Community Forum

Please read the intro before joining/posting. Thank you.

If you have questions about our software, chances are this forum has the answers.

You'll need to register before you can post on the forum to ask your question or to answer another one. A reply will be posted to each and every question that is asked so there is no need to double post or bump your post. We'll do our best to answer promptly, but in some cases it may take a day or two. If you bump your post, it may be removed. Bear with us and we'll get your question answered quickly.

Here are a few tips to help you to get your questions answered more rapidly.

IMPORTANT: Posts in English only. We don't employ translators and we'll be unable to understand your message properly and will probably delete it.
SOFTWARE: Each software has it's own forum. Software here is NOT supported. Posts about this software will be deleted. Supported software questions ONLY please.
SEARCH: Use the search option to see if your question has been answered on the forum before now or if there is an answer in the documentation of your software.
PERSONAL SUPPORT: If you have purchased a commercial version of any software, using the contact option at the licence centre ensures a faster response.
AUTO DELETION: Accounts older than 5 days, with no posts or topics, are automatically deleted. Only register if you are thinking of posting.
LINKS: Any links posted are not clickable (to deter spammers) and must be copied / pasted into your browser address bar.

            

You are not logged in.

SpamPosts in the Maian Responder forum by RigPa
RigPa
11-09-2022 13:23:53

I am getting totally spammed. Are there any other way than CleanTalk? Is it possible to use Google Captcha?

maiandavid
12-09-2022 03:21:00

If you use the 'post' or 'get' form options you can create your own form with any spam protection. Just change the form action to point to your check location that does the tests and when it passes the checks post it to the responder location.

<form method="post" action="yourcheckpage.php">

    <label>Enter First Name:</label>
    <input type="text" name="nm" value=""><br><br>

    <label>Enter Last Name:</label>
    <input type="text" name="nm2" value=""><br><br>

    <label>Enter Email Address:</label>
    <input type="text" name="em" value=""><br><br>

    <input type="hidden" name="cid" value="xx">
    <input type="hidden" name="mthd" value="post">
    <button type="submit">Submit</button>

  </form>

When all checks have passed post to your responder 'signup.php' page.

David - Lead Developer/Programmer
www.maianmedia.com
RigPa
05-10-2022 16:22:16

Someone - a script, hacked the responder and sent out 8.000 spam mails. I am sure they did not guess the password. How can I stop bots from reading the files? Which directories and what attributes are needed?

RigPa
05-10-2022 16:44:24

Mails are sent from the responder:

Mail delivery failed: returning message to sender
Contact photo
From Mail Delivery System on 2022-10-05 18:34
Details Plain text
Part 3.eml
(~2 KB)
This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:

  shary.harding@fpbe.net
    host nirvana.admins.ws [217.23.49.208]
    SMTP error from remote mail server after RCPT TO:<shary.harding@fpbe.net>:
    553 Your PROVIDER is BLACKLISTED at UCEPROTECT-LEVEL 3 - See:
    http://www.uceprotect.net/rblcheck.php?ipr=144.76.115.20
Reporting-MTA: dns; cp05.nordicway.dk

Action: failed
Final-Recipient: rfc822;shary.harding@fpbe.net
Status: 5.0.0
Remote-MTA: dns; nirvana.admins.ws
Diagnostic-Code: smtp; 553 Your PROVIDER is BLACKLISTED at UCEPROTECT-LEVEL 3 - See: http://www.uceprotect.net/rblcheck.php?ipr=144.76.115.20
From    The Passionate Blogger
To    ? Alice want to meet you! CLICK HERE: http://www.kitframe.com/uploads/go.php?z5t ? 20fhig
Date    Today 17:54
Hi ? Alice want to meet you! CLICK HERE: http://www.kitframe.com/uploads/go.php?z5t ?




----------------------
Self Hosted Autoresponder System. Powered by Maian Responder

maiandavid
06-10-2022 09:08:15

Ideally you need to identify where the attack generated from. Are your signup forms protected?

