Thread

Hi;

I’ve recently been receiving a lot of returned emails that I didn’t send. The common denominator seems to be that they are originating from my EE site, and in the bounced transcript I see the following lines:

Subject: =?utf-8?Q?Enclosed_is_your_activation_code?=
User-Agent: ExpressionEngine 1.6.7

Have I been hacked by a spammer? (I’m not sending registration code out!)
If so, how do I find out where the problem lies, and how do I solve it?
(Yeah, I realise I’m a couple if versions behind the last 1.6.x build. Would updating provide a fix?)

Thanks in advance for any help;
Rick

Are you running the forum module? Are you providing a login/register page? Have you turned off registrations in general?

Forums: no.
Login/register page: no.
Memberships off… Um…don’t know. I don’t use memberships on this site… where do I check for that?

See the screen shot? You can turn off member registration there. Does that help?

Sue;

Thank you. You were right, my EE installation had ‘Allow New Member Registrations’ set to Yes, even though I wasn’t using that part of the feature set. And grand total of 6122 members(!) Yikes. I’ve turned that feature off.

Is it safe to delete all members (apart from myself—I’m the only user of the site’s CP)? For example, people who leave comments have the option to be sent an email when there are followup comments to the thread, and I don’t know where that data is stored. Is it folded into the membership system? Or is there any other integration between comments and membership?

Yes, you can safely delete all members you don’t need (be sure to make a db backup first, just in case). Comment details by non-members are stored in the database separately.

Good to know, Ingmar, thanks.
Now, is there any way to delete more than one displayed page of members at a go? With 6121 members to eradicate, I have 120+ pages of member listings. Gotta be a quicker way than doing them one page at a time(?)

If you don’t use regular members, why not delete the whole group? you can do that in CP Home > Admin > Members and Groups > Member Groups.

Ingmar; that sounded like a brilliant solution, but EE seems to assume that I want to reassign the members to another group, rather than throw them out with the group I’m deleting. It doesn’t seem to offer an option to NOT reassign them.

Right. Move them to Banned, then use “Membership Account Pruning” at CP Home > Admin > Utilities > Data Pruning > Membership Account Pruning. That should do it, I think.

It did! Thank you. (Of course, maybe I should have done that *instead* of deleting the Members group… just in case I ever need it after all. Oh well, too late now).

Anyway, hopefully this will close up the vulnerability that let someone send out spammy-assed emails from my site. If not, I’ll be back here for more advice.

Cheers Sue and Ingmar;
Ta-ra!

Glad to see that helped. (Incidentally, if you ever do need a member group again, just create a new one. There was nothing magical about the existing one, unlike “Pending”, “Banned” and “Superadmins”; you might have noticed that EE would not let you delete the latter, either.) Please post again in case there’s anything else.