email "sent from the forum" hacked & upgrade (General)

by Homie, Sunday, December 11, 2016, 17:19 (2665 days ago) @ Micha

what kind of mail was it? Maybe, it was an answer of a thread/posting you have subscribed.

It clearly was spam. The email body consists of links only and the "from" was spoofed. I can send it to you if you want to see it - just give me an email address.

I only saw this mail because it bounced, the receiver's ISP refused the email.
Now, the good news is that when digging through the mail delivery reports on my server this was the only one in the last three days. Nevertheless I think that the spammer will be back trying to send out a ton of spam via my server.

I'm by no means a PHP programmer but from what I found out when searching is that this sure looks like email injection.

Assuming updating will solve my problem, do I have to update to 2.34, 2.35, 2.36 before I update to 2.37 or can it be done in one update?


Because of your old software version, I think it is better to do it step by step.

O.K. I'll try that.

Has there been security improvements to prevent email injection since 2.3.3?

Thanks!


Complete thread:

 RSS Feed of thread