Howto disable MailTo component
Monday, 13 December 2010Early September the website Websecurity.com announced an insufficient anti-automation on Joomla! websites (source: http://websecurity.com.ua/4549/). More simply put: Joomla! can be abused to automate a certain task, while this should actually be fixed. The announced vulnerability deals with sending spam:
The weakness
Using a link as constructed below it's possible sending spam to a random emailaddress. And with insufficient anti-automation - in other words: without something to prevent this - one can automate this URL to send large quantities of spam.
http://JOOMLA/component/mailto/?tmpl=component&link=1
Joomla! developers have already been informed about this issue in September 2010.
Solution
There is a very simple (but effective) solution to solve this issue for your website: You just have to unpublish the component MailTo (assuming you are not using it anyway). Follow the steps shown:
- login to Joomla! administrator
- goto Extensions >> Install/Uninstall
- goto tab Components
- scroll down to component = MailTo
- click on the green tick so it changes to a red circle with a white cross
- done
With this simple solution the component MailTo is now unpublished and therefor not reachable. Note: With this solution it's not possible to use the Mail-a-friend functionality in an article anymore. But in our opinion that's less important then being accused of sending spam.