Hello
I use ZenPhoto (latest version) for my online gallery with the zpmasonry theme.
Today I received a mail from my host, stating that my domain (3dart4u.com) is suspended and offline due to large volume spam mail I did send according to them. I know for a fact that it's not coming from my PC cause I use my internet host itself to send mail, that is not going through my own domain.
But also looking through my domain stats, there is no evidence of any large volume spam being send. Not in numbers and not in Kb/Mb.
So, knowing all this, is it possible that somehow my ZenPhoto gallery was hacked and that it was sending spam through there? I did have ZenPhoto PHP mailforms there but with use of the captcha option.
I did check all kind of blacklists (both on domain name and IP address) and nowhere my domain or IP is mentioned.
Zenphoto
Comments
Second, depending on how long you have been running Zenphoto, your site could have been hacked in the distant past. There were some threads on this maybe about a year or so ago, including what to check for and how to clean the site.
Besides which, your host should be able to give you the messages being sent. They will have some sort of return e-mail address. Perhaps someone has just hijacked your e-mail address.
And I am using ZenPhoto since September 2012, so not that long. I made an backup when installing the latest version, so I can check then if anything was wrong. Can you point me towards the thread where the checking and cleaning is mentioned?
And yes, trying to get some more info from them but they are using business hours and it's 21:00 hours over here now.
But the hijack of my mail address also crossed my mind. But they were rather specific, stating that " ... there were files found within my hosting package which were sending large amounts of spam under my name."
http://www.zenphoto.org/news/alert-security-hole-in-zenphoto-1.4.1.4
http://www.zenphoto.org/news/security-alert-part-2
It was November 2011 when this occurred, so well after you started using ZP.
However, there are multiple ways someone could get in, browser, lax permissions on the server, the install script etc. We don't know what installatron does (and we don't really recommend install helpers) but the best would be to re-upload all files freshly and check the database for any issues.
X-PHP-Originating-Script: 10065:search.php
... /public_html/themes/effervescence_plus/search.php
... /public_html/themes/stopdesign/search.php
... /public_html/themes/default/search.php
... /public_html/themes/zpmasonry/search.php
... /public_html/themes/zpmobile/search.php
... /public_html/themes/zenpage/search.php
... /public_html/themes/garland/search.php
My site is allready back online but still it's kinda weird? I will deactivate the search option on my site since there is no need to use that on my site. But still curious on how suddenly my hosts detects that as a threat even though it's been on my site since September 2012.
As mentioned there are several ways to get in.
Was looking around also to remove the search function but I can not find it? There is a search edit part at Options/Search on my admin page but there is no option there (or somewhere else) to disable the search function all together. So, how can I disable the search function within ZenPhoto?
But of course the search function is not sending any e-mails. If something is sending e-mails in Zenphoto is is a hacked site. But nothing you have quoted in any way indicates that Zenphoto is sending e-mails. Just some insinuation without substantiation from your hosting service.
In the search.php there is the line `<?php include ("inc-header.php"); ?>`
And if I look at that inc-header.php, there is this part in it:
`
case 'search.php':
$galleryactive = true;
$zpmas_metatitle = gettext('Search').' | '.html_encode(getSearchWords()).' | '.getBareGalleryTitle();
$zpmas_metadesc = truncate_string(getBareGalleryDesc(),150,'...');
break;
`
I presume that if I delete that search part, the search is gone from the inc-header ?
Of course you can remove them, they are not "built" in. Just use FTP.
Sorry we are not familar with that theme. You should open a new topic with the theme name so its developer see it.
Also did found out that I am bit behind in version: I have 1.4.4.3 of ZenPhoto so will update to 1.4.4.5 as soon as possible.
But (and here it comes) after all this, the spam I was getting myself is reduced by 99%. Since a month orso suddenly the amount of spam I did receive was huge. It was around 2% and grew to around 55% of all my mail. And now since all the above, suddenly I get almost no spam anymore. The difference is really that big that it can't be a coincidence. Thought maybe my mailer on my site was hacked but the spam didn't look like it was send through mailform: the spams were are just 1 liners, just 1 URL it each time. And mail through my mailform looks entirely different.
But thought I just mentioned it since it's such a big difference
Technically if you get access to the files somehow you can hack any of them to send mails or else.
We of course are really after fixing all possible security issues.