Support » Plugin: Jetpack by WordPress.com » Jetpack Sharing email can be abused for spam

  • blogjunkie

    (@blogjunkie)


    A couple of days ago I noticed some spam in my SendGrid activity. I realized that someone / some bots had been using the Jetpack Sharing share via email option to send spam to addresses at qq.com. Not sure if there’s anything that can be done from the plugin, but I thought I should let you know that this feature can be abused. Thanks

Viewing 15 replies - 1 through 15 (of 46 total)
  • Plugin Contributor Jeremy Herve

    (@jeherve)

    Jetpack Mechanic

    Thanks for the report!

    We had added counter measures to the button a while ago, to catch spammers, but it looks like they found a way through on your site.

    Would you mind contacting us via this contact form, and give us some examples of the spam emails? We’ll see how we can catch them.

    Until we find a solution, I’d recommend implementing ReCaptcha by following this guide:
    Adding reCaptcha to the Email Sharing Button

    Thanks!

    i have the same problem … posted it here:
    https://wordpress.org/support/topic/jetpack-hacked/#post-8398136

    sorry

    read your Message at the other thread … yes, i have already included a Captcha …
    The problem ist, that i can’t do a tcpdump because of missing permissions …
    Otherwise i could check the content of the requests …

    Mostly there are 4 Hits from one IP-Address … I still get about 100 – 200 hits per minute …

    103.214.168.28 - - [05/Nov/2016:13:35:10 +0100] "POST /informationen/karte/?share=email&nb=1 HTTP/1.1" 302 336 "http://www.fuenfseenland.de/informationen/karte/?share=email&nb=1" "Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)"
    103.214.168.28 - - [05/Nov/2016:13:35:10 +0100] "POST /informationen/karte/?share=email&nb=1 HTTP/1.1" 302 336 "http://www.fuenfseenland.de/informationen/karte/?share=email&nb=1" "Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)"
    103.214.168.28 - - [05/Nov/2016:13:35:10 +0100] "GET /informationen/karte/?shared=email&msg=fail HTTP/1.1" 200 34209 "http://www.fuenfseenland.de/informationen/karte/?share=email&nb=1" "Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)"
    103.214.168.28 - - [05/Nov/2016:13:35:10 +0100] "GET /informationen/karte/?shared=email&msg=fail HTTP/1.1" 200 34209 "http://www.fuenfseenland.de/informationen/karte/?share=email&nb=1" "Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)"
    103.214.171.165 - - [05/Nov/2016:13:35:14 +0100] "POST /informationen/karte/?share=email&nb=1 HTTP/1.1" 302 336 "http://www.fuenfseenland.de/informationen/karte/?share=email&nb=1" "Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)"
    103.214.171.165 - - [05/Nov/2016:13:35:14 +0100] "POST /informationen/karte/?share=email&nb=1 HTTP/1.1" 302 336 "http://www.fuenfseenland.de/informationen/karte/?share=email&nb=1" "Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)"
    103.213.251.246 - - [05/Nov/2016:13:35:15 +0100] "POST /informationen/karte/?share=email&nb=1 HTTP/1.1" 302 336 "http://www.fuenfseenland.de/informationen/karte/?share=email&nb=1" "Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)"
    103.213.251.246 - - [05/Nov/2016:13:35:15 +0100] "POST /informationen/karte/?share=email&nb=1 HTTP/1.1" 302 336 "http://www.fuenfseenland.de/informationen/karte/?share=email&nb=1" "Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)"
    118.184.13.47 - - [05/Nov/2016:13:35:15 +0100] "POST /informationen/karte/?share=email&nb=1 HTTP/1.1" 302 336 "http://www.fuenfseenland.de/informationen/karte/?share=email&nb=1" "Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)"
    118.184.13.47 - - [05/Nov/2016:13:35:15 +0100] "POST /informationen/karte/?share=email&nb=1 HTTP/1.1" 302 336 "http://www.fuenfseenland.de/informationen/karte/?share=email&nb=1" "Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)"
    103.214.171.165 - - [05/Nov/2016:13:35:14 +0100] "GET /informationen/karte/?shared=email&msg=fail HTTP/1.1" 200 34209 "http://www.fuenfseenland.de/informationen/karte/?share=email&nb=1" "Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)"
    103.214.171.165 - - [05/Nov/2016:13:35:14 +0100] "GET /informationen/karte/?shared=email&msg=fail HTTP/1.1" 200 34209 "http://www.fuenfseenland.de/informationen/karte/?share=email&nb=1" "Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)"
    103.228.131.135 - - [05/Nov/2016:13:35:15 +0100] "POST /informationen/karte/?share=email&nb=1 HTTP/1.1" 302 336 "http://www.fuenfseenland.de/informationen/karte/?share=email&nb=1" "Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)"
    103.228.131.135 - - [05/Nov/2016:13:35:15 +0100] "POST /informationen/karte/?share=email&nb=1 HTTP/1.1" 302 336 "http://www.fuenfseenland.de/informationen/karte/?share=email&nb=1" "Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)"
    118.184.13.47 - - [05/Nov/2016:13:35:15 +0100] "GET /informationen/karte/?shared=email&msg=fail HTTP/1.1" 200 34209 "http://www.fuenfseenland.de/informationen/karte/?share=email&nb=1" "Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)"
    118.184.13.47 - - [05/Nov/2016:13:35:15 +0100] "GET /informationen/karte/?shared=email&msg=fail HTTP/1.1" 200 34209 "http://www.fuenfseenland.de/informationen/karte/?share=email&nb=1" "Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)"
    103.213.251.246 - - [05/Nov/2016:13:35:15 +0100] "GET /informationen/karte/?shared=email&msg=fail HTTP/1.1" 200 34209 "http://www.fuenfseenland.de/informationen/karte/?share=email&nb=1" "Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)"
    103.213.251.246 - - [05/Nov/2016:13:35:15 +0100] "GET /informationen/karte/?shared=email&msg=fail HTTP/1.1" 200 34209 "http://www.fuenfseenland.de/informationen/karte/?share=email&nb=1" "Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)"
    118.193.247.85 - - [05/Nov/2016:13:35:16 +0100] "POST /informationen/karte/?share=email&nb=1 HTTP/1.1" 302 336 "http://www.fuenfseenland.de/informationen/karte/?share=email&nb=1" "Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)"
    118.193.247.85 - - [05/Nov/2016:13:35:16 +0100] "POST /informationen/karte/?share=email&nb=1 HTTP/1.1" 302 336 "http://www.fuenfseenland.de/informationen/karte/?share=email&nb=1" "Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)"