David - Lead Developer/Programmer
www.maianmedia.com
RigPa
08-10-2022 21:33:34

The signup is integrated on a WordPress page with no smtp info. But it is clear that they had access to connect.php. From there they had access to the database.

maiandavid
10-10-2022 09:01:59

Are you sure the Wordpress installation didn't cause the problem? It's famous for vulnerabilities. lol.

David - Lead Developer/Programmer
www.maianmedia.com
RigPa
10-10-2022 13:57:22

Yep. But WP passes control to Maian Responder and there is only ONE place to find the login info to the Maian database: \control\connect.php. I set the attributes to 600 on that directory and changed password and so far, the mail sending has stopped. Is it ok to set this dir to 600? Or would it be accidental if it works?

RigPa
15-10-2022 14:36:21

I am by no means a PHP expert but I think I made it all the way through the captcha function and I get a 0.9 score back with a manual sign-up. Right after that, I need to pass mail and name to the maian responder (POST) but I can't make that post work. Can't even find something similar on the net.

Do you have a suggestion for a POST action to the signup.php? I'm kinda stuck there.

(Every single signup form on the entire Internet is spammed today so I honestly think this spam check should be part of Maian Responder.)

maiandavid
16-10-2022 17:02:20

I don't think 600 will work for the public html area. The sign up form is something you create yourself, and in many cases the form exists on another domain, so adding spam controls would mean installing other plugins etc. You should create the spam controls yourself before the data is passed to the responder. A spam option is something I'm considering though.

It should be fairly easy o implement if you are using the standard post option. You could protect the form with Askimet for example before it is passed:

https://akismet.com/

Or use Google captcha? The best way might be an ajax form that does all the checks, then you use Curl to post the data to the responder.

David - Lead Developer/Programmer
www.maianmedia.com
RigPa
29-10-2022 19:11:57

Akismet is far from enough. I hope Google Captcha is more efficient. My responder is bombarded with hundreds of signups every day and it is unusuable until I make GC work.

So far I get a return code from GC and I need to post the variables from the form (nm, nm2 & em) but I can't figure out how. I can't get those 3 variables picked up from the form and can't find anything on Google that can do that.


<!DOCTYPE html>
<html>
<head>
    <meta charset="utf-8">
    <meta name="viewport" content="width=device-width, initial-scale=1">
    <title>Google reCAPTCHA v3</title>
    <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/bulma/0.7.2/css/bulma.min.css">
    <script src="https://www.google.com/recaptcha/api.js?render=62Lf4eGgiA3AAAAG4PTBv5yOaFw4KKa1436iyC3Ni378FhU"></script>
    <script>
        grecaptcha.ready(() => {
            grecaptcha.execute('6Lf24eGgiAAAA3AL94O3MS5l0O6PNuo7JOEISNL8j4Lb77', { action: 'contact' }).then(token => {
              document.querySelector('#recaptchaResponse').value = token;
            });
        });
    </script>
</head>


<?php // Check if form was submitted:

$myfile = fopen("newfile.txt", "w") or die("Unable to open file!");

    $txt = "start\n";
    fwrite($myfile, $txt);

if ($_SERVER['REQUEST_METHOD'] === 'POST' && !empty($_POST['recaptcha_response'])) {
    // Build POST request:
    $recaptcha_url = 'https://www.google.com/recaptcha/api/siteverify';
    $recaptcha_secret = '6Lf24eGgiAAAA3AL94O3MS5l0O6PNuo7JOEISNL8j4Lb77';
    $recaptcha_response = $_POST['recaptcha_response'];
   
   
    // Make and decode POST request:
    $recaptcha = file_get_contents($recaptcha_url . '?secret=' . $recaptcha_secret . '&response=' . $recaptcha_response);
   
    $recaptcha = json_decode($recaptcha);

    // Take action based on the score returned:
    if ($recaptcha->score >= 0.5) {  //this works//
                       
            This is where I need to get the vars and put them into the array:
           
