Welcome,
Guest
.
Please
login
or
register
.
Did you miss your
activation email
?
News:
Download Elxis CMS:
Elxis 5.5 Hermes
.
Home
Help
Login
Register
Elxis CMS Forum
»
Support
»
Security
»
Is there a log of IP addresses using the EMAIL_TO_FRIEND ?
« previous
next »
Print
Pages: [
1
]
Author
Topic: Is there a log of IP addresses using the EMAIL_TO_FRIEND ? (Read 4258 times)
seadhna
Hero Member
Posts: 509
Is there a log of IP addresses using the EMAIL_TO_FRIEND ?
«
on:
October 27, 2023, 11:45:23 »
hi datahell,
some kind of bot is attempting to share an article on our site hundreds of times using the EMAIL_TO_FRIEND function.
It's the same article every time - we are receiving "message undelivered" messages from our host because we have exceeded our quota.
I've just turned off the function on the article in question, but is there a log anywhere of who is using this function - who attempted to share the article? so that we can add the IP to the defender_ban list.
Thanks for any advice!
Logged
datahell
Elxis Team
Hero Member
Posts: 10358
Re: Is there a log of IP addresses using the EMAIL_TO_FRIEND ?
«
Reply #1 on:
October 28, 2023, 20:25:54 »
I am aware of this problem.
We have already improved security in this feature in the upcoming Elxis 5.4+ that will be released.
When you see an updated release with a higher revision number
please perform the update
. The problem is that there is a parameter from which you can hide the display of "Send to friend" icon, however the feature does not gets disabled, you just hide the icon. So, some
advanced bot
may send directly to Elxis send to friend requests and emails will be send (some advanced bots can bypass even the captcha tools..).
If you need an urgent fix before the Elxis release do the following (instructions for Elxis 5.4).
Open file
components/com_content/controllers/generic.php
Locate this block between line 242 and 255:
if ($row->catid > 0) {
...
} else {
$row->link = $row->seotitle.'.html';
$category_title = '';
}
Add below:
$params = $this->combinedArticleParams($row->params, $row->catid);
if ($params->get('art_email', 0) < 1) {
$this->view->base_errorScreen('Sending emails is disabled for this article!');
return;
}
unset($params);
Save the file.
Now, go to Extensions > Components > Click Content and in tab Parameters set
Send to Friend
to "
Hide
".
Save parameters.
Make sure you have "Send to Friend" option in all articles either to "Global setting" or "Hide" (edit a few articles and check the parameters tab).
Send to friend has been disabled globally.
«
Last Edit: October 28, 2023, 20:41:14 by datahell
»
Logged
Elxis Team
|
Is Open Source
|
IOS Rentals | IOS AERO
seadhna
Hero Member
Posts: 509
Re: Is there a log of IP addresses using the EMAIL_TO_FRIEND ?
«
Reply #2 on:
October 30, 2023, 10:31:16 »
Thank you, perfect!
Logged
Print
Pages: [
1
]
« previous
next »
Elxis CMS Forum
»
Support
»
Security
»
Is there a log of IP addresses using the EMAIL_TO_FRIEND ?