Spam delivered directly to Kayako

[nibb]

I have a email set to registered users only. I worked perfect, now suddenly after 2 days im receiving spam on that box. The spam seems to be delivered directly to kayako, since i dont receive a copy of the Ticket like i do normally. Also when i click on the headers it says:
Invalid Parser Log entry. Make sure that the Parser Log entry exists in the database and has not been deleted.

Im getting now 50 a day and they are delivered to the registered mail that is suppose to reject. I also have a very good filter of spam and its not getting to the server, it seems someone is delivering the mails directly to kayako bypassing the mail. This is so strange.

[Jamie Edwards]

Hi nibb,

Are you saying this is a form-submitted ticket or an e-mail submitted ticket?

[nibb]

I dont know how they deliver it.

It was working for 3 months no spam at all. Since you cannot deliver it. I dont think via forma since you have to log in for that.

All the same comes from Sales

And the user is not even created. Also i have an alert to receive copy and the SMS alert, for the spam i dont receive the SMS alerts and no email copy so i suppose this is not send via mail but forced directly to kayako someway.
For other tickets or normal emails i get the SMS and email but not for this spam.

The weard thig is that on the log parser it shows it delivers it but when you clic on it to see the info it shows that errror that is doesnt exist, and on the spam emails it also shows it doesnt exist. Im scared that the spammer hacked my kayako someway and it putting the same directly. I do see tons of MSN bots sessions as client not as visitor, so this could maybe has something to do with it. But i checked the IP and they are from MSN and Microsoft so i discarded that.

[Jamie Edwards]

Hi nibb,

Have you checked the parser log in the administrator control panel? Are there entries for the spam you are receiving? This is a very strange issue.

[nibb]

yes, they are, they are marked as OK in green delivered. More strange is when you clic on the log to see it it says it doesnt exist.

[nibb]

This is getting worse now. It seems somone is using Kayako to spam as a relay. I have the latest kayako and the piping is done via the cli/index.php

[Jamie Edwards]

Hi Nibb,

My assumption is that someone must have access your server and/or Kayako installation as a result of an XSS attack on the insecure version you were running previously.

I would suggest you go through each area of your hosting account checking for anything suspicious. I would change all of your administrator passwords, as well as remove your SupportSuite installation directory entirely, reuploading all of the files to ensure they are 'clean'.

You could also submit a ticket to Support; our Services department may be able to better determine (as opposed to my guess work) where the unauthorized access is taking place.

[Jamie Edwards]

I have consulted with a developer - if you do choose to send a ticket to Support to see if we can help trace the offended scripts, please provide mail logs or if available administrator access to your web server.

[nibb]

Well i always had Kayako on the latest version. So if it was hacked it was on the latest version.

[nibb]

I dont think its spamming via the server. The mails are delivered to port 110 to to Kayako itself.

In message id they have something like jjqdmo.gbep5k@mydomain.com

[Jamie Edwards]

Hi Nibb,

Please submit a support ticket detailing this problem / link to this thread.