            $postParameter = array(
                'nm' => nm,       (Firstname)      <<<------
                'nm2' => nm2,         <<<<----
                'em' => em              <<<-----
            );
           
           
            $curlHandle = curl_init('https://passionblogist.make-it-count.dk//signup.php');
            curl_setopt($curlHandle, CURLOPT_POSTFIELDS, "var1=em&var2=nm&var3=nm2");       <<<<--------------- OR HERE
            curl_setopt($curlHandle, CURLOPT_RETURNTRANSFER, true);

            $curlResponse = curl_exec($curlHandle);
            curl_close($curlHandle);   
       
    } else {
            $errors = $resp->getErrorCodes();
           
    }
   
} ?>


<body>
    <section class="section">
        <div class="container">
            <div class="columns">
                <div class="column is-half">
                    <form method="POST">
                        <h1 class="title">
                            reCAPTCHA v3 example
                        </h1>

                        <div class="field">
                            <label for="name" class="label">Name</label>
                            <div class="control">
                                <input type="text" class="placeholder" div="ph" class="pl" name="nm" placeholder="First Name" required><br>
                            </div>
                        </div>
                       
                              <div class="field">
                            <label for="name2" class="label">Name2</label>
                            <div class="control">
                                <input type="text"  class="placeholder" div="ph"  class="pl" name="nm2" placeholder="Last Name" required>><br>
                            </div>
                        </div>

                        <div class="field">
                            <label for="email" class="label">Email</label>
                            <div class="control">
                                 <input type="email"  class="placeholder" div="ph"  class="pl" name="em" placeholder="Email" required><br>
                            </div>
                        </div>

                        <div class="field is-grouped">
                            <div class="control">
                                <button class="button is-link">Send Message</button>
                            </div>
                        </div>

                        <input type="hidden" name="recaptcha_response" id="recaptchaResponse">
                    </form>
                </div>
            </div>
        </div>
    </section>
</body>
</html>



Captcha codes are modded.

maiandavid
02-11-2022 10:06:19

What do you see if you log the post response to a file?

file_put_contents('path_to_log.txt', print_r($_POST, true), FILE_APPEND);

David - Lead Developer/Programmer
www.maianmedia.com
RigPa
21-11-2022 14:37:20

Its weird. I posted a week ago and did see the post a few days ago when I checked. I also saw it 3 minutes ago but now it is gone. So I try again:


Thanks! That helped somewhat :-)

Array
(
    [nm] => jjj
    [nm2] => kkk
    [em(ail)] => f@gmail.com       (get this errmsg when posting submitting this text: was found without a matching
    [recaptcha_response] => 03AEkXODBvfMUVHvL13avlA_jRlDM1g5hLoEcXfLhQSVa84GQS5xYIDMd85oSch8BTwAn0zeaX4CjSV1sOj7tSgXnyO7ENQVGXRCvCSWxRU0HUc22NIQwPPalg9xSdfqXpK6LvGn0o0l1A4SHhHbeLYrOSprYduSMy4637ggcMRAWvCWpBC5QJ7THNnNEhQmo2k7nEo-ylrwbGsu4hHJCDSUX3kDq5zyDRI2QPja4FX-
)
(I shortened the captchs_response)

So the data is ok.

But the Post curl gives an error: ["fail","An error occurred, please try again later."]

So I still have to make the POST work. Looks like this now:


            $pp = array('cid' => '1', 'nm' => $firstname, 'nm2' => $lastname, 'em' => $mail);
                       
            $fp = fopen('file.txt', 'w');
            fwrite($fp, print_r($pp, TRUE));
            fclose($fp);
                   
            $curlHandle = curl_init('https://passionblogist.make-it-count.dk/signup.php');
            curl_setopt($ch, CURLOPT_URL,$curlHandle);
            curl_setopt($curlHandle, CURLOPT_POSTFIELDS, $pp);
       
            curl_setopt($curlHandle, CURLOPT_RETURNTRANSFER, true);

            $curlResponse = curl_exec($curlHandle);
            curl_close($curlHandle);
           
I dunno about the list number...?

