XF 1.4 fake confirmation emails are sent out

snoopy5

Well-known member
Hi

I upgraded to 1.4.1 and now my webhoster contacted me, that there are tons of fake confirmation emails send out over my server:

################################################

To: ***@gmail.com

Subject: Account Activation at myforum

From: "myforum" <webmaster@myforum.de>

Reply-To: webmaster@myforum.de

Content-Transfer-Encoding: 8bit

X-Priority: 3

X-MSMail-Priority: Normal

X-Mailer: MyBB

MIME-Version: 1.0

Content-Type: text/plain; charset=utf-8



epiparaye,



To complete the registration process on myforum, you will need to go to the URL below in your web browser.



http://myforum.de/forum/member.php?action=activate&uid=2826&code=DrT8jdKf



If the above link does not work correctly, go to



http://myforum.de/forum/member.php?action=activate



You will need to enter the following:

Username: epiparaye

Activation Code: DrT8jdKf



Thank you,

myforum Staff

################################################

How can this be possible? First, my default language is German, not English. Second I do not see any registration in ACP which are not yet validated. Third, I am not aware of that the normal confirmation email contains an activation code which can be entered manuelly. Fourth, this username "epiparaye" does not even exist in ACP.

My webhoster is blocking now my registration process. This is a nightmare!

So how can this be stopped and how were the spammers able to achieve this? Before 1.4.1 I had never an issue with this. I was running the addon FBHP against spam for 2 years without any problems.
 
Thank you so much. This seems to be the reason. I did not look close enough to the path the webhoster send me. Indeed there is a very old myBB testinstallation. I deleted it now and contacted the webhoster. Hopefully this is now solved...
 
Top Bottom