CcMail 1.0.2 released with critical security FIX
Posted by in Hardware & Software, Sticky. Tags: ccmail, web.
This minor release fixes a known problem reported here, that allowed a remote attacker to easily grant access to the admin area. Steps to reproduce the bug are reported in the page. Update is HIGHLY RECOMMENDED.
I also added some other language packs and updated some broken links.
Update CcMail
Updating CcMail is easy and recommended:
- download the new version
- unpack it
- overwrite the contents of your ccmail/ installation folder with the ones of the new version, but…
- DO NOT OVERWRITE data/ folder or config.php file, where data are stored.
- run admin.php
Download version 1.0.2
You can download the new version here: CcMail 1.0.2 (318.8 KiB, 34,329 hits)
May 25th, 2008 at 22:16
uploaded new version. Login, then directed to encrypted page called protect.php. Can’t get to admin.php anymore …
May 27th, 2008 at 02:12
Hi,
I am trying to update my ccmail, but am getting errors that look like this when I try to log in as administrator or in my usual way:
Admin$1$cocqFgR6$s9nAJiFvVDkzQbAbxeQSY/$1$m6kEvydC$hke6EPlanhcYu/Srsdp6M1
Warning: Cannot modify header information - headers already sent by (output started at /var/www/html/ccmail/protect.php:118) in /var/www/html/ccmail/protect.php on line 120
Warning: Cannot modify header information - headers already sent by (output started at /var/www/html/ccmail/protect.php:118) in /var/www/html/ccmail/protect.php on line 121
Warning: Cannot modify header information - headers already sent by (output started at /var/www/html/ccmail/protect.php:118) in /var/www/html/ccmail/protect.php on line 122
What have I done wrong? (I didn’t replace the data folder or the config.php file, and followed the instructions very precisely)
May 29th, 2008 at 16:48
Hi,
Have you informed your users about the vulnerability and about the update? Please do it If you have not done so already. Thanks!
I am afraid I did not receive a notification and was lucky enough to learn about the problem just by chance.
best regards
Andreas
May 30th, 2008 at 08:48
i only informed people subscribed to my mailing list. i was informed about the bug only one month after it was discovered.
May 30th, 2008 at 21:20
Hi,
I downloaded the latest and set it back up on the webserver. I still get the same problem, goes to protect.php and outputs this string:
admin_user$1$ZbQqaUH3$ftmKa.PlfjoG.mOvE8V/l.$1$MCXKJltp$ShEGC/EWhnwar3TVaQOw3.
June 2nd, 2008 at 08:34
i can’t use schedule, can you tell me more information for use schedule ?
best regards
Tik
June 2nd, 2008 at 08:36
again
in your website have forum?
where? i can’t find.
June 3rd, 2008 at 08:43
@Richard Long : please make sure to download the package again and replace your protect.php file with the newer one.
@Tik: the embedded handbook should provide the info. there was a forum but it was disabled due to spam.
June 11th, 2008 at 09:05
hello
i Schedule 6000 email and i staying for send
but the script didnt send automatically
its the picure
script stay here and i don know what shoud id Do?
http://tinypic.info/files/tgacvmlhv090skf8vlnp.jpg
June 19th, 2008 at 08:12
Hi, I’m trying ccmail for the site of my association but probably I misunderstood the meaning and the functionality of this software, because I am looking for something that allows me to create a mailing list, so that every user could write an email to a common address and everybody who is inside the list will receive that mail. Is it possible with the current version of ccmail?
for the rest (i.e. sending newsletter) I found it very nice. Thank you!
marco
June 19th, 2008 at 09:18
@hadi: from ccmail manual: “Scheduling is executed automatically when you open schedule.php (ccmail/ folder). ”
@Marco: you can get this functionality by giving everyone admin rights, that is creating a lot of admins… but you have to edit config.php file by hand for every user. a simpler solution would be everyone sharing a common account…
July 2nd, 2008 at 17:40
Hi, one bug - I can’t send letters in Russuan or Ukrainian languages - I’ll try to do something with encoding now, and post results later
July 10th, 2008 at 08:19
Hi cico.
