Jump to content
Sign in to follow this  
bws

My cubecart store is sending me spam!

Recommended Posts

For the past month I've received a few spam messages in my gmail account, and noticed that gmail thinks they were sent by me (by same email as my account) but this has happened in the past occasionally. My gmail account is set up so that I receive "all" mail sent by my own email address, this is so I get all the store emails when someone places an order, or I place a test order myself. Otherwise most of these would end up in the spam folder. So I get these spam as well as the genuine store mail in my inbox.
 
 I'm working on my store now, because I only use it part time and I'm thinking of having a July 4 sale now. I was reviewing the downloaded db and saw the same spam emails that I had received earlier in the month. I did some research to see if anyone using cubecart had had these types of problems before, but didn't see anything except something from about 10 years ago that had been fixed.
 
 I noticed that in the cubecart db log, in genuine order emails, the to and from fields are both my gmail address. In the spam emails, the to field is same but "from" is another email address. However, when it gets to my gmail inbox it says the sender is me, so somehow gmail is seeing the spam messages as being sent by me, even though the "from" field in the email log is a different address.933185404_emailspaminbox.thumb.jpg.b0f480341194bfd735e22763c40aaafc.jpg

It does say on the gmail inbox line - <[email protected]> wrote to jayscubecartstore.com: stupid spam message blah blah blah.. So I don't know why gmail thinks it was sent by me and I don't know how it's being done, but he may be able to send mail to others with it appearing to come from my gmail account, or from my server or cubecart store. That would cause my email account to get flagged as a spam account.  By the way, I do not have email set up on my server, because I tried that at the server previous, and received 10-15 spam emails each day there. (Just like these coincidentally.) So I'll never do that again. Actually gmail works quite well at spam filtering and also with cubecart, and no problems until now with this hacker creating emails that appear to be sent from me, somehow using the cubecart store.
 
 Although I didn't open the spam email, I noticed in the gmail inbox list that it was not actually sent to my gmail address per se, but sent to mycubecartstore.com, which does not even have an email account set up! And then recorded in the cubecart mail log?!
 
 Is there any way I can beef up my store's security to stop these spam emails from going thru my cubecart email? I'm using cubecart 6.2.1 and probably will not upgrade due to some modifications done successfully with this version.

 

 

email spam db.jpg

Share this post


Link to post
Share on other sites

That sounds like a good idea.  I went to the store to turn it on. Never used it before, there are 2 choices - v2 and Invisible. Which would be best to use?

Share this post


Link to post
Share on other sites
Posted (edited)

We would like to see the headers of one of these emails you received at your gmail account.

The From: address is simply an indication - there is 'envelope-sender' in the headers that will show who actually sent it.

The content certainly suggests it came from the store's Contact Us page. So, on the Store Settings, Advanced tab, that email address is the 'envelope-sender'. There is also the 'reply-to' header that email programs should use when replying (instead of back to the store's email address).

Choose Invisible.

If you are using a third-party skin that is not a direct adaptation from Foundation, you may need to have some assistance in getting it compliant to use the latest reCaptcha javascript.

 

Edited by bsmither

Share this post


Link to post
Share on other sites

thanks for the advice, I will go with Invisible.

Today I'll be learning about the reCAPTCHA..   About the headers of the email, I didn't want to open it up since I knew it was spam, but later today I can use a different computer and try it. I just open the email and copy everything?

 

Share this post


Link to post
Share on other sites

No. Each email program will have its own way of showing headers. The program may offer the user a "Source Code" view or similar.

Share this post


Link to post
Share on other sites

Okay, today I'll be learning about producing an email header using gmail.

I'll post the header this afternoon.

Share this post


Link to post
Share on other sites

Original Message
Message ID    <[email protected]>
Created at:    Mon, Jun 17, 2019 at 4:50 AM (Delivered after 1 second)
From:    "jayscubecartstore" <[email protected]> Using PHPMailer 5.2.21 (https://github.com/PHPMailer/PHPMailer)
To:    "jayscubecartstore" <[email protected]>
Subject:    cheap essays to buy vcen
DKIM:    'PASS' with domain jayscubecartstore Learn more


