MAIAN MEDIA

I am getting totally spammed. Are there any other way than CleanTalk? Is it possible to use Google Captcha?

If you use the 'post' or 'get' form options you can create your own form with any spam protection. Just change the form action to point to your check location that does the tests and when it passes the checks post it to the responder location.

<form method="post" action="yourcheckpage.php">

    <label>Enter First Name:</label>
    <input type="text" name="nm" value=""><br><br>

    <label>Enter Last Name:</label>
    <input type="text" name="nm2" value=""><br><br>

    <label>Enter Email Address:</label>
    <input type="text" name="em" value=""><br><br>

    <input type="hidden" name="cid" value="xx">
    <input type="hidden" name="mthd" value="post">
    <button type="submit">Submit</button>

  </form>

When all checks have passed post to your responder 'signup.php' page.

Someone - a script, hacked the responder and sent out 8.000 spam mails. I am sure they did not guess the password. How can I stop bots from reading the files? Which directories and what attributes are needed?

Mails are sent from the responder:

Mail delivery failed: returning message to sender
Contact photo
From Mail Delivery System on 2022-10-05 18:34
Details Plain text
Part 3.eml
(~2 KB)
This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:

  shary.harding@fpbe.net
    host nirvana.admins.ws [217.23.49.208]
    SMTP error from remote mail server after RCPT TO:<shary.harding@fpbe.net>:
    553 Your PROVIDER is BLACKLISTED at UCEPROTECT-LEVEL 3 - See:
    http://www.uceprotect.net/rblcheck.php?ipr=144.76.115.20
Reporting-MTA: dns; cp05.nordicway.dk

Action: failed
Final-Recipient: rfc822;shary.harding@fpbe.net
Status: 5.0.0
Remote-MTA: dns; nirvana.admins.ws
Diagnostic-Code: smtp; 553 Your PROVIDER is BLACKLISTED at UCEPROTECT-LEVEL 3 - See: http://www.uceprotect.net/rblcheck.php?ipr=144.76.115.20
From    The Passionate Blogger
To    ? Alice want to meet you! CLICK HERE: http://www.kitframe.com/uploads/go.php?z5t ? 20fhig
Date    Today 17:54
Hi ? Alice want to meet you! CLICK HERE: http://www.kitframe.com/uploads/go.php?z5t ?

----------------------
Self Hosted Autoresponder System. Powered by Maian Responder

Ideally you need to identify where the attack generated from. Are your signup forms protected?

The signup is integrated on a WordPress page with no smtp info. But it is clear that they had access to connect.php. From there they had access to the database.

Are you sure the Wordpress installation didn't cause the problem? It's famous for vulnerabilities. lol.

Yep. But WP passes control to Maian Responder and there is only ONE place to find the login info to the Maian database: \control\connect.php. I set the attributes to 600 on that directory and changed password and so far, the mail sending has stopped. Is it ok to set this dir to 600? Or would it be accidental if it works?

I am by no means a PHP expert but I think I made it all the way through the captcha function and I get a 0.9 score back with a manual sign-up. Right after that, I need to pass mail and name to the maian responder (POST) but I can't make that post work. Can't even find something similar on the net.

Do you have a suggestion for a POST action to the signup.php? I'm kinda stuck there.

(Every single signup form on the entire Internet is spammed today so I honestly think this spam check should be part of Maian Responder.)

I don't think 600 will work for the public html area. The sign up form is something you create yourself, and in many cases the form exists on another domain, so adding spam controls would mean installing other plugins etc. You should create the spam controls yourself before the data is passed to the responder. A spam option is something I'm considering though.

It should be fairly easy o implement if you are using the standard post option. You could protect the form with Askimet for example before it is passed:

https://akismet.com/

Or use Google captcha? The best way might be an ajax form that does all the checks, then you use Curl to post the data to the responder.

