SMF 2.0 RC3 generating spam email

[kb4ob]

I just recently upgraded to RC3 because I had an issue where someone inserted code somewhere in RC2 that was utilizing the SMF board to generate continious garbage email to my administrator account.
After the upgrade, everything was working fine until this morning it started again running RC3.
Below is the last email I received this morning:
[http://www.rvweb.net/temp/garbage.JPG [nofollow]

This is a random occurance that I was never able to nail down but my host indicated that it was generated by my primary index.php script.
I do not know if it is generating more spam but unless I can find a solution I will have to take the forum down permanently.
The forum is here:
http://www.rvweb.net/smf/index.php [nofollow]

[kat]

As your host "indicated that it was generated by my primary index.php script", could you attach that file, to your next post?

[rd]

okay somethings not clear here, are your members getting spammed or is your admin Email getting spammed?

[kb4ob]

The only account that I know of that is getting the spam is my admin account. I set up another account that the forum uses for email origination.
The spam is/was originated from this account and is, so far, random in nature and pure garbage.
I saved my setup.php file this morning, deleted the entire forum subdirectory and re-installed it from a new download.
I am getting ready to go on vacation for a month and simply do not have the resources to troubleshoot it on the road.
If the complete re-install does not resolve the issue, I can disable it until I get back home.
I may have an old backup that has the original index.php file in it and will look but I was unable to attach anything to my original post except a link.

[rd]

It's not hard for people to get hold of admin Email, since if you send mass mail, your admin Email is listed

[kb4ob]

Below is the comment from my host support department who made the determination of source of the emails:

********************************************************************************
It looks like your SMF installation is being used to send these emails. I would recommend you install a captcha system to prevent this from happening. I would recommend you check the SMF support forums to see if they have any good information on how this is happening and how to prevent it in the future.

www.rvweb.net/smf/index.php

This line is the indicator of where the email originated from:

X-PHP-Script: www.rvweb.net/smf/index.php [nofollow] for 72.254.128.202
*************************************************************************************

As I stated earlier, I thought I had resolved the issue by upgrading from RC2 to RC3 and it stopped for a month.

Also, when  the problem initially started, I modified the SMTP account for the forum to another email and the garbage promptly started coming from same.

[rd]

Install better CAPTCHA and check, I don't think it'll do any good though.

Go to mod site and grab reCAPTCHA mod and install it

[kb4ob]

I had a Captcha mod installed on my older RC2 in addition to another anti-spam mod that actually forced users to answer 2 obviuous questions at registration and it made no difference.
I also have all avatar uploads disabled and don't really have that many active users on the forum.

[Kindred]

1- that link to the jpg is 403-forbidden.
2- please include the actual email... including headers as a text file.
3- what are your settings for email visibility to guests? What about the permissions for the ability to report to moderator?

"sent from index.php" just means that they used some feature of smf to send the email (do you have a "contact us" mod installed?)


What mods do you have installed?