Support Forum

Every time that you post a problem, PLEASE add the Joomla and the extension's versions and revisions (for example: Joomla 3.3.6, Contact Enhanced 3.3.5), PHP version and Server's Operating System. If you only manage only one site it is easier if you edit your profile and just add that information to your signature. Don't forget to add a detailed description of the problem. If possible, write down all steps to simulate the problem.

Before submitting a new post, PLEASE make sure you are running the latest version, test in different browsers (IE, FF, Chrome,..) and clear Joomla and browser's cache after every change you make.

Also, most questions are already answered in our FAQ and in iFAQ and Contact Enhanced documentation pages.

  1. Forum
  3. Ideal Joomla Extensions
  5. Component: Contact Enhanced
  7. Email Injection Attacks
× Contact Enhanced is a contact component manager created to replace Joomla! core contacts component and add lots of advantages and new features (see Features ) and it offers many plugins and modules for several different purposes,
Product page | Documentation Page

Email Injection Attacks

8 months 3 days ago #27018 by CWJMedia
Hi Douglas,

Can you suggest the best way to prevent Email Injection Attacks. We have been receiving lots of emails where the subject line is injected by spammers.

Thanks,

Chris

Please Log in or Create an account to join the conversation.

8 months 3 days ago #27019 by support
Dear Chris,

I'm not exactly sure what you mean by "subject line is injected by spammers". Is the email legit, but the subject line is changed?

In the component options under the Security Tab there are a few options that might help you to increase security.
If the "injected" subject is always the same you can add it to the "Banned Subject" list.

Best regards,
Douglas Machado
iStoreLocator | iFAQ | Ideal Related Articles | Contact Enhanced

Please Log in or Create an account to join the conversation.

8 months 3 days ago #27020 by CWJMedia
Hi,

The email is legit from the site but the subject line is changed. They are always different subject lines so adding them to the banned list is not an option. Is there a way to only allow the specific subject line, such as "website enquiry form"

Thanks

Please Log in or Create an account to join the conversation.

8 months 3 days ago #27021 by support
That's very strange.

You can remove the Subject Form Field, so it will use the default subject: "New form submission"

I've never had this problem before, but if the email is legit and only the subject is changed upon form submission, then the first thing that comes to mind is that your site might be compromised. A hacker might have changed the Contact Enhanced source code or a plugin that is changing the subject line. I'm not affirming that's the case, but it's one possibility.

Are you running the latest Contact Enhanced, PHP, and Joomla versions?

Can you provide a direct link to the form?

Try updating Contact Enhanced, even if you already have the latest version.
Douglas Machado
iStoreLocator | iFAQ | Ideal Related Articles | Contact Enhanced

Please Log in or Create an account to join the conversation.

  1. Forum
  3. Ideal Joomla Extensions
  5. Component: Contact Enhanced
  7. Email Injection Attacks
Powered by Kunena Forum

Copyright © 2018 IdealExtensions.com. All Rights Reserved.

This site is not affiliated with or endorsed by the Joomla!™ Project. It is not supported or warranted by the Joomla!™ Project or Open Source Matters™. The Joomla!™ logo is used under a limited license granted by Open Source Matters™, the trademark holder in the United States and other countries.
We may collect your IP address and your browser's User Agent string while using our site for security reasons and deriving aggregate information (analytics). This information is retained for a minimum of 1 and a maximum of 24 months.
Feedback