It is great tool for sending mail,May i know the maximum number mail that can be send in a mass mail through ccmail and waiting for your mysql supporting version
Thank you
July 16th, 2008 at 17:55
what is the limit for email address. I got a list of 160000 that I want to import to ccmail. The Mailing List Manager CCMail will support that?
thanks
July 16th, 2008 at 17:58
Just one more question: When I delete a user, is he removed forever from the server?
thanks a lot
July 16th, 2008 at 20:24
hi joe, i’m sorry but ccmail is unable to manage such a number of people. this is mainly due to text database - which is at the same time its strenght point. consider a maximum of 10000 users, even though it depends on the server.
as for the second question yes, deleted users can be restored.
July 17th, 2008 at 21:31
How do I send a HTML email? I’ve tried to put a html script in the html field but doesn’t work.
July 21st, 2008 at 18:28
Ok, I got it about html. But now I tried to hide a Group and comes this message - Notice: A non well formed numeric value encountered in /home/a8208115/public_html/ccmail/functions/groups.php on line 60
Can you help me?
Thanks
August 16th, 2008 at 11:23
Hi Cico,
thanx for the script. just what I was looking for.
just one question: is it possible to make an html template that you can (re-)use for the mail, like a newsletter?
September 15th, 2008 at 18:57
I’m getting this same message as Joe:
Notice: A non well formed numeric value encountered in /home/*********/public_html/ccmail/functions/groups.php on line 60
September 27th, 2008 at 13:15
Hi, I tried installing ccmail (v1.0.2) but got this error message.
Could not write file /usr/local/psa/home/vhosts/groin-hernia.com/httpdocs/ccmail/data/key.php!
I looked in the data directory and there is no file called key.php. Is this a bug?
October 1st, 2008 at 22:28
I receive the following error when I try to login. I uploaded a clean config.php file again and set the permissions.
delete ‘/functions/lock’ file by hand
I’m a newbie with this so any help would be appreciated.
Thanks,
Dawn
October 8th, 2008 at 15:28
I recently moved a domain from one of our customers to a new hosting provider.
After copying all the files it seems the mailinglist has gone in ecryption-mode.
All new added adresses are decrypted correctly, but the original list stays encrypted.
I have no clue how to retrieve the original mailinglist.
Anyone got an idea ?
Thanks in advance
Galax
October 8th, 2008 at 16:04
dawn, just delete that file.
galax, you should find the original key, that you can find in the file “key.php” inside the data directory.
November 1st, 2008 at 03:01
Hi Cico:
I tried to run your script.
This message appears when I run ADMIN.PHP:
Notice: Undefined variable: HTTP_SERVER_VARS in /home/content/m/e/r/merkarey/html/hicksdeco/ccmail/config.php on line 48
Warning: Cannot modify header information - headers already sent by (output started at /home/content/m/e/r/merkarey/html/hicksdeco/ccmail/config.php:48) in /home/content/m/e/r/merkarey/html/hicksdeco/ccmail/protect.php on line 118
Warning: Cannot modify header information - headers already sent by (output started at /home/content/m/e/r/merkarey/html/hicksdeco/ccmail/config.php:48) in /home/content/m/e/r/merkarey/html/hicksdeco/ccmail/protect.php on line 119
Warning: Cannot modify header information - headers already sent by (output started at /home/content/m/e/r/merkarey/html/hicksdeco/ccmail/config.php:48) in /home/content/m/e/r/merkarey/html/hicksdeco/ccmail/protect.php on line 120
MI site is “Merkarey” but I have a domain “hicksdeco.com” pointing to the folder “hicksdeco”
Any clue??
Thanks man.
Mexico.
November 5th, 2008 at 23:03
Hi and thanks for your work. I was wondering if it would be possible to include the name of the recipient in the newsletter ie, Hello, {name}
Thanks.
November 18th, 2008 at 18:02
Hi.
What would cause ALL three mail funtions facilities to fail?
1`. Using php mail reports message sent but nothing is sent out.
2. Send mail: returns message that mailw as sent but underneath is the error message “The system cannot find the path specified” … I can find nowehere in ccmail to change the sendmail path
3. Using smtp: despite having a valid smtp account for this, ccmail just says ‘cannot connect to smtp server’
???