Akismet is far from enough. I hope Google Captcha is more efficient. My responder is bombarded with hundreds of signups every day and it is unusuable until I make GC work.

So far I get a return code from GC and I need to post the variables from the form (nm, nm2 & em) but I can't figure out how. I can't get those 3 variables picked up from the form and can't find anything on Google that can do that.

<!DOCTYPE html>
<html>
<head>
    <meta charset="utf-8">
    <meta name="viewport" content="width=device-width, initial-scale=1">
    <title>Google reCAPTCHA v3</title>
    <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/bulma/0.7.2/css/bulma.min.css">
    <script src="https://www.google.com/recaptcha/api.js?render=62Lf4eGgiA3AAAAG4PTBv5yOaFw4KKa1436iyC3Ni378FhU"></script>
    <script>
        grecaptcha.ready(() => {
            grecaptcha.execute('6Lf24eGgiAAAA3AL94O3MS5l0O6PNuo7JOEISNL8j4Lb77', { action: 'contact' }).then(token => {
              document.querySelector('#recaptchaResponse').value = token;
            });
        });
    </script>
</head>

<?php // Check if form was submitted:

$myfile = fopen("newfile.txt", "w") or die("Unable to open file!");

    $txt = "start\n";
    fwrite($myfile, $txt);

if ($_SERVER['REQUEST_METHOD'] === 'POST' && !empty($_POST['recaptcha_response'])) {
    // Build POST request:
    $recaptcha_url = 'https://www.google.com/recaptcha/api/siteverify';
    $recaptcha_secret = '6Lf24eGgiAAAA3AL94O3MS5l0O6PNuo7JOEISNL8j4Lb77';
    $recaptcha_response = $_POST['recaptcha_response'];
   
   
    // Make and decode POST request:
    $recaptcha = file_get_contents($recaptcha_url . '?secret=' . $recaptcha_secret . '&response=' . $recaptcha_response);
   
    $recaptcha = json_decode($recaptcha);

    // Take action based on the score returned:
    if ($recaptcha->score >= 0.5) {  //this works//
                       
            This is where I need to get the vars and put them into the array:
           
            $postParameter = array(
                'nm' => nm,       (Firstname)      <<<------
                'nm2' => nm2,         <<<<----
                'em' => em              <<<-----
            );
           
           
            $curlHandle = curl_init('https://passionblogist.make-it-count.dk//signup.php');
            curl_setopt($curlHandle, CURLOPT_POSTFIELDS, "var1=em&var2=nm&var3=nm2");       <<<<--------------- OR HERE
            curl_setopt($curlHandle, CURLOPT_RETURNTRANSFER, true);

            $curlResponse = curl_exec($curlHandle);
            curl_close($curlHandle);   
       
    } else {
            $errors = $resp->getErrorCodes();
           
    }
   
} ?>

<body>
    <section class="section">
        <div class="container">
            <div class="columns">
                <div class="column is-half">
                    <form method="POST">
                        <h1 class="title">
                            reCAPTCHA v3 example
                        </h1>

                        <div class="field">
                            <label for="name" class="label">Name</label>
                            <div class="control">
                                <input type="text" class="placeholder" div="ph" class="pl" name="nm" placeholder="First Name" required><br>
                            </div>
                        </div>
                       
                              <div class="field">
                            <label for="name2" class="label">Name2</label>
                            <div class="control">
                                <input type="text"  class="placeholder" div="ph"  class="pl" name="nm2" placeholder="Last Name" required>><br>
                            </div>
                        </div>

                        <div class="field">
                            <label for="email" class="label">Email</label>
                            <div class="control">
                                 <input type="email"  class="placeholder" div="ph"  class="pl" name="em" placeholder="Email" required><br>
                            </div>
                        </div>

                        <div class="field is-grouped">
                            <div class="control">
                                <button class="button is-link">Send Message</button>
                            </div>
                        </div>

                        <input type="hidden" name="recaptcha_response" id="recaptchaResponse">
                    </form>
                </div>
            </div>
        </div>
    </section>
</body>
</html>

Captcha codes are modded.

