Unusual e-mail activity attack

mehulpanchal

Hello - I'm looking for some help.

We run a public osTicket support system(v1.11).
I have used custom captcha on open new ticket page in my osTicket system.
My hosting server provider notify me about attackage made in on my osTicket system as given below.

A few minutes ago, our security systems detected unusual e-mail activity on your webspace.
Dispatch of the e-mails was initiated by the following files on your webspace:
_{/upload/open.php}

Hosting provider suddenly deactivated my SMTP service on it and notify me.
This attack happened many time on my osTicket system.

can any one suggest me any solution in my osTicket system?

Looking for solution..

Thanks

ntozier

1.11 is no longer supported and is end of life.

open.php is the file that Users use to create a new ticket. If you have email alerts turned on it would likely generate emails to the department/agents/user. This sounds to me like your host is detecting a false positive.

You would have to do one or more of the following: minimize your alerts/notices, tell your hosting provider that it is a false positive, or find a new hosting provider.

mehulpanchal

Hi Thanks for your reply..

I could not understand very well in your reply..
Can you plz help me by read following content?

I have used custom captcha on open new ticket page in my osTicket system.
My hosting server provider notify me about attackage made in on my osTicket system as given below.

A few minutes ago, our security systems detected unusual e-mail activity on your webspace.
Dispatch of the e-mails was initiated by the following files on your webspace:
upload/open.php

In order to protect your security and prevent a blacklisting of the servers, we have disabled the e-mail submission service for your contract. Note that you will still be able to receive emails.
Please take the following steps to ensure that your contract is secure.

Did you send the e-mails intentionally?
If so, please check that the software you used is correctly configured and that the recipient e-mail addresses can be reached.
You should also be familiar with and follow our newsletter standards. You can find them in the IONOS Help Center.
Were the e-mails sent without your knowledge?
- Please check whether the files listed above serve a necessary function for your website. If they are not necessary, please delete them.
- If the files are necessary, for example a contact form or a "tell a friend" function, please secure the files appropriately.
  The use of CAPTCHAs has proven effective in the past. The IONOS Help Center can show you how these work.
  Are you using a CMS such as Joomla! or WordPress? Please update the CMS and the plug-in to the latest version.
  Use only plug-ins that are being actively developed and that have anti-spam functions like CAPTCHAs.
Once these steps have been completed, please call us at 1-866-991-2631,
Monday through Friday from 9:00am to 5:00pm Eastern Standard Time and we will be happy to release the sending lock on your account.
You can also reply to this email and leave your reference [Ticket AB123039318] in the message.
Thank you for cooperating with us in making sure that your web pages are secure.

Looking for solution..

Thanks

ntozier

I am not sure how to re-word my response into simpler terms.

You control who emails are generated to when a user or agent open a ticket.
If you want less email alerts then shut some off.
Admin panel -> Settings -> Tickets
See the tabs Auto responder and Alerts and Notices

Or tell your hosting provider that it is a false positive.
This should be self explanatory.

or find a new hosting provider.
This should be self explanatory.