fbpx
Welcome, Guest
Username: Password: Remember me

TOPIC: Possible security flaw/bug with a contact module generated with JDBuilder

Possible security flaw/bug with a contact module generated with JDBuilder 8 months 12 hours ago #27548

  • FX2LTD
  • FX2LTD's Avatar
  • Offline
  • Junior Member
  • Posts: 27
  • Karma: 0
Hi,
I have generated a simple contact form with some required fields and a recaptcha validation (fx2.it/contact-us.html)
1) First issue.
In the field related to the phone number, the international prefix number is overlapping the phone number field. The little arrow that shows to click onto the field, in order to open the menu curtain with all the international prefixes, is overlapping the field with the phone number, which is being written immediately under the arrow. It's a spacing issue, but who knows how it can affect other features, so I would be happy if you could fix it inside JDbuilder, rather than me having to deal with a CSS modifications that could be overwritten on the next update.
2) Second issue (very minor).
I have set a message field, I would he happy to be able to specify the minimum and the maximum number of characters/words people have to put, in order to avoid messages sent without content, or with too much.
3) Third Issue.
I could not understand how to add a "Reset Content" button to the form, so that it would be possible to clear all the forms fields with a simple click
4) Content sending technology (This is urgent!!!)
I have set in the Joomla server management control panel (global configuration) --> Mail settings the sending method to PHP Mail, and I have experienced bugs/errors which are different whether I use Google Chrome or Mozilla Firefox (both updated to the latest versions.)
On Chrome, when clicking on SEND, the browser opens up a window in which it reports an error, which does not happen with Firefox. In both cases though, the e-mail I am receiving does not display any plain content, but just lines full of numbers.
I have decided to try the sending method sendmail, and things got even worse.
I receive normal e-mails, but I started to receive random e-mails from fake users, where the compulsory fields have been either bypassed or not accepted, the compulsory terms and conditions have not been accepted as well.
That looks to me like a backdoor or a hack.
If some fields have to be accepted for the message to be sent, and they arrive to me as they have not been either filled in or accepted, it means that for some reasons, there is something inside the JDBuilder code (maybe left by an employee of yours), or a bug/flaw, that allows someone to bypass completely the form and send me fake e-mails. I don't think it's Joomla's sendmail code, or m ISP's server. To be honest I am not the one that has the knowhow to troubleshoot, but I can tell you that it happened only when the method was Sendmail, after I switched to PHP Mail, I stopped receiving e-mails. So, it seems that some code inside the for, like a backdoor or a worm, is actually telling people that the script is open, and that somehow they can interfere with it.
Whatever the reason, I don't think this is normal, actually is a bit creepy in my opinion, and I am having concerns over the security of my website for myself and for others. I don't know how can those e-mails be generated bypassing all the requirements of the form, and arrive to me as if they have been genuinely generated by people writing to me on the contact form of my website.
I am enclosing the file also showing one of those e-mails, I believe more or less they are all of the same type.
I didn't switch to SMTP yet, because before putting my mailserver details, I would like to make sure the website is not compromised, as it would affect my ISP and I don't want to risk to be penalised.
I strongly believe something is wrong within the JDBuilder call to Sendmail, but as I like to make sure about my suppositions, I prefer you to investigate deeply into it.
Joomla and everything on the server are up to date and have the latest versions
Regards
Attachments:
The administrator has disabled public write access.

Possible security flaw/bug with a contact module generated with JDBuilder 7 months 4 weeks ago #27607

  • nishtha
  • nishtha's Avatar
  • Offline
  • Moderator
  • Posts: 2436
  • Thank you received: 218
  • Karma: 36
Hey,

Firstly I would suggest you to make different forum posts when you have more than 1 major issues it will be easy for us to understand them and communicate you the solution effectively.

Now coming to your questions here, the replies are in order:

#1 This is a known issue with us we will resolve this is the upcoming JD Builder update. But thanks for letting us know.

#2 This seems to be a good and valid suggestion we shall take this under consideration and hopefully implement it in the next releases.

#3 Not a feature yet but again a good suggestion we can see what we can do about it.

#4 Now this is a major issue for you, well we can see the popup error here which seems to be some conflict with a 3rd party extension that is restricting the com_ajax submissions. So for that the developer would be requiring your site credentials to verify and resolve it.
And as far as the spam submissions are concerned we at-least are unable to submit the form without filling the required fields so that is not working for us. Nevertheless we'll try to check that once we get the details.