What do you see if you log the post response to a file?

file_put_contents('path_to_log.txt', print_r($_POST, true), FILE_APPEND);

Its weird. I posted a week ago and did see the post a few days ago when I checked. I also saw it 3 minutes ago but now it is gone. So I try again:

Thanks! That helped somewhat :-)

Array
(
    [nm] => jjj
    [nm2] => kkk
    [em(ail)] => f@gmail.com       (get this errmsg when posting submitting this text: was found without a matching
    [recaptcha_response] => 03AEkXODBvfMUVHvL13avlA_jRlDM1g5hLoEcXfLhQSVa84GQS5xYIDMd85oSch8BTwAn0zeaX4CjSV1sOj7tSgXnyO7ENQVGXRCvCSWxRU0HUc22NIQwPPalg9xSdfqXpK6LvGn0o0l1A4SHhHbeLYrOSprYduSMy4637ggcMRAWvCWpBC5QJ7THNnNEhQmo2k7nEo-ylrwbGsu4hHJCDSUX3kDq5zyDRI2QPja4FX-
)
(I shortened the captchs_response)

So the data is ok.

But the Post curl gives an error: ["fail","An error occurred, please try again later."]

So I still have to make the POST work. Looks like this now:

            $pp = array('cid' => '1', 'nm' => $firstname, 'nm2' => $lastname, 'em' => $mail);
                       
            $fp = fopen('file.txt', 'w');
            fwrite($fp, print_r($pp, TRUE));
            fclose($fp);
                   
            $curlHandle = curl_init('https://passionblogist.make-it-count.dk/signup.php');
            curl_setopt($ch, CURLOPT_URL,$curlHandle);
            curl_setopt($curlHandle, CURLOPT_POSTFIELDS, $pp);
       
            curl_setopt($curlHandle, CURLOPT_RETURNTRANSFER, true);

            $curlResponse = curl_exec($curlHandle);
            curl_close($curlHandle);
           
I dunno about the list number...?

I couldnt write sqrbracketstart em sqrbracketend in previous post   - forum synthax square brackets kinda ruins the PHP code

Is there anything else in the logs folder when it fails? Any other errors?

From WP log:

[05-Dec-2022 12:08:17 Europe/Copenhagen] PHP Warning:  curl_setopt() expects parameter 1 to be resource, null given in /home/lukparke/passionblogist.com/contact.php on line 82

My own log:
start of log
RC=0.9 (RC from Google)
before POST
AndyMcPhersonAndy@gmail.com   
After curl:
["fail","An error occurred, please try again later."]

POSTed array - which fails:
Array
(
    [cid] => 1
    [nm] => Andy
    [nm2] => McPherson
    (em) => Andy@gmail.com                        ------------- (substituted parenthesis because of BB code on the forum)
)

Nothing in the Maian log files

The part that fails: (line 82)
80: $pp = array('cid' => '1', 'nm' => $firstname, 'nm2' => $lastname, 'em' => $mail);
81: $curlHandle = curl_init('https://passionblogist.make-it-count.dk/signup.php');
82: curl_setopt($ch, CURLOPT_URL,$curlHandle);                                <<<<<<<<<<<<<<-------- Error
83: curl_setopt($curlHandle, CURLOPT_POSTFIELDS, $pp);
84: curl_setopt($curlHandle, CURLOPT_RETURNTRANSFER, true);
85: $curlResponse = curl_exec($curlHandle);
86: curl_close($curlHandle);

Seems the curl post is bad. The parameter string is probably wrong...

Is there any hope the new version can handle rejection of spam signups? I have taken my responder down and only use MailPoet because every time I set up Maian Responder (on a new subdomain) it only takes 14 days before thousands of spam mails have registered.

