-3

How do I comprehensively disable all email sending capability from my site? I do not want it to ever send any emails to anyone, ever.

I have a joomla site that's updated to the latest version, but my host constantly suspends my hosting because the site is sending spam emails.

User registration is disabled and there are no user forms open to any users.

My site doesn't need to send any emails, so I'm fine with just disallowing any php functions that can send them. The site is currently offline, and my host doesn't provide any usage information or analysis to help me out in any way. So... How do I comprehensively disable all email sending capability from my site?

Gorchestopher H
  • 103
  • 1

1 Answers1

4

I have a joomla site that's updated to the latest version, but my host constantly suspends my hosting because the site is sending spam emails.

To be blunt: if you know your site is sending spam, then it is incredibly irresponsible for you to keep it online. Take the site down until you are able to locate the vulnerability.

How do I comprehensively disable all email sending capability from my site?

You don't do this with PHP, as there are a myriad of ways somone could get around an arbitrary fuction blacklist. Rather, you do it with iptables:

iptables -A OUTPUT -p tcp --dport 25 -j DROP
iptables -A OUTPUT -p tcp --dport 587 -j DROP
iptables -A OUTPUT -p tcp --dport 465 -j DROP
EEAA
  • 109,363
  • 18
  • 175
  • 245
  • The site is down. But how do I test if the site is still being attacked if I don't try it periodically? I'll give iptables a try. – Gorchestopher H Mar 13 '14 at 13:17
  • 1
    You need to fix vulnerabilities, not just see if it's being attacked. – EEAA Mar 13 '14 at 13:25
  • If it's so vulnerable it allows lreaying of UBE then there's potentially all sorts of other ways it could be exploited to abuse other people. – symcbean Mar 13 '14 at 13:41