Jump to content

email blacklist ? cubecart contact form?


foz1234
 Share

Recommended Posts

My host fasthive moved my IP because my email was blacklisted with barracuda, then after 3 weeks new ip was blacklisted by UCEPROTECTL3, after closer inspection i found a test email account that the host had left in cpanel from when i had some issue previously, i had already changed my email passwords to the strongest 18 character password possible in cpanel that included upper/lower/special characters but not on this test email account as i assumed this was part of cpanel set up, deleted this account 2 weeks ago, i personally think this was compromised but i may be wrong that is just an assumption.

Now i have asked them to sort this out but there reply was:- 

It doesn't necessarily mean that you are sending out Spam, but it could be a contact form on your website that is infected and being used to send out spam

so if this is the case, is there anyway to check for this? i need to go back to them and prove this is not Cubecart that is infected but i have no idea how i can find this out, help required as i don't have a clue how i can check for this.

i had issues with russian emails reaching me, sent from my website, but thanks to brian this has since stopped.

Thanks in advance

Link to comment
Share on other sites

If it is not in the Email Log, there isn't any other place in CubeCart that would record email activity.

You would need to get one of these suspect emails -- the complete email including headers -- and determine the originating location.

 

Link to comment
Share on other sites

No longer receiving those emails Brian since you helped me with the script for false accounts and adding the russian characters part, i honestly don't think this is related, i do believe the [email protected] was compromised and the hosing company are just not helping as i am on a fixed ip and assume this would cost money to move me again, is there any way to test the website for any infection and if its being used for spam? if i can prove its not infected it must have been the test email they left on there and if thats the case i should be moved to a new ip free of charge.

  

Link to comment
Share on other sites

"is there any way to test the website for any infection and if its being used for spam?"

There is one place that has been used in the past. In admin, Manage Hooks, Code Snippets tab, examine the list for any snippets you do not recognize.

Otherwise, FTP download the entire site to your local workstation, fetch a copy of that version of CubeCart from Cubecart's download center, and make a filename-by-filename comparison on the byte size.

Then, as I said, you would need to get one of these suspect emails -- the complete email including headers -- and determine the originating location.

 

Link to comment
Share on other sites

nothing in hooks looks out of place, only 2 snippets Brian - 

Makes new query to get latest products ordered by price & sorts the products image gallery by image filename.

only php code is:

?php
$query = sprintf("SELECT I.* FROM `%1\$sCubeCart_inventory` AS I JOIN `%1\$sCubeCart_category` AS C ON C.cat_id=I.cat_id AND C.`status`=1 AND $where ORDER BY I.price DESC, I.product_id DESC", $GLOBALS['config']->get('config', 'dbprefix'));
$latestProducts = $GLOBALS['db']->query($query, (int)$GLOBALS['config']->get('config', 'catalogue_latest_products_count'));

email headers are same after opening them up, tested against one i sent from my website myself only difference is time id & reply to i did notice 1 had a different port port=45754 others were port=43418   now to check the site against downloaded one with same version.

Added: Just been though and compared both sets of files, only old files left behind from previous upgrades dating back to 2016, all files are exact date and size, even downloaded the plugins and compared just in case. 

Ini-custom.inc.php edited

  

 

Edited by foz1234
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...