Delivered-To: [email protected]
Received: by 2002:a25:4b01:0:0:0:0:0 with SMTP id y1csp2470020yba;
        Mon, 17 Jun 2019 03:50:22 -0700 (PDT)
X-Google-Smtp-Source: APXvYqxJJWxHuaP51q1l71u9y5gz40kQ43cqGx1/m3tyrcQfRl4C13MslGCfERtgGHgo/s9ZX05b
X-Received: by 2002:a19:c383:: with SMTP id t125mr48739009lff.89.1560768621923;
        Mon, 17 Jun 2019 03:50:21 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1560768621; cv=none;
        d=google.com; s=arc-20160816;
        b=pw+e/PR7VdS6Q6QkqugelGsSYw0DQ43eSBZjG9/lZvwCzwdmq6xa4mtlHkiIilwVpU
         p74ueQ84NVkmtWwEZyHs6BQHKfAMlzUXa3wPZqHXr56vRsyGfcOfaT0QacUq1PvIMvwU
         zPEmbDb+xgiKuntwlznl51fBa3CKjfqmy/NJ0RLGMb5/GrVrqi95k+fMdjky3iGZJZLV
         V1f/w31ww7D9xTvZd/xok+1g4TZAYyieoIaTmckHm74LH/C0OfVXOeMfDRz4Tpfx07rN
         fkRQfJyB0K+wHY3DCBBaC3CENbmqcmpYuA1HIbaJZcG73Jf6rocq9ygx1cM1bxScAnOy
         meZw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=mime-version:message-id:reply-to:from:date:subject:to
         :dkim-signature;
        bh=u2T92kM7bQ+55vStknbNs3cYzCpHISMOodRe81+lnrg=;
        b=dfkVPjHBPgWKFhlxDw/eL0FKifK5zr0hrBebWcms3l6fTvaTZVlX1iDnipc3MJsKD3
         A9kyKk+t6l9lWU+/Z7FeLHtMZ5t8WImOKt1dIN/feKrHFhjVjbzwU6FWlrIpwqwnu8tD
         I1ltniWbpTE3I8g9B5VVbdAZLluWk1dv5kSM76ocR0hRBr86aK5brKRVugW0X4XB6cE/
         JesMMsRSMNBpfPN97h+Kn8vcQcfmrjemYhKFvd3zXKzYFsoKpN6eo0mTocw/0p/KNnQZ
         Euf0uC+5kJfMF/TYwZSZfvLk6ZPF0uzb3QeWawdXyihtqppu91xGaTbc2VKreObrJMLR
         qtlw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass [email protected] header.s=default header.b="JZyn/3g7";
       spf=pass (google.com: best guess record for domain of [email protected] designates 109.95.210.24 as permitted sender) [email protected];
       dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Return-Path: <[email protected]>
Received: from sr2.rustelekom.net (sr2.rustelekom.net. [109.95.210.24])
        by mx.google.com with ESMTPS id 25si11570018ljs.122.2019.06.17.03.50.21
        for <[email protected]>
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Mon, 17 Jun 2019 03:50:21 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of [email protected] designates 109.95.210.24 as permitted sender) client-ip=109.95.210.24;
Authentication-Results: mx.google.com;
       dkim=pass [email protected] header.s=default header.b="JZyn/3g7";
       spf=pass (google.com: best guess record for domain of [email protected] designates 109.95.210.24 as permitted sender) [email protected];
       dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=jayscubecartstore; s=default; h=Content-Type:MIME-Version:Message-ID: Reply-To:From:Date:Subject:To:Sender:Cc:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=u2T92kM7bQ+55vStknbNs3cYzCpHISMOodRe81+lnrg=; b=JZyn/3g7XDalGnksdNKP3bfSmE RM0QXanupFlS5kOavAp8pgQ1fKM1VA8aAyVYsNrJb5nly4YFO2CP9t0SPawq411AviKYFdX8lZ9+9 QVVbQatmTWF79fLOXD9TNYpBNuGSyEcTxXTKDZodtm2eOm+u7+x6bulzIfhIeNjLcUiYUGSITq0Fm 81aJ5mPF/JRWW6N0NKKMpfAQQ0RU68Yg+2K6y/p5wleWe/HkffInDD+WZbKQv6H2tShinw6fw+NZn ixvtU4Yv+tUig7fFI+FrnrsMk+G/ORpq3zaONpI3r7FxvlSMHjz7U1zZXiAX1zYdtNUuHnqZjhyli LFhqGrHw==;
Received: from user3067 by sr2.rustelekom.net with local (Exim 4.91) (envelope-from <[email protected]>) id 1hcpDR-0003ZK-5f for [email protected]; Mon, 17 Jun 2019 13:50:21 +0300
To: "jayscubecartstore" <[email protected]>
Subject: cheap essays to buy
  vcen
X-PHP-Script: jayscubecartstore/v6.2.1/index.php for 5.188.210.6
Date: Mon, 17 Jun 2019 04:50:20 -0600
From: "jayscubecartstore" <[email protected]>
Reply-To: e5w7u9m0 <[email protected]>
Message-ID: <[email protected]>
X-Mailer: PHPMailer 5.2.21 (https://github.com/PHPMailer/PHPMailer)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - sr2.rustelekom.net
X-AntiAbuse: Original Domain - gmail.com
X-AntiAbuse: Originator/Caller UID/GID - [1208 993] / [47 12]
X-AntiAbuse: Sender Address Domain - sr2.rustelekom.net
X-Get-Message-Sender-Via: sr2.rustelekom.net: authenticated_id: user3067/only user confirmed/virtual account not confirmed
X-Authenticated-Sender: sr2.rustelekom.net: user3067
X-Source:
X-Source-Args:
X-Source-Dir: jayscubecartstore:/public_html/v6.2.1

e5w7u9m0 <[email protected]> wrote to jayscubecartstore:
---------------
cheap law essay writing service - cheap essay services
cheap essay writing service usa - cheap custom essays online
https://cheapessay.us/
---------------

This email is sent from the store's master email address but it is possible to reply directly to the sender using the reply button on your email software.

 

Share this post


Link to post
Share on other sites

Okay, I set up reCAPTCHA v2 Invisible. Any way I can test it to see if it's working in my store?

 

 

Share this post


Link to post
Share on other sites

I guess it must be working, on the front page of my store I now see a "Protected by reCAPTCHA" icon!

And hopefully no more bot spam!

Thanks Al Brookbanks  and bsmither  for the good advice.

 

 

  • Like 1

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

×
×
  • Create New...