[TYPO3] unidetified "mail form" emails ?!? Big puzzle

[Bernd Wilke]

On Fri, 20 Apr 2007 17:02:11 +0000, Alper Odabasioglu wrote
with subject "[TYPO3] unidetified "mail form" emails ?!? Big puzzle":

> Hi Everybody,
> 
> I am against a very weird situation. I recieve spam mails and they "seem to 
> be" coming through a mailform content element on one page of our website. I 
> say "seem to be", because they really looks like, by means of formatting & 
> content to this malform content emails, however not exactly: the subject is 
> "hello" and the content(the fields of the form) is not exactly the same. 
> First I thought it might be because a spam bot is using an old version of 
> that "mail form" which somehow remained at the website, so scanned the 
> "tt_content" table (hidden, deleted whatever all the possible content 
> element types), however there is no such a "mailform" at our website. Then I 
> thought that maybe this spam email coming is not related with the website at 
> all, but just a same looking one and checked the "message details", however 
> it really looks like it comes from our website(Php-Mailer and the host of my 
> webserver is there). I got really confused, Any ideas?

What TYPO3-version? Do you have any mailing-extensions installed
(mailformplus, tipafriend,...) ? which versions?

have a look at http://typo3.org/teams/security/security-bulletins/

at the first look of your description it came to my mind: you're using an
old TYPO3 where the mailform wasn't checked (and the sender was included in
a hidden field) and so everyone could send mails at his own just building a
similar form using your site as action-target.

> by the way is there a log somewhere, where I can check the forms filled and 
> sent through our website?

no log for the standard-mailform. 
maybe a log from your mailer.
-- 
http://www.bernd-wilke.net