| Author |
Message |
skeetch
New Member
Joined: Oct 20, 2007
Posts: 20
|
 Posted:
Sat Oct 20, 2007 9:42 pm |
|
Many, many webhosting providers are turning off the phpmail() function due to it's inheirent vulnerability. That being said, seeing as how the phpbb and the galleries all can be configured to use smtp, but the main core of phpnuke proprietarily uses the phpmail function, how do we force the phpnuke to use smtp?
I have read alot of post, and hacks to disable the auth e-mail, but that is the whole point, stopping spamjackers from even getting in (mucho thanks to sentinel *raven*)
So.... I have requested of my provider that they implement a server sided phpmail() re-route to smtp on the server side, thus any call that a php nuke script would toss at the server would be defaulted to the smtp settings for the particular hosting account.
But what do we do until then? I looked into the CNBYA, but the newest version is not patched to work with RN that i can see, moreover it is still an " open the floodgate" style of circumvent.
I have spent many hours searching for a soloution to this, does anyone have an answer? Is there a php sided fix for this. can we add a line of code to auto re-direct the phpnuke script to smtp? As in... any call for phpmail would toss it to the "forums" smtp settings???
Any info would be appreciated as this has become VERY frustrating. Also , If i have succedded in getting my hoster to implememtn a blanket phpmail()--smtp passthrough, I will advise HERE. |
| |
|
 
|
|
Guardian2003
Site Admin
Joined: Aug 28, 2003
Posts: 6799
Location: Ha Noi, Viet Nam
|
| Posted:
Sun Oct 21, 2007 12:49 am |
|
The Raven Nuke Team have discussed building and using a mail CLASS to handle all of Ravennukes email requirements but I should stress that at the moment it is JUST in discussion.
If phpmail is not working, the first thing to do is clarify with your hosting provider that they have that function turned off as there are many reasons why phpmail would/could fail;
1. phpmail turned off
2. poorly configured server
3. Windows server instead of *nix
4. misconfiguration du to runnig php as a CGI module
5. host not having an SPF record
6. phpmail configured to only allow mail from the domain the script is on - i.e. if your admin email is using a different domain to the site the script is hosted on
I would agree though that more and more hosts are turning phpmail off due to poorly written scripts. |
| |
|
|
|
skeetch
|
| Posted:
Sun Oct 21, 2007 7:35 am |
|
Yeah that is just it.. my hoster has turned it off, as are many. Please get the brains together on this. all of us nuke users and developers of websites that rely heavily on "properly" written scripts, are quickly loosing functionality.
If i had any idea how to attempt it, I would, but something this important is best left to experts, of which i am definately not.. lol |
| |
|
|
|
|
Raven
Site Admin/Owner
Joined: Aug 27, 2002
Posts: 17088
|
| Posted:
Sun Oct 21, 2007 7:54 am |
|
Have you tried Php Nuke Mailer?
I've been looking at it and it just might fit the bill  |
| |
|
|
|
|
skeetch
|
| Posted:
Sun Oct 21, 2007 8:10 am |
|
Yeah I looked at that, but it seemed like a circumvent rather than an actual fix. The issue is security. I will give a go, and test it out, but my fear is security, like most of us. Sentinel tends not to play well with others, lol. (which is good)
What i was really hoping, was to get my hoster to add a server sided phpmail--smtp redirect function in cpanel. Then it wouldn't matter if a nuke users script got hacked, as the smtp settings would be above the webroot, and therefore inaccessable, and secure.
I will give it a run and see how it works. i will post here any issues, etc. |
| |
|
|
|
|
skeetch
|
| Posted:
Sun Oct 21, 2007 9:03 am |
|
several problems,
1. there is a crapload of files that need to be edited, and there is no way to know you got them all... (no error codes show if you make a mistake)
2. the site :http://metalrebelde.metropoliglobal.com/web/modifications.html Is no longer there, but there is a complete list in the help file once you are in admin panel, but the list is extreamly long, and the files are hard to edit as the code may differ depending on what mods you have installed.
3. even the files listed in the readme are not accurate, this code is obsolete, as any mod you have added changes the files/ that it is a. impossible to edit via instructions, and b. a complete security risk.
Is there any way to add a blanket call for a xxx.php file that could re-direct to this module.. meaning anytime the current phpmail() function is run in any way, it looks for the command line, so edit the mainfile to point to the newley created file which merely re-directs it to the module? or perhaps we could just add the smtp settings path from the forums, and let it send out the auth e-mails from the forums???
This is why i started a new post, nothing else applied, but we'll keep workin it till it is fixed. Like most i have far too much time invested to toss my php and start over.. not happening... |
| |
|
|
|
|
Raven
|
| Posted:
Sun Oct 21, 2007 9:52 am |
|
Look here for support.
[ Only registered users can see links on this board! Get registered or login! ] |
| |
|
|
|
|
skeetch
|
| Posted:
Sun Oct 21, 2007 9:58 am |
|
So far i have edited my "activation e-mail" files according to the help file. and it is not working. the smtp settings are correct, and all changes were made as per the instructions, so seeing as the server kicks back no error it is nearly impossible to diagnose where, if any a mistake has been made.
What i am getting at, is it is very advanced to try to edit all these files (even after you find them), that will lead to mistakes, (which bring up no errors with reporting on) and that is a security problem.
isn't there a simpler way of redirecting the phpmail function? cause if this is it... then in about a month or so, when 99% of all hosters have been sued and re-sued for spam e-mails and they all shut down the phpmailer from the bin, what do we all do then??? try to edit about 50 pages of code, hoping we got it right the first time?
There has to be a better way folks. |
| |
|
|
|
|
Raven
|
| Posted:
Sun Oct 21, 2007 10:02 am |
|
skeetch, I was just offering up a suggestion, not the total solution. We will be incorporating SMTP into the next release of RavenNuke(tm) but you need help before then it appears. |
| |
|
|
|
|
skeetch
|
| Posted:
Sun Oct 21, 2007 10:07 am |
|
I do much appreciate that btw.
well, yeah, as none of my users can register, lol. not to mention i am running 3 different websites with RN =) (it is really good stuff, btw thanks for all your work =)
Any idea when that will be coming out? if it is soon then I'll just have to go old school on the admin auth only.. but that is very time / labor intensive.
This is such great stuff, i would hate to not be able to use it. |
| |
|
|
|
|
Raven
|
| Posted:
Sun Oct 21, 2007 10:12 am |
|
[ Only registered users can see links on this board! Get registered or login! ] |
| |
|
|
|
|
skeetch
|
| Posted:
Sun Oct 21, 2007 11:42 am |
|
As usual raven, you rock! |
| |
|
|
|
|
montego
Site Admin
Joined: Aug 29, 2004
Posts: 9457
Location: Arizona
|
| Posted:
Mon Oct 22, 2007 5:55 am |
|
|
|
|
|
|
|
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
