System Sending Fake PMs

Switching the PM system does not solve you problem, since it is not the PM system.

These notifications do not come from uddeIM (or if they are initiated by another component of yours).


btw: I have updated my previous post.

Do you use PHPmailer? Maybe this script is vulnerable?

slabbi wrote: Do you use PHPmailer? Maybe this script is vulnerable.

How would i determine that? i haven't installed that as a module/plugin/component.

i activated the CSRF setting in UddeIM. Just in case.

EDIT: When i set CSRF to YES i couldn't send messages, everything was a CSRF attack, so i set that to NO.

slabbi wrote: Do you use a 3rd party component that also uses uddeIM to send messages? There are several (CB, Autowelcome, Kunena Forum, Autouserpoints and so on). Maybe this component is not configured correctly.

It is the first time I hear about this. Please keep me informed.

Kunena connects to UddeIM by providing a link to the user.

i turned off Alpha User Point notifications off, just in case. Pretty sure none of my AUP rules involve notifications via PM.

i turned off PM notifications and those fake messages stopped. It seems that something was using the PM system to send those messages.

If someone is phishing from the outside they must have a copy of our database because they have usernames and email addresses.

The main component cannot sent fake messages. When you want to identify the user that has initiated the message, you can try following:
Take the message id from the link in the notification message and search the corresponding entry in jos_uddeim table. The fields fromid and toid identify the sender and the recipient of the message. The fromid is zero when a public user has created the message using the public frontend plugin from the premium plugins.