RigPa
21-11-2022 14:39:12

I couldnt write sqrbracketstart em sqrbracketend in previous post   - forum synthax square brackets kinda ruins the PHP code

maiandavid
30-11-2022 03:33:07

Is there anything else in the logs folder when it fails? Any other errors?

David - Lead Developer/Programmer
www.maianmedia.com
RigPa
05-12-2022 11:28:04

From WP log:

[05-Dec-2022 12:08:17 Europe/Copenhagen] PHP Warning:  curl_setopt() expects parameter 1 to be resource, null given in /home/lukparke/passionblogist.com/contact.php on line 82


My own log:
start of log
RC=0.9 (RC from Google)
before POST
AndyMcPhersonAndy@gmail.com   
After curl:
["fail","An error occurred, please try again later."]



POSTed array - which fails:
Array
(
    [cid] => 1
    [nm] => Andy
    [nm2] => McPherson
    (em) => Andy@gmail.com                        ------------- (substituted parenthesis because of BB code on the forum)
)

Nothing in the Maian log files


The part that fails: (line 82)
80: $pp = array('cid' => '1', 'nm' => $firstname, 'nm2' => $lastname, 'em' => $mail);
81: $curlHandle = curl_init('https://passionblogist.make-it-count.dk/signup.php');
82: curl_setopt($ch, CURLOPT_URL,$curlHandle);                                <<<<<<<<<<<<<<-------- Error
83: curl_setopt($curlHandle, CURLOPT_POSTFIELDS, $pp);
84: curl_setopt($curlHandle, CURLOPT_RETURNTRANSFER, true);
85: $curlResponse = curl_exec($curlHandle);
86: curl_close($curlHandle);

Seems the curl post is bad. The parameter string is probably wrong...

RigPa
26-02-2023 09:02:30

Is there any hope the new version can handle rejection of spam signups? I have taken my responder down and only use MailPoet because every time I set up Maian Responder (on a new subdomain) it only takes 14 days before thousands of spam mails have registered.

maiandavid
01-03-2023 01:07:32

Maian Responder has support for CleanTalk, an anti spam system.

David - Lead Developer/Programmer
www.maianmedia.com
RigPa
11-03-2023 20:17:43

I know.

Can I simply copy the new version over the old - except for the license file?

maiandavid
13-03-2023 00:56:00

Yep, just follow the upgrade instructions. If you have attachments the new version has a different location, so just backup your existing installation before and then move anything as necessary.

David - Lead Developer/Programmer
www.maianmedia.com
RigPa
15-05-2023 13:47:38

Subscriber last name (surname) is now optional

I have absolutely no luck in skipping surname. Tried removing the NM2 related stuff from the sign up code but get this:

Signup Errors
There was a problem with your submission. Please review the following errors:

Please enter last name

maiandavid
19-05-2023 07:29:47

Sorry. Can you redownload Maian Responder:
https://www.maianresponder.com/download

And update the 'signup.php' file in your installation, then try again.

David - Lead Developer/Programmer
www.maianmedia.com
RigPa
21-05-2023 14:12:50

Had problems with sending mails. Something stopped working when upgrading. While sending test mails every campaign and every mail and every subscriber suddenly vanished. From one sec to the next. Database is totally empty. Not a single record left. Zeroed. What happened?

maiandavid
21-05-2023 20:48:12

The upgrade will not wipe the database, so no idea. You can restore from backup and try again.

David - Lead Developer/Programmer
www.maianmedia.com
RigPa
27-05-2023 06:59:49

It wasn't the upgrade. Tried sending test mails a few times that didnt work. When I changed the mail server and sent again everything disappeared. Yup it sounds strange. Makes no sense...

maiandavid
31-05-2023 09:24:39

RigPa wrote:
It wasn't the upgrade. Tried sending test mails a few times that didnt work. When I changed the mail server and sent again everything disappeared. Yup it sounds strange. Makes no sense...

It really doesn't.

