To post a new support question, click the Post New Topic button below.
Current Version: 4.8.5 | Sytist Manual | Common  Issues | Feature Requests

Please log in or Create an account to post or reply to topics.
You will still receive notifications of replies to topics you are part of even if you do not subscribe to new topic emails.

Malware Scanner Lists Sytist File As Vulnerability

W
57 posts
Wed Nov 07, 18 10:58 AM CST
Is anyone else getting messages from server malware scanners about sy-inc/PHPmailer/class.phpmailer.php? I keep getting compromised (malware put in folders on my server) and the scanner software says this file and its backup are my only vulnerabilities.
16,150 posts (admin)
Wed Nov 07, 18 11:25 AM CST
I have not heard of anyone else with that issue. The PHPMailer version in there is 5.2.8. I searched and didn't find any vulnerabilities related to the PHPMailer version.

Is it possible that is a false positive? If you are not using PHPMailer (Settings -> Mail Sending Settings), you can delete that file.
Tim Grissett, DIA - PicturesPro.com
My Email Address: info@picturespro.com
W
57 posts
Thu Nov 08, 18 4:00 PM CST
Hi Tim, and thank you. I downloaded the github version of the file, and I have a difference. Instead of public $Host = 'localhost' in this block of code, I have
/**
* SMTP hosts.
* Either a single hostname or multiple semicolon-delimited hostnames.
* You can also specify a different port
* for each host by using this format: [hostname:port]
* (e.g. "smtp1.example.com:25;smtp2.example.com").
* You can also specify encryption type, for example:
* (e.g. "tls://smtp1.example.com:587;ssl://smtp2.example.com:465").
* Hosts will be tried in order.
* @type string
*/
public $Host = 'smtp.mijnhostingpartner.nl';

I'm guessing that I should re-install all my sytist files and that will update?
16,150 posts (admin)
Fri Nov 09, 18 5:19 AM CST
You can just replace those files with the files from the Sytist update or installation files. If you don't have those files you can send me an email and I can send you the files.
Tim Grissett, DIA - PicturesPro.com
My Email Address: info@picturespro.com
W
57 posts
Fri Nov 09, 18 8:15 AM CST
Thanks Tim. It's probably some site I tried years ago as a smtp server and I just don't remember it, but I'd feel better with authentic files in place.
10 posts
Tue Dec 11, 18 1:15 PM CST
I believe I'm having the same problem - malware infecting my site via PHPMailer. I see that there are lots of vulnerabilities in versions earlier than 6.0.6. Can we get this updated in the next build? In the mean time, I've going to upgrade mine if possible.

https://github.com/PHPMailer/PHPMailer/blob/master/SECURITY.md
Edited Tue Dec 11, 18 1:23 PM by David Harris
16,150 posts (admin)
Wed Dec 12, 18 4:29 AM CST
The exploits I see are for versions before 5.2.8. And for the exploits to be executed, it would need to be sent through a mail form, like a contact form.

Are you using PHPMailer to send emails? If so, have you received any suspicious emails with a strange from name?

I will look into updating the PHP mailer to 6.
Tim Grissett, DIA - PicturesPro.com
My Email Address: info@picturespro.com
7 total messages
Please log in or Create an account to post or reply to topics.
This post has been viewed 830 times
Category: Other
 
Loading more pages
Loading more pages

Sign up for email promotions.

Your information is safe with us and won't be shared.

Thank you for signing up!

 
©2003 - 2021 Grissett, LLC. All Rights Reserved.

By continuing to browse or by clicking Accept Cookies, you agree to the storing of cookies on your device necessary to provide you with the services available through our website.

    Accept   Privacy & Cookie Policy
Loading More Photos
Scroll To Top
Close Window
Loading
Close