    Hello,
    Any progress on this issue? Just start experiencing this on my site today. 2 days 1000 emails.

    Will implement reCaptcha now, but wondering if any progress on that?

    Plugin Contributor Jeremy Herve

    (@jeherve)

    Jetpack Mechanic

    @idarek No progress on this, but it’s on our to-do list. Until then, reCaptcha is probably the best option.

    I’ll post again here when I have some news!

    Thanks,
    Just implemented, will see shortly if got desired result 🙂

    Regards

    I am following to get updated

    reCaptcha will be the only one option for this issue or you are working on this problem?

    Plugin Contributor Jeremy Herve

    (@jeherve)

    Jetpack Mechanic

    @piotrpachowicz We’re working on another way to catch spammers even when you don’t use reCaptcha.

    I’ll post again here as soon as we’ve implemented a fix, but until then I’d recommend enabling reCaptcha.

    Just to confirm. Have implemented reCaptcha according to above method (quick an easy)
    https://jetpack.com/2013/04/15/recaptcha-email-sharing-button/

    and spam dropped by 100%.
    Implemented straight away on other sites.

    • This reply was modified 10 months, 1 week ago by  idarek.
    fotobeam

    (@apachelance)

    I experienced the same problem (mails to gg.com domain). It took me a while to figure out that the problem was related to the mail sharing button in Jetpack. I disabled it.

    You guys should fix that or implement the recaptcha as a must-have. From my domain 10 mails per hour were sent as spam. Just because of some sending errors I was aware of this hack. If people would not be aware of that then their server could get blacklisted.

    idarek

    (@idarek)

    reCaptcha as mentioned before solve this problem in 100%.

    Please remember that if you using this plugin for free, all requests future need to be in reasonable manners, as nobody paying for it. Consider that, they are doing very good job for users who are using this plugin for free and there is solution for it already.

    fotobeam

    (@apachelance)

    reCaptcha is an “unofficial” solution. Not everybody is crawling through these forums.

    Because Jetpack is one of the most used plugins, security is important, even if you consider that most of it is free.

    idarek

    (@idarek)

    @apachelance You don’t need to “crawling through these forums”
    Answer were given by Jeremy @jeherve on 1st replay in this post.

    fotobeam

    (@apachelance)

    This plugin is used by a lot of WordPress users. Not everybody is checking forums to ensure a basic level of security. Therefore it should be implemented into the plugin or a short notice should be included if the user enables this features. Nowadays features are not the only thing that counts. Security is getting more and more important.

Viewing 15 replies - 1 through 15 (of 46 total)
  • You must be logged in to reply to this topic.