Compromised MailWizz account - I can't delete it :(

Status
Not open for further replies.

dintchev

New Member
Hi,
I am sure that one of my MailWizz customer accounts is compromised but I don't know what to do? I have suspect sending of fishing mails from one of my customers account .. I am sure of this because I try to delete the account each day, also I am trying to change the pass, to delete lists etc but nothing.. Each day I see that the account still makes new campaigns and send to about 300-400 sunscribers from list called "Test_List". If I delete the list - at the next day is the same?? I tried to change the password of the account - the same. Also - the worst - at backend - at Login Logs no any data for logins for that user which mean that the user has affected some extension or he has injected some code at html ..o_O
Another thing - I put here a snap of the priceplan look of this customer. You can see that he has 3 current plans?!
Thanks
George
 

Attachments

  • Capture.JPG
    Capture.JPG
    109.6 KB · Views: 28
The only thing that will help you is removing the customer from database. Changing password etc will not work because the customer auto-logins, so your best bet is simply to delete the customer from backend area and then simply run the daily cron job which wiull remove everything from the system for that user for good.

Now, the more important part, you're violating the license agreement having customers but not having an extended license, so you will have to buy an extended license to continue using the application as you do now, please check https://kb.mailwizz.com/articles/what-license-do-i-need/
 
The only thing that will help you is removing the customer from database. Changing password etc will not work because the customer auto-logins, so your best bet is simply to delete the customer from backend area and then simply run the daily cron job which wiull remove everything from the system for that user for good.

Now, the more important part, you're violating the license agreement having customers but not having an extended license, so you will have to buy an extended license to continue using the application as you do now, please check https://kb.mailwizz.com/articles/what-license-do-i-need/
Thank you for answer, twisted! I will try that.
About the license - I have extended license - we spoke about this a month ago.. But you right may be you mean my developer test installation.. We used it just for tests. I removed already the licence from the second installation so now it should be really extended :)
 
Hello members, Unfortunately I have again the same problem with compromised account :( The same vulnerability as above..

How can I deny an IP for customer?
 
@dintchev - you can block it from .htaccess:
Code:
Order Deny,Allow
Deny from 123.123.123.123
You can send us FTP / DB / backend app access and the customer id and we can do some investigation if you wish, open a ticket :)
 
@dintchev - you can block it from .htaccess:
Code:
Order Deny,Allow
Deny from 123.123.123.123
You can send us FTP / DB / backend app access and the customer id and we can do some investigation if you wish, open a ticket :)
Would be interested in the outcome and further preventative measures please.
 
It was just a false alarm, @dintchev made a small mistake when configuring groups which lead him to believe a user account has been compromised.
 
Hi members! Yes, I confirm:) The mistake was mine - so no any vulnerability at account. It was just my customer did stupid things and I just delete him.
The mistake was just we were attached most of one priceplans to one Group. It should be different Group for each different priceplan. And because of that we thought that the customer change at some way his free priceplan to paid one:)
Thanks to @twisted1919 everything is ok!
 
Status
Not open for further replies.
Back
Top