Regards
November 23rd, 2008 at 17:02
No matter what I try, I cannot import a simple text file or csv of the 500 email addresses in my former software. Is there a trick?
November 27th, 2008 at 12:53
Good script,
I am trying to import a simple txt list of 500 users
Format is
Name@email.com
name@email.com
etc..
There is no comma, or any other information, but the system doesn’t seem to import the list.
I checked that allf older are 777 etc.
can you help thx
November 30th, 2008 at 13:04
Hi, Cico,
your ccmail is a nice program. I am using it for a small mailing list with Cyrillic coded messages. I have to change some places of the original code to change character set to Cyrillic one. If you are interested I am ready to send you the information.
On the other hand I can’t understand your groups logic - please excuse me - where I can get the information how to choose the addresses of a particular group as mail receivers and/or how to set the address being linked to a defined group.
Any attempts to contact you by mail were hopeless sorry.
lev
November 30th, 2008 at 15:04
as far as i can remember, you can include the address of the recipient with: [--ADDRESS--]
November 30th, 2008 at 15:17
@Keith: sorry, no idea. maybe your provider is blocking emails (not so strange)?
@Ray, devmast: no tricks, import should just work. it works in my own installation, just using Import->Generic Text File
November 30th, 2008 at 15:21
@Lev: you can link the address to a group (or more than one) using the interface in ccmail’s home page. the built-in help should provide all the info
November 30th, 2008 at 18:22
I set up the package and imported 1800 email addressess successfully. I wrote my HTML mail and then sent them. It took a while and then I got this error message:
Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.
Please contact the server administrator, webmaster@etcccs.com and inform them of the time the error occurred, and anything you might have done that may have caused the error.
More information about this error may be available in the server error log.
Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.8i DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 Server at http://www.etcccs.com Port 80
Also, there is a problem with your site, because where it says to sign the guest book with problem it takes you to guestbook/sign.php and then it says 404 Error page not found, so it took some time to find this to enter a comment.
Andrew
December 6th, 2008 at 11:09
Sorry for badly formulated question.
I need way to decide the following tasks.
I have a few (to say 40) groups each having 10-100 subscribers. For each group I have a list of addresses in some of traditional forms.
1. I need to import these lists to named groups (for example, Moscow group has 80 habitants of Moscow, Novosibirsk group has 40 habitants of Novosibirsk).
I do not know how to import the addresses to the Moscow or to the Novosibirsk group.
2. For me it is better to have the address in the form name-address (and even include the name in the first string of each letter - like Dear Cicoandcico!).
I do not know how to import the addresses in the form name-address to ccmail at all.
3. It seems the including Name (not the full address) in the first string of the letter is impossible (or have I missed something?).
4. How I can send the message to the particular group? - I can add only all addresses to the recepients lists (or have I missed something?).
5. Do you don’t need the Character set changes I have made for Cyrillic?
lev
December 7th, 2008 at 17:31
hi,
I have ccmail-1.0.2 installed on centos 5.2 server. To send mail is ok but I can’t attach attachments. This wil not work with centos.
With Ubuntu no problem. Do you have a fix for that?
December 19th, 2008 at 04:11
Notice: Undefined variable: HTTP_SERVER_VARS in /home/content/c/o/l/colsac/html/mailer/config.php on line 48
how do i fix this?
January 17th, 2009 at 07:41
Dear Cicoandcico,
questions are 1 and 4 are decided - if ccmail is cervicing more then two groups (!?) the list of groups is cerviced. Other questions are still pending.
lev
February 23rd, 2009 at 18:08
Ciao ho trovato questo script su HTML.it, e l’ho subito trovato fantastico!!! Bel lavoro!
Solo una cosa ho un enorme problema: ho scaricato il pacchetto, editato il config.php e spostato nella cartella del server che sto usando (Appserver, sotto windows), che ha php alla 5.3.2. Quando inserisco i dati per il login però la pagina non cambia! Nel senso che si ricarica sempre admin.php, e non mi fa mai realmente accedere alla pagina di configurazione. Non riporta nessun errore su username o password, ho provato anche ad usare quelli di defaul (demo - demo) ma niente da fare, non completa il login.
