Jump to content

My cubecart store is sending me spam!

Recommended Posts

For the past month I've received a few spam messages in my gmail account, and noticed that gmail thinks they were sent by me (by same email as my account) but this has happened in the past occasionally. My gmail account is set up so that I receive "all" mail sent by my own email address, this is so I get all the store emails when someone places an order, or I place a test order myself. Otherwise most of these would end up in the spam folder. So I get these spam as well as the genuine store mail in my inbox.
 I'm working on my store now, because I only use it part time and I'm thinking of having a July 4 sale now. I was reviewing the downloaded db and saw the same spam emails that I had received earlier in the month. I did some research to see if anyone using cubecart had had these types of problems before, but didn't see anything except something from about 10 years ago that had been fixed.
 I noticed that in the cubecart db log, in genuine order emails, the to and from fields are both my gmail address. In the spam emails, the to field is same but "from" is another email address. However, when it gets to my gmail inbox it says the sender is me, so somehow gmail is seeing the spam messages as being sent by me, even though the "from" field in the email log is a different address.933185404_emailspaminbox.thumb.jpg.b0f480341194bfd735e22763c40aaafc.jpg

It does say on the gmail inbox line - <[email protected]> wrote to jayscubecartstore.com: stupid spam message blah blah blah.. So I don't know why gmail thinks it was sent by me and I don't know how it's being done, but he may be able to send mail to others with it appearing to come from my gmail account, or from my server or cubecart store. That would cause my email account to get flagged as a spam account.  By the way, I do not have email set up on my server, because I tried that at the server previous, and received 10-15 spam emails each day there. (Just like these coincidentally.) So I'll never do that again. Actually gmail works quite well at spam filtering and also with cubecart, and no problems until now with this hacker creating emails that appear to be sent from me, somehow using the cubecart store.
 Although I didn't open the spam email, I noticed in the gmail inbox list that it was not actually sent to my gmail address per se, but sent to mycubecartstore.com, which does not even have an email account set up! And then recorded in the cubecart mail log?!
 Is there any way I can beef up my store's security to stop these spam emails from going thru my cubecart email? I'm using cubecart 6.2.1 and probably will not upgrade due to some modifications done successfully with this version.



email spam db.jpg

Link to post
Share on other sites

We would like to see the headers of one of these emails you received at your gmail account.

The From: address is simply an indication - there is 'envelope-sender' in the headers that will show who actually sent it.

The content certainly suggests it came from the store's Contact Us page. So, on the Store Settings, Advanced tab, that email address is the 'envelope-sender'. There is also the 'reply-to' header that email programs should use when replying (instead of back to the store's email address).

Choose Invisible.

If you are using a third-party skin that is not a direct adaptation from Foundation, you may need to have some assistance in getting it compliant to use the latest reCaptcha javascript.


Edited by bsmither
Link to post
Share on other sites

thanks for the advice, I will go with Invisible.

Today I'll be learning about the reCAPTCHA..   About the headers of the email, I didn't want to open it up since I knew it was spam, but later today I can use a different computer and try it. I just open the email and copy everything?


Link to post
Share on other sites

Original Message
Message ID    <[email protected]>
Created at:    Mon, Jun 17, 2019 at 4:50 AM (Delivered after 1 second)
From:    "jayscubecartstore" <[email protected]> Using PHPMailer 5.2.21 (https://github.com/PHPMailer/PHPMailer)
To:    "jayscubecartstore" <[email protected]>
Subject:    cheap essays to buy vcen
DKIM:    'PASS' with domain jayscubecartstore Learn more

Delivered-To: [email protected]
Received: by 2002:a25:4b01:0:0:0:0:0 with SMTP id y1csp2470020yba;
        Mon, 17 Jun 2019 03:50:22 -0700 (PDT)
X-Google-Smtp-Source: APXvYqxJJWxHuaP51q1l71u9y5gz40kQ43cqGx1/m3tyrcQfRl4C13MslGCfERtgGHgo/s9ZX05b
X-Received: by 2002:a19:c383:: with SMTP id t125mr48739009lff.89.1560768621923;
        Mon, 17 Jun 2019 03:50:21 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1560768621; cv=none;
        d=google.com; s=arc-20160816;
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass [email protected] header.s=default header.b="JZyn/3g7";
       spf=pass (google.com: best guess record for domain of [email protected] designates as permitted sender) [email protected];
       dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Return-Path: <[email protected]>
Received: from sr2.rustelekom.net (sr2.rustelekom.net. [])
        by mx.google.com with ESMTPS id 25si11570018ljs.122.2019.
        for <[email protected]>
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Mon, 17 Jun 2019 03:50:21 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of [email protected] designates as permitted sender) client-ip=;
Authentication-Results: mx.google.com;
       dkim=pass [email protected] header.s=default header.b="JZyn/3g7";
       spf=pass (google.com: best guess record for domain of [email protected] designates as permitted sender) [email protected];
       dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=jayscubecartstore; s=default; h=Content-Type:MIME-Version:Message-ID: Reply-To:From:Date:Subject:To:Sender:Cc:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=u2T92kM7bQ+55vStknbNs3cYzCpHISMOodRe81+lnrg=; b=JZyn/3g7XDalGnksdNKP3bfSmE RM0QXanupFlS5kOavAp8pgQ1fKM1VA8aAyVYsNrJb5nly4YFO2CP9t0SPawq411AviKYFdX8lZ9+9 QVVbQatmTWF79fLOXD9TNYpBNuGSyEcTxXTKDZodtm2eOm+u7+x6bulzIfhIeNjLcUiYUGSITq0Fm 81aJ5mPF/JRWW6N0NKKMpfAQQ0RU68Yg+2K6y/p5wleWe/HkffInDD+WZbKQv6H2tShinw6fw+NZn ixvtU4Yv+tUig7fFI+FrnrsMk+G/ORpq3zaONpI3r7FxvlSMHjz7U1zZXiAX1zYdtNUuHnqZjhyli LFhqGrHw==;
Received: from user3067 by sr2.rustelekom.net with local (Exim 4.91) (envelope-from <[email protected]>) id 1hcpDR-0003ZK-5f for [email protected]; Mon, 17 Jun 2019 13:50:21 +0300
To: "jayscubecartstore" <[email protected]>
Subject: cheap essays to buy
X-PHP-Script: jayscubecartstore/v6.2.1/index.php for
Date: Mon, 17 Jun 2019 04:50:20 -0600
From: "jayscubecartstore" <[email protected]>
Reply-To: e5w7u9m0 <[email protected]>
Message-ID: <[email protected]>
X-Mailer: PHPMailer 5.2.21 (https://github.com/PHPMailer/PHPMailer)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - sr2.rustelekom.net
X-AntiAbuse: Original Domain - gmail.com
X-AntiAbuse: Originator/Caller UID/GID - [1208 993] / [47 12]
X-AntiAbuse: Sender Address Domain - sr2.rustelekom.net
X-Get-Message-Sender-Via: sr2.rustelekom.net: authenticated_id: user3067/only user confirmed/virtual account not confirmed
X-Authenticated-Sender: sr2.rustelekom.net: user3067
X-Source-Dir: jayscubecartstore:/public_html/v6.2.1

e5w7u9m0 <[email protected]> wrote to jayscubecartstore:
cheap law essay writing service - cheap essay services
cheap essay writing service usa - cheap custom essays online

This email is sent from the store's master email address but it is possible to reply directly to the sender using the reply button on your email software.


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...