Spam relaying through HESK?

AzHousePro · Post by **AzHousePro** » Wed Nov 05, 2014 7:03 am

Script URL: http://www.azbilliards.com/helpdesk/
Version of script: 2.5.5
Hosting company: PhoenixNAP
URL of phpinfo.php:
URL of session_test.php:
What terms did you try when SEARCHING for a solution: spam

Write your message below:
Are there any known issues with a hacker being able to send spam through the HESK install? In the last week or so, I am getting 20-30 tickets opened each day based on email bounces from (REMOVED). I am wondering if this is a sign of someone being able to relay spam through the helpdesk.

Mike

alcazar · Post by **alcazar** » Wed Nov 05, 2014 5:02 pm

Me thinks that bots cant/dont differ if this is an ITS, CMS or Forum, they just try to unload their spam.
In our hesk install we have a slight modification who logs failed logins to the acp, and its interesting whos sometimes trying to login as if its a forum or such.
AFAMK the only thing you can do currently is limit the amount of open tickets per customer or using an .htaccess like on this site.
Maybe Master Klemen will build in an email- or ip-ban in future versions, as it was requested by several users here / on the uservoice site.

AzHousePro · Post by **AzHousePro** » Thu Nov 06, 2014 1:50 am

I don't think someone is logging in to do this. I worry that there is a backdoor in the mail sending code in HESK that someone might be using to try to send spam. It is strange that I am still getting 10-15 of these a day from this one email address, but I don't see a ton of emails in the queue from HESK on the mailserver.

Mike

Post by **Klemen** » Thu Nov 06, 2014 7:26 am

There are no known security issues in HESK. In fact, form data is proactively validated and scanned for email headers injection and mail is only ever sent to addresses found in the database or the one used in submitted tickets.

From your writing I presume you have POP3 fetching or email piping enabled. Note that HESK does not scan incoming mails for SPAM, this is something that needs to be done on the server-side (creating a fully-featured SPAM filter is out of the scope of HESK). Any emails that come in through POP3/piping are turned into tickets.

AzHousePro · Post by **AzHousePro** » Thu Nov 06, 2014 7:44 am

Thanks Klemen. I will keep monitoring it for now.

I am wondering if maybe the frequency of new tickets is mail bouncing between that address and our help desk.

Thanks again,
Mike

Post by **Klemen** » Thu Nov 06, 2014 12:38 pm

I would look into when the tickets get generated and if this is indeed and issue with bounced emails, try tweaking the "Email Loops" settings (Settings > Email tab).

AzHousePro · Post by **AzHousePro** » Thu Nov 06, 2014 8:56 pm

Thanks, I changed that setting and will see if that helps the issue.

Mike

PHPJunkyard support forum

Spam relaying through HESK?

Spam relaying through HESK?

Re: Spam relaying through HESK?

Re: Spam relaying through HESK?

Re: Spam relaying through HESK?

Re: Spam relaying through HESK?

Re: Spam relaying through HESK?

Re: Spam relaying through HESK?