom.net: authenticated_id: user3067/only user confirmed/virtual account not confirmed X-Authenticated-Sender: sr2.rustelekom.net: user3067 X-Source: X-Source-Args: X-Source-Dir: jayscubecartstore:/public_html/v6.2.1 e5w7u9m0 <[email protected]> wrote to jayscubecartstore: --------------- cheap law essay writing service - cheap essay services cheap essay writing service usa - cheap custom essays online https://cheapessay.us/ --------------- This email is sent from the store's master email address but it is possible to reply directly to the sender using the reply button on your email software. Link to comment Share on other sites More sharing options...
bws Posted July 1, 2019 Author Share Posted July 1, 2019 Okay, I set up reCAPTCHA v2 Invisible. Any way I can test it to see if it's working in my store? Link to comment Share on other sites More sharing options...
bws Posted July 1, 2019 Author Share Posted July 1, 2019 I guess it must be working, on the front page of my store I now see a "Protected by reCAPTCHA" icon! And hopefully no more bot spam! Thanks Al Brookbanks and bsmither for the good advice. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.