Details
-
Bug
-
Status: Closed (View Workflow)
-
Resolution: Invalid
-
3.0.x
-
None
-
None
-
PHP Environment:
Database:
Description
I was by my error log, as i had to set up for our new host and its smtp.
I found many errors like this, and one right after i was setup
Anonymous ip:xxx.xxx.xxx.xxx Tue May 12, 2009 6:49 pm
error:
E-mail error
|
ยป EMAIL/SMTP
|
/ucp.php
|
|
|
Could not connect to smtp host : 110 : Connection timed out
|
|
|
<b>[phpBB Debug] PHP Notice</b>: in file <b>/includes/functions_messenger.php</b> on line <b>846</b>: <b>fsockopen() [<a href='function.fsockopen'>function.fsockopen</a>]: unable to connect to customer-smtp.one.com:25 (Connection timed out)</b><br />
|
However none can send mail by the smtp (old smtp was offline and this new host dosn't support php to send by smtp), and personal mail is disabled by the board(to improve security)
as it looks to me, this is some kind of attack, where you send the required info for mailsend, to the function (/includes/functions_messenger.php). and if it wasn't for the smtp errors, i would never have noticed.
I would suggest:
some form, of identity check on the mailsend function. like the registered level security.
and then, use the include if<> functions, so it won't be activated if users can send by the board.
It would also be good if the board could inform an admin (or founder) by private message or email, of any errors getting listed in the error log.
I don't think that would be too hard to implant, and i will do that myself if i get the time