Maian Responder has support for CleanTalk, an anti spam system.

I know.

Can I simply copy the new version over the old - except for the license file?

Yep, just follow the upgrade instructions. If you have attachments the new version has a different location, so just backup your existing installation before and then move anything as necessary.

Subscriber last name (surname) is now optional

I have absolutely no luck in skipping surname. Tried removing the NM2 related stuff from the sign up code but get this:

Signup Errors
There was a problem with your submission. Please review the following errors:

Please enter last name

Sorry. Can you redownload Maian Responder:
https://www.maianresponder.com/download

And update the 'signup.php' file in your installation, then try again.

Had problems with sending mails. Something stopped working when upgrading. While sending test mails every campaign and every mail and every subscriber suddenly vanished. From one sec to the next. Database is totally empty. Not a single record left. Zeroed. What happened?

The upgrade will not wipe the database, so no idea. You can restore from backup and try again.

It wasn't the upgrade. Tried sending test mails a few times that didnt work. When I changed the mail server and sent again everything disappeared. Yup it sounds strange. Makes no sense...

Was composing a few very long mails and when I saved I was suddenly logged out and my changes were lost. Is it possible to disable logout entirely so I don't lose stuff?

Also trying to skip last name. But get this:

Signup Errors
There was a problem with your submission. Please review the following errors:

Please enter last name

Is there any where I need to setup the responder for only 1 name?

Ok I found it in the code and removed it and it works.

I have problems with the Unsubscribe link. It IS present in all mails I send and it works in Gmail. Legal requirement in EU. But mails sent to Outlook Live and Round cube has NO unsubscribe links. They disappear. They are simply not there.

Is there a cache somewhere in Maian Responder I can wipe. I had an image loaded in a mail. But I later resized the image and it didn't resize in Maian. Only when I renamed it before upload it worked.

No, there is no mail cache. Strange about the unsubscribe links disappearing, I have just run a check in Roundcube and it worked ok. I don't use Outlook. When you view the source is there no sign of it at all?

No sign what so ever. No trace in the debug. Link is just gone.

I just watched some more weird stuff

https://youtu.be/0SLD1HaKrvQ

There were a few fake signups that I deleted but when I deleted them 1 new appeared. When deleting that yet a new one appeared. This continued for some time.
I deleted signup.php and I disabled the contact form but the mails still keep coming one after one. If I don't delete that mail no new is coming...
Do you have any idea what is going on? How are they signing up? (know it is a bot)

Did you check your servers access logs?

there are a gazillion strange emails. Most of them never confirm (double signup).

The mails that pop up one after another when I delete - which I STILL do, are NOT in the log files.

Why is only ONE mail popping up at a time? Why does it only pop a new mail when I delete the old one?

Signup form is removed from the site and subscribe.php is renamed. How are they able to sign up?

The logs are in the open:

https://trinitysisters.make-it-count.dk/logs/subscribe-unsubscribe.log
https://trinitysisters.make-it-count.dk/logs/bouncer-handlers.log
https://trinitysisters.make-it-count.dk/logs/follow-up-messages.log

But they might be too big to load in a browser.

Shouldn't they be hidden? Peoples names and mails are in there.

Yes, you should protect the logs folder with htaccess or in the 'control/options.php' file rename the files. I'm going to move them to the database at some point as it's not really efficient having them in logs.

But these are not the server access logs, they are your server logs on the server. Nothing to do with Maian Responder. I just wondered if they showed the queries to what file is being accessed?

Tried unsubscribing from a new list and got this message:

Thank You
Great news - We cannot find your email address in our system, so perhaps you have already unsubscribed.

You will receive no further mailings from us.

Weird message and the mail was NOT unsubbed.

Can't figure out what that is...

Well, the message will appear if the email was already subscribed or the 'e' param is missing from the url or the email is invalid. You are using the unsubscribe variable in the messages? %unsubscribe%?