Elxis CMS Forum
Support => Security => Topic started by: seadhna on October 27, 2023, 11:45:23
-
hi datahell,
some kind of bot is attempting to share an article on our site hundreds of times using the EMAIL_TO_FRIEND function.
It's the same article every time - we are receiving "message undelivered" messages from our host because we have exceeded our quota.
I've just turned off the function on the article in question, but is there a log anywhere of who is using this function - who attempted to share the article? so that we can add the IP to the defender_ban list.
Thanks for any advice!
-
I am aware of this problem. We have already improved security in this feature in the upcoming Elxis 5.4+ that will be released. When you see an updated release with a higher revision number please perform the update. The problem is that there is a parameter from which you can hide the display of "Send to friend" icon, however the feature does not gets disabled, you just hide the icon. So, some advanced bot may send directly to Elxis send to friend requests and emails will be send (some advanced bots can bypass even the captcha tools..).
If you need an urgent fix before the Elxis release do the following (instructions for Elxis 5.4).
Open file components/com_content/controllers/generic.php
Locate this block between line 242 and 255:
if ($row->catid > 0) {
...
} else {
$row->link = $row->seotitle.'.html';
$category_title = '';
}
Add below:
$params = $this->combinedArticleParams($row->params, $row->catid);
if ($params->get('art_email', 0) < 1) {
$this->view->base_errorScreen('Sending emails is disabled for this article!');
return;
}
unset($params);
Save the file.
Now, go to Extensions > Components > Click Content and in tab Parameters set Send to Friend to "Hide".
Save parameters.
Make sure you have "Send to Friend" option in all articles either to "Global setting" or "Hide" (edit a few articles and check the parameters tab).
Send to friend has been disabled globally.
-
Thank you, perfect!