Posts by K.Rens

    Hi,


    - I just took some random parts from the mail logs, it just happens to not contain any hotmail/outlook mail addresses.


    - I do find those email addresses inside the users list.
    So maybe the spam issue and the mail logs are different issues?


    162.158.202.75 - - [24/Jun/2016:09:46:02 +0200] "POST /Register/? HTTP/1.1" 200 10413 "https://www.domain.com/Register/?l=2" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Firefox/24.0"


    162.158.202.100 - - [24/Jun/2016:10:17:36 +0200] "POST /Register/? HTTP/1.1" 200 10420 "https://www.domain.com/Register/?l=2" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Firefox/38.0"


    And a bit later they visit the RegisterActivation page.


    So looks like this is not the issue then, it's just registration bots.
    Strange, reCaptcha clearly isn't enough then...



    - The reported spam is real spam, with images and actual sales messages.
    Not a registration mail.
    So probably need to dig a bit deeper.



    Tx for the help!

    Hi,


    I recently got reports from Microsoft that my server was sending spam mails.
    It turns out Woltlab (wcf) is sending these spam mails!


    Hereby an excerpt from the website mail logs:

    Code
    [24-Jun-2016 07:13:45 Europe/Amsterdam] mail() on [/home/username/domains/domain.com/public_html/wcf/lib/system/mail/PHPMailSender.class.php:19]: To: Labrieaq8n <dgsdzaaxdxsxccss@apocztaz.com.pl> -- Headers: X-Priority: 3 X-Mailer: WoltLab Community Framework Mail Package From: WebsiteName <webmaster@domain.com> Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset=UTF-8 MIME-Version: 1.0
    [24-Jun-2016 08:39:11 Europe/Amsterdam] mail() on [/home/username/domains/domain.com/public_html/wcf/lib/system/mail/PHPMailSender.class.php:19]: To: frye3376 <all@azuma81106.ammuca.eu> -- Headers: X-Priority: 3 X-Mailer: WoltLab Community Framework Mail Package From: WebsiteName <webmaster@domain.com> Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset=UTF-8 MIME-Version: 1.0
    [24-Jun-2016 09:46:01 Europe/Amsterdam] mail() on [/home/username/domains/domain.com/public_html/wcf/lib/system/mail/PHPMailSender.class.php:19]: To: Viviengmt <qrhneduj@gmail4u.eu> -- Headers: X-Priority: 3 X-Mailer: WoltLab Community Framework Mail Package From: WebsiteName <webmaster@domain.com> Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset=UTF-8 MIME-Version: 1.0
    [24-Jun-2016 10:17:35 Europe/Amsterdam] mail() on [/home/username/domains/domain.com/public_html/wcf/lib/system/mail/PHPMailSender.class.php:19]: To: Donaldmqjx <bettyann@randox.securemail.co.pl> -- Headers: X-Priority: 3 X-Mailer: WoltLab Community Framework Mail Package From: WebsiteName <webmaster@domain.com> Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset=UTF-8 MIME-Version: 1.0


    I also found some files created in /tmp by the woltlab user!
    Eg:
    /tmp/phpSexPxI /tmp/phpmhWxZ8 /tmp/phpWggxkh /tmp/phpLgF77K /tmp/phpsjg6Jv /tmp/phpTxQNvJ /tmp/phpFf8MW6 /tmp/phpHXIEck


    All these files where base64 encoded php scripts.
    Eg: a file uploader.


    No other intrusions have been found, nor any rootkits.
    No weird server logins have been done.


    The hack looks like it came via woltlab.



    Now, in order to make woltlab a nice and secure environment, I think it would be good if I could work together with the Woltlab team to find out which script or package is unsecure.
    This allows Woltlab to remove this package from the store or to fix the issue.


    Questions:
    1) What is the best way to find out which script is sending these mails? Do I need to add some logging somewhere?
    2) Is there still a way to save my current Woltlab installation and make it secure again?



    Many thanks!

    I installed this week the latest 2 updates on my forum.


    Since then several javascript functions stopped working.


    Example 1:
    https://www.ictscripters.com/b…try/233-Doel-van-vandaag/
    Try clicking the picture to open it full screen.
    If you then press the X on the top right, it won't close the screen overlay.
    In the javascript console I get following error:


    Error: Syntax error, unrecognized expression: a[href$=#top],a[href$=#bottom]
    https://cdnjs.cloudflare.com/a…query/2.2.2/jquery.min.js
    Line 2



    Example 2:
    The expansion of code is no longer working in filebase.
    https://www.ictscripters.com/f…e/Entry/263-Script-Timer/
    Try clicking the Dutch text "Laat alles zien"
    It does nothing.
    Same error in firebug console.



    I already tried switching between cloudflare and google cdn, I tried updating to the latest version of jquery and jquery ui, but nothing solves it.


    Any clue what could be causing it or where to start looking?


    Thank you!

    Hi,


    Inside the page /NotificationSettings/ there is a line that does not use the given translation.
    I already changed it inside "Manage phrases", it is there and is written ok, but the website keeps displaying the string instead of the translation.


    String displayed:
    wcf.user.notification.de.joshsboard.wcf.jcoins.transfer.notification.jCoinsTransfer


    File that adds this:
    https://github.com/wbbaddons/J…userNotificationEvent.xml



    Where can I change it, so that he uses the translation added in the acp, instead of displaying the raw string?


    Thank you

    And is there some code in woltlab that I can use to do this, without having to "hack" it in the database?


    Which namespace, use and function could I use?

    Hello,


    I have a topic that needs to be sent back on top of the list (bumped) once per month.


    What is the best way to do this, without posting a reply and then deleting it?


    Can I change the value of "lastPostTime" to NOW() in the database table "`wbb1_thread`"?


    Thank you.

    Hello,


    I would like to link in the main menu to a board.
    It has following url:
    index.php/Board/31-Vraag-Aanbod-Werk/


    I tried to add a page menu link, using the internal link system:
    Controller: wbb\page\BoardPage
    Parameters: id=31


    But if I do this, it does not use the clean url system, the link will be:
    index.php/Board/?id=31


    It works, but since it's the header I want clean urls.
    I'm using the famous SEO package to clean up the links.


    How can I use the internal link system for the main menu?


    Thank you!