Weird Problem Email Verification Hacked?

Before I start, I have made Anton's Mandatory Confirmation mod added to my site but that shouldn't affect anything:

https://www.boonex.com/m/Mandatory_Confirmation

When a member joins, they are asked to confirm their email. This is normal.
Here's the problem:

  • When I create test users, everything works fine. I receive an email asking me to submit a verification code.
  • When other people join, they say the verification email doesn't arrive, or in some rare cases it's nothing more than an ad for some spammer. (See attachment) This seems to be the case with people using hotmail.

This thing is, new members claim they're not receiving the verification emails but I am. I've asked them to check their Spam and Trash, but they say the email is not there.

I've checked the script as best I can and there doesn't seem to be any sign of hacking. Maybe I'm not looking in the correct place.

(Dolphin 7.3.5 with Anton's mod)

 

ad.jpg · 161.4K · 232 views
Quote · 12 Aug 2019

The adverts are probably from the mail provider; which is Microsoft.  Free email addresses are often supported through advertising.  I am guessing that the code to insert the email advertising is affecting the email confirmation message.  I see that the title is there; just not the body.  It is not likely that there is any problem on your end.  You could try just sending the email in plain text and not have html.  Personally, I think that html email should never have been introduced.  I have my email client set to just display text as a security measure.

Geeks, making the world a better place
Quote · 12 Aug 2019

To test, you should create a hotmail account and use that for testing this issue.

Geeks, making the world a better place
Quote · 12 Aug 2019

Hi Geek_Girl,

You're probably right about the HTML because I'm able to communicate with the person fine using plain text emails from my personal gmail account. 

I'm not sure if the HTML issue is also blocking others from receiving the verification emails however.

I did have a hotmail account once, but it took about 50 tries to get an address. I finally went for Hotmailis****uselss@hotmail.com  and they accepted it. The **** was a very rude word I expected their filters to pick up, but they didn't.

I'll try again and test as you suggest.

Quote · 12 Aug 2019

Having a hotmail account would also allow you to look at the headers in the email.  There is another issue I had with emails and that was the \r\n in the code; \r is return, and \n is new line.  See this topic: https://www.boonex.com/forums/topic/MIME-Version-1-0-From-at-top-of-all-emails-How-to-fix-.htm

Not sure if that is causing any issues or not with hotmail.  With a hotmail account you could test directly instead of having to go through a third party, asking them to send you the headers etc.

Geeks, making the world a better place
Quote · 12 Aug 2019

After an exhausting hour of exchanging SMS verification codes I finally managed to create a Hotmail account. Why would anyone bother?

Okay, I signed up using Hotmail and received a perfectly normal Verification email, albeit in the Spam folder. No problems there, so it seems the person's Hotmail account has been compromised in some way.

The problem is, how do you tell these people? All they want to do is blame you!

Quote · 13 Aug 2019

The hotmail account is being checked with a web browser, so it could just as easily be malware on the computer being used to check the email.

https://www.deanbassett.com
Quote · 13 Aug 2019

Hi Deano,

Going by the screenshot, it seems she's using a mobile phone. I guess malware finds its way to phones as well.

Quote · 13 Aug 2019

A lot of work just to find out that the user has an issue; welcome to the world of being a sys admin.

Geeks, making the world a better place
Quote · 13 Aug 2019

 

After an exhausting hour of exchanging SMS verification codes I finally managed to create a Hotmail account. Why would anyone bother?

Okay, I signed up using Hotmail and received a perfectly normal Verification email, albeit in the Spam folder. No problems there, so it seems the person's Hotmail account has been compromised in some way.

The problem is, how do you tell these people? All they want to do is blame you!

If the Verification E-mail from you Site is ending up in the Spam Folder in Hotmail, make sure you have Reverse DNS and a PTR Record setup for your Domain. This can also be the case for many of the large E-Mail Services.

Quote · 13 Aug 2019

 

Hi Deano,

Going by the screenshot, it seems she's using a mobile phone. I guess malware finds its way to phones as well.

 
Right. I did not notice that.

Malware on phones is not as common as a PC, but is still possible.

So for a test, if you can convince her to check her Hotmail account from a different phone, or even a PC as test.


https://www.deanbassett.com
Quote · 14 Aug 2019

This issue (people receiving spam/ads instead of the verification email) seriously needs to be investigated. I too, was planning to install the Anton's Mandatory Confirmation Mod but now I am bit concerned. Anton is one of the greatest Mods developers and his products are reliable. We definitely need to find out whether the problem is from the user side (mail account or device) or from the mod.

Quote · 14 Aug 2019

@DigitZup I don't think the issue has anything to do with Anton's mod. the Mod does something different and mainly stops people from seeing photos etc, before their profile has been approved.

The verification code is sent with or without Anton's mod installed. I tested the perceived problem on my HotMail account with his mod in place and didn't strike any trouble.

I'm about to do what Deano suggests to see if the lady strikes problems when she's in front of a PC.

Quote · 14 Aug 2019

 

@DigitZup I don't think the issue has anything to do with Anton's mod. the Mod does something different and mainly stops people from seeing photos etc, before their profile has been approved.

Oh Yeah you are right. I didn't think about that. Ok please let us know the result of your tests with Hotmail.

Quote · 14 Aug 2019

I looked at Anton's Code and I don't see anything in there that would Spam like that, it is pretty simple.

Quote · 15 Aug 2019
 
 
Below is the legacy version of the Boonex site, maintained for Dolphin.Pro 7.x support.
The new Dolphin solution is powered by UNA Community Management System.