Please share you site's backend login details on This email address is being protected from spambots. You need JavaScript enabled to view it. along with this forum link so we can check the issues.

Thanks,
Nishtha
Thank You,
If you like our support and products, tweet us at joomdev and let the world know about it.

To know more about products check out the their documentation.
The administrator has disabled public write access.

Possible security flaw/bug with a contact module generated with JDBuilder 7 months 4 weeks ago #27621

  • FX2LTD
  • FX2LTD's Avatar
  • Offline
  • Junior Member
  • Posts: 27
  • Karma: 0
Hi, thank you for your reply.
I have made just one post, because all the issues were linked to the same piece of code (JD Contact form).
Sorry if that has created disruptions...

I will create a user with admin privileges and write to you all the info via e-mail.

Thanks

Regards
The administrator has disabled public write access.

Possible security flaw/bug with a contact module generated with JDBuilder 7 months 3 weeks ago #27692

  • nishtha
  • nishtha's Avatar
  • Offline
  • Moderator
  • Posts: 2436
  • Thank you received: 218
  • Karma: 36
Hi,

Replied about this over the mail.

Thanks,
Nishtha
Thank You,
If you like our support and products, tweet us at joomdev and let the world know about it.

To know more about products check out the their documentation.
The administrator has disabled public write access.

Possible security flaw/bug with a contact module generated with JDBuilder 4 months 15 hours ago #29902

  • FX2LTD
  • FX2LTD's Avatar
  • Offline
  • Junior Member
  • Posts: 27
  • Karma: 0
Hi,

I just wanted to let you know that I am still having the same issues described 3 months ago...
I have tried also on the web browser "brave" and I have the same problems

Regards
The administrator has disabled public write access.

Possible security flaw/bug with a contact module generated with JDBuilder 2 months 1 week ago #30336

  • FX2LTD
  • FX2LTD's Avatar
  • Offline
  • Junior Member
  • Posts: 27
  • Karma: 0
Hi,
As per my previous message of over a month ago, I just wanted to let you know that the problem is still there.
Thanks in advance
The administrator has disabled public write access.

Possible security flaw/bug with a contact module generated with JDBuilder 1 month 9 hours ago #30784

  • FX2LTD
  • FX2LTD's Avatar
  • Offline
  • Junior Member
  • Posts: 27
  • Karma: 0
It seems the forum no longer works and I can not post anything here
The administrator has disabled public write access.

Possible security flaw/bug with a contact module generated with JDBuilder 1 month 9 hours ago #30785

  • FX2LTD
  • FX2LTD's Avatar
  • Offline
  • Junior Member
  • Posts: 27
  • Karma: 0
Hi,
It's been over 7 months now, that the problem has not been identified.
Now I am having issues also with firefox, this is what comes out when I click on SEND on Firefox:

On Chrome, it shows it in a pop-up that I could not copy and paste. I am attaching the pictures.
Please, I need this to be fixed, or I will have to dismantle the whole website, and remove JDBuilder and Astroid for good. I cannot renew my subscription to a software that does not guarantee stability and does not allow to identify issues easily.
Attachments:
Last Edit: 1 month 9 hours ago by FX2LTD.
The administrator has disabled public write access.

Possible security flaw/bug with a contact module generated with JDBuilder 4 weeks 1 day ago #30805

  • dankra
  • dankra's Avatar
  • Offline
  • Premium Member
  • Posts: 133
  • Thank you received: 2
  • Karma: 1
::following::
The administrator has disabled public write access.

Possible security flaw/bug with a contact module generated with JDBuilder 3 weeks 6 days ago #30834

  • chandandeep
  • chandandeep's Avatar
  • Offline
  • Administrator
  • Posts: 4602
  • Thank you received: 648
  • Karma: 116
Hello FX2LTD,

Am so sorry. You have to get this error message for a long time. Please send the site login and FTP details. So I can find the problem and fix it ASAP.

Thanks,
Chandan
Thank You,
If you like our support and products, tweet us at joomdev and let the world know about it.

To know more about products check out the their documentation.
The administrator has disabled public write access.
Moderators: chandandeep
Time to create page: 0.482 seconds
Cron Job Starts