Kryptronic Software Support Forum

You are viewing this forum as a guest. Login to an existing account, or create a new account, to reply to topics and to create new topics.

#1 04-26-2014 11:56:47

audrey
Member
Registered: 03-27-2009
Posts: 11

email a friend script is still being attacked even though disabled

Hi

The email a friend script is still being attacked even though disabled
in the admin section of version 8 and version 6 carts.

How do I actually disable the script
(not just hide it from showing on the site like it is now)

Thanks
Audrey

Offline

 

#2 04-26-2014 12:33:37

dh783
Member
From: Avondale, Arizona
Registered: 04-06-2005
Posts: 6233
Website

Re: email a friend script is still being attacked even though disabled

Does your email a friend page have a captcha field?

You can go into Raw Database Admin -> core_namespace -> ecom.emailfriend and either set it's active field to 0 or change the group allow section to superuser, admin (instead of its default of *) and its groupdeny to * (instead of empty), either one should stop the use of that script.

John

Offline

 

#3 04-26-2014 12:38:14

audrey
Member
Registered: 03-27-2009
Posts: 11

Re: email a friend script is still being attacked even though disabled

Thanks John for your help and the quick response

I did not look to see if they email a friend had captcha-
I was too busy disabling it in the admin section on all of the carts on the server

I will go into the raw database as you suggest

Thanks again
Audrey

Offline

 

#4 04-26-2014 13:18:01

dh783
Member
From: Avondale, Arizona
Registered: 04-06-2005
Posts: 6233
Website

Re: email a friend script is still being attacked even though disabled

For ccp6 sites check out this post for captcha .

Generally to get captcha on the email friend for ccp 8 go to Raw Database Admin -> core_formfields, scan the "Type" column for "CAPTCHA" (email a friend field entries are on the 3 page near the bottom there should be a captch field labled eocm.discemail) clone this entry and name it ecom.emailfriend.verify and set it's "form" field to ecom.emailfriend, you should then have the captcha field present on that form.

You can also do the same for ccp6 or ccp7.

John

Offline

 

#5 04-26-2014 13:57:33

mdowning
Member
From: California
Registered: 11-05-2010
Posts: 725
Website

Re: email a friend script is still being attacked even though disabled

dh783 wrote:

For ccp6 sites check out this post for captcha .

Generally to get captcha on the email friend for ccp 8 go to Raw Database Admin -> core_formfields, scan the "Type" column for "CAPTCHA" (email a friend field entries are on the 3 page near the bottom there should be a captch field labled eocm.discemail) clone this entry and name it ecom.emailfriend.verify and set it's "form" field to ecom.emailfriend, you should then have the captcha field present on that form.

You can also do the same for ccp6 or ccp7.

John

John

I better subscribe to this topic, just in case. So far no attempts.


http://tuxedothemes.org/
Wordpress Themes for business, blogs and personal use.

Offline

 

#6 04-28-2014 09:18:04

webmaster
Administrator
From: York, PA
Registered: 04-20-2001
Posts: 19798
Website

Re: email a friend script is still being attacked even though disabled

As noted in the security update, version 8 is not affected.  The issue for audrey is the v6 install, which needs to be updated.  Simply turning the function off in admin is not enough for v6/v7, you need to apply the update here:

https://kryptronic.com/cms-xmodnewsrss_ … 2014S.html


Nick Hendler

Offline

 

#7 04-28-2014 10:57:22

sdn
Member
From: UK
Registered: 05-29-2007
Posts: 882

Re: email a friend script is still being attacked even though disabled

Would you recommend we keep the email a friend on (CCPv8) and add the capture field to the form or it is still too risky. If OK how to add captcha as the "dh783 wrote" instructions above do not seem to correlate to what I am seeing in Raw Database Admin -> core_formfields


Simon

Offline

 

#8 04-29-2014 08:55:11

webmaster
Administrator
From: York, PA
Registered: 04-20-2001
Posts: 19798
Website

Re: email a friend script is still being attacked even though disabled

Adding a captcha is a great idea for v8.  We'll be adding one in the next update.  The v8 implementation is OK as-is, though.


Nick Hendler

Offline

 

#9 08-05-2014 11:43:00

franconero
Member
Registered: 11-03-2012
Posts: 31

Re: email a friend script is still being attacked even though disabled

I just upgraded to version 8 and my "email a friend" is not working properly.  Whe i click it, it comes up with an error message "There was an error encountered when trying to send your email message. Perhaps an invalid email address was entered. Please try again."

How do i resolve this problem

Offline

 

#10 08-06-2014 13:41:34

webmaster
Administrator
From: York, PA
Registered: 04-20-2001
Posts: 19798
Website

Re: email a friend script is still being attacked even though disabled

Are you entering a valid email address?


Nick Hendler

Offline

 

#11 08-06-2014 16:49:58

franconero
Member
Registered: 11-03-2012
Posts: 31

Re: email a friend script is still being attacked even though disabled

Yes. All the email addresses entered are valid. you can try it on the website.  http://www.datacommexpress.com/

Offline

 

#12 08-07-2014 06:44:07

webmaster
Administrator
From: York, PA
Registered: 04-20-2001
Posts: 19798
Website

Re: email a friend script is still being attacked even though disabled

Check the email address you have entered for the default from address under System | Mail | Mail Messages for the email a friend message.  It might not be a valid email.


Nick Hendler

Offline

 

Board footer