To post a new support question, click the Post New Topic button below.
Current Version: 4.8.5 | Sytist Manual | Common Issues | Feature Requests
Please log in or Create an account to post or reply to topics.
You will still receive notifications of replies to topics you are part of even if you do not subscribe to new topic emails.
Malware Scanner Lists Sytist File As Vulnerability
W
Will Wenzel
57 posts
Wed Nov 07, 18 10:58 AM CST
Is anyone else getting messages from server malware scanners about sy-inc/PHPmailer/class.phpmailer.php? I keep getting compromised (malware put in folders on my server) and the scanner software says this file and its backup are my only vulnerabilities.
Tim - PicturesPro.com
16,150 posts
(admin)
Wed Nov 07, 18 11:25 AM CST
I have not heard of anyone else with that issue. The PHPMailer version in there is 5.2.8. I searched and didn't find any vulnerabilities related to the PHPMailer version.
Is it possible that is a false positive? If you are not using PHPMailer (Settings -> Mail Sending Settings), you can delete that file.
Is it possible that is a false positive? If you are not using PHPMailer (Settings -> Mail Sending Settings), you can delete that file.
Tim Grissett, DIA - PicturesPro.com
My Email Address: info@picturespro.com
My Email Address: info@picturespro.com
W
Will Wenzel
57 posts
Thu Nov 08, 18 4:00 PM CST
Hi Tim, and thank you. I downloaded the github version of the file, and I have a difference. Instead of public $Host = 'localhost' in this block of code, I have
/**
* SMTP hosts.
* Either a single hostname or multiple semicolon-delimited hostnames.
* You can also specify a different port
* for each host by using this format: [hostname:port]
* (e.g. "smtp1.example.com:25;smtp2.example.com").
* You can also specify encryption type, for example:
* (e.g. "tls://smtp1.example.com:587;ssl://smtp2.example.com:465").
* Hosts will be tried in order.
* @type string
*/
public $Host = 'smtp.mijnhostingpartner.nl';
I'm guessing that I should re-install all my sytist files and that will update?
/**
* SMTP hosts.
* Either a single hostname or multiple semicolon-delimited hostnames.
* You can also specify a different port
* for each host by using this format: [hostname:port]
* (e.g. "smtp1.example.com:25;smtp2.example.com").
* You can also specify encryption type, for example:
* (e.g. "tls://smtp1.example.com:587;ssl://smtp2.example.com:465").
* Hosts will be tried in order.
* @type string
*/
public $Host = 'smtp.mijnhostingpartner.nl';
I'm guessing that I should re-install all my sytist files and that will update?
Tim - PicturesPro.com
16,150 posts
(admin)
Fri Nov 09, 18 5:19 AM CST
You can just replace those files with the files from the Sytist update or installation files. If you don't have those files you can send me an email and I can send you the files.
Tim Grissett, DIA - PicturesPro.com
My Email Address: info@picturespro.com
My Email Address: info@picturespro.com
W
Will Wenzel
57 posts
Fri Nov 09, 18 8:15 AM CST
Thanks Tim. It's probably some site I tried years ago as a smtp server and I just don't remember it, but I'd feel better with authentic files in place.
David Harris
10 posts
Tue Dec 11, 18 1:15 PM CST
I believe I'm having the same problem - malware infecting my site via PHPMailer. I see that there are lots of vulnerabilities in versions earlier than 6.0.6. Can we get this updated in the next build? In the mean time, I've going to upgrade mine if possible.
https://github.com/PHPMailer/PHPMailer/blob/master/SECURITY.md
https://github.com/PHPMailer/PHPMailer/blob/master/SECURITY.md
Edited Tue Dec 11, 18 1:23 PM by David Harris
Tim - PicturesPro.com
16,150 posts
(admin)
Wed Dec 12, 18 4:29 AM CST
The exploits I see are for versions before 5.2.8. And for the exploits to be executed, it would need to be sent through a mail form, like a contact form.
Are you using PHPMailer to send emails? If so, have you received any suspicious emails with a strange from name?
I will look into updating the PHP mailer to 6.
Are you using PHPMailer to send emails? If so, have you received any suspicious emails with a strange from name?
I will look into updating the PHP mailer to 6.
Tim Grissett, DIA - PicturesPro.com
My Email Address: info@picturespro.com
My Email Address: info@picturespro.com
Please log in or Create an account to post or reply to topics.
Loading more pages