David - Lead Developer/Programmer
www.maianmedia.com
RigPa
22-10-2023 13:53:11

Was composing a few very long mails and when I saved I was suddenly logged out and my changes were lost. Is it possible to disable logout entirely so I don't lose stuff?


Also trying to skip last name. But get this:

Signup Errors
There was a problem with your submission. Please review the following errors:

Please enter last name


Is there any where I need to setup the responder for only 1 name?

maiandavid
27-10-2023 09:10:45

Was composing a few very long mails and when I saved I was suddenly logged out and my changes were lost. Is it possible to disable logout entirely so I don't lose stuff?

We will be removing this forum in the future in favour of a better support channel. Many areas of the system will get a big upgrade, we are currently having a brand new backend/account system built which should be ready in 2024. Sorry you lost your post. sad

Is there any where I need to setup the responder for only 1 name?

I just tested the responder on our test system and last name wasn't required. To ignore the last name the form field needs to be removed. So, are you sure the 'nm2' field isn't in place? If it is it will expect it has a value.

David - Lead Developer/Programmer
www.maianmedia.com
RigPa
03-11-2023 19:51:01

Ok I found it in the code and removed it and it works.

I have problems with the Unsubscribe link. It IS present in all mails I send and it works in Gmail. Legal requirement in EU. But mails sent to Outlook Live and Round cube has NO unsubscribe links. They disappear. They are simply not there.

Is there a cache somewhere in Maian Responder I can wipe. I had an image loaded in a mail. But I later resized the image and it didn't resize in Maian. Only when I renamed it before upload it worked.

maiandavid
05-11-2023 17:10:46

No, there is no mail cache. Strange about the unsubscribe links disappearing, I have just run a check in Roundcube and it worked ok. I don't use Outlook. When you view the source is there no sign of it at all?

David - Lead Developer/Programmer
www.maianmedia.com
RigPa
20-11-2023 19:59:46

No sign what so ever. No trace in the debug. Link is just gone.

RigPa
20-11-2023 20:05:24

I just watched some more weird stuff

https://youtu.be/0SLD1HaKrvQ

There were a few fake signups that I deleted but when I deleted them 1 new appeared. When deleting that yet a new one appeared. This continued for some time.
I deleted signup.php and I disabled the contact form but the mails still keep coming one after one. If I don't delete that mail no new is coming...
Do you have any idea what is going on? How are they signing up? (know it is a bot)

maiandavid
23-11-2023 10:16:12

Did you check your servers access logs?

David - Lead Developer/Programmer
www.maianmedia.com
RigPa
27-11-2023 09:42:28

there are a gazillion strange emails. Most of them never confirm (double signup).

The mails that pop up one after another when I delete - which I STILL do, are NOT in the log files.

Why is only ONE mail popping up at a time? Why does it only pop a new mail when I delete the old one?

Signup form is removed from the site and subscribe.php is renamed. How are they able to sign up?

RigPa
27-11-2023 09:57:54

The logs are in the open:

https://trinitysisters.make-it-count.dk/logs/subscribe-unsubscribe.log
https://trinitysisters.make-it-count.dk/logs/bouncer-handlers.log
https://trinitysisters.make-it-count.dk/logs/follow-up-messages.log

But they might be too big to load in a browser.

Shouldn't they be hidden? Peoples names and mails are in there.

maiandavid
30-11-2023 10:07:20

Yes, you should protect the logs folder with htaccess or in the 'control/options.php' file rename the files. I'm going to move them to the database at some point as it's not really efficient having them in logs.

But these are not the server access logs, they are your server logs on the server. Nothing to do with Maian Responder. I just wondered if they showed the queries to what file is being accessed?

David - Lead Developer/Programmer
www.maianmedia.com
100% Free SoftwareSoftware Versions, Development, Docs & UpgradesHostingNewsletter
Made with in the U.K & Hong Kong

Free PHP Scripts / Responsive PHP Scripts / Lightweight PHP Scripts / White Label PHP Scripts