Mi puoi aiutare a risolvere questo problema??? Perchè dalla demo risultava un’applicazione molto interessante, e ne ho anche un gran bisogno!!
Grazie!
February 24th, 2009 at 22:55
Hy… i can`t import the simple text list.. with 2 emails..:| what is the problem.. try it .. http://piromobile.org/poker/admin.php user demo pass demo … tell me what is the problem… i make chmod to data folder 777
and to all folder in data..help me please because i like this script
February 25th, 2009 at 11:15
Dear Chico, excuse me for bad english, I try to use your fine script Ccmail, but running admin.php I had the following error:
PHP Notice: Undefined variable: HTTP_SERVER_VARS in D:\ilmaestrodicasa.net\ilmaestrodicasa.net\ccmail\config.php on line 48
could you help me to resolve it?
Another little question: How I can set laguage to italian?
Sergio
March 18th, 2009 at 12:31
Cant attach file and import contacts.
Able to send emails.
Running it on Fedora.
Thanks
April 7th, 2009 at 08:03
Hi there!
Great script, but I get the message:
Notice: Undefined variable: HTTP_SERVER_VARS in /home/virtual/nonflavour.com/public_html/ccmail/config.php on line 48
I tried to change line 48 to: $_SERVER['PHP_SELF'];
but it didn’t work.
Would be thankful for all the help I can get from you!
Cheers
Chrille, Sweden
April 17th, 2009 at 18:57
hi, i report some problems.
links doesn’t work when i use online html editor, it compose weard. i need it be simply click here also when i link picture, it should be
otherthing, background color function doesn’t work on the online html tool box.
also suggestion.
when i put picture, it’s good if there is a browse button instead putting url.
April 18th, 2009 at 18:46
Hello,
I am having trouble trying to set up CcMail on my website. The website
is AJAX interface and the installation instructions you gave don’t seem
to work. The company that hosts my website is weebly.com Could
you tell me if it’s possible to use CcMail on their server and if so
some slightly easier instructions on how to do so?
Thanks!
April 29th, 2009 at 12:50
Hi there,
I think this script is really good thanks but i have one issue, no matter how i write a generic txt file it will not import i have a few thousand emial addresses to insert and it will take ages to do it one by one. What format should the generic txt file be writen in??
Thanks
April 29th, 2009 at 15:01
When I run PHP 5.2.2, I can not add recipients to the mailing list for a given broadcast email. When i click on add all users, I see them populate, but then when I go to write the email, they disappear from the list.
If I start the email first, then proceed and select send as HTML / text, it states that I must first compose a message. When I change the server back to PHP4, everything works fine.
My problem is that I have to run php 5.x for the rest of my site, but it appears ccmail only runs on php 4.x.
Any suggestions would be appreciated.
John
May 3rd, 2009 at 20:44
Hi - it doesn’t look like responses are being answered by Cico for over six months now. I wish there was a better way to get support on this. I’d guess many of us would “donate” to get our questions answered.
I have the problem others have mentioned - I can’t import a simple text file with just email addresses on each line.
May 10th, 2009 at 19:44
Hi
I’m new to this. We have the CCMail script working fine but how do you add checkbox choices to the form? I know the html for the form, but what do you need to do to the script so that it recognises the checkboxes?
Hoping you can help.
Thanks.
May 19th, 2009 at 15:22
Hi im having a problem with my CcMail Script, I have a list of 195 subscribers. I sent a newsletter html layout and it showed that it was successfully sent but nothing was received. Could be a problem with the script or can it be my mail hosting server?
May 22nd, 2009 at 15:45
Hi cico,
I am having the same HTTP_SERVER_VARS issue, can you please help to resolve it?
regards,
Aziz
May 23rd, 2009 at 03:10
hi guys, as you can see i hadn’t had much time to answer to your questions, partly because it requires time and testing.
I try to answer to some random questions:
1) ccmail is not supposed, with the current layout, to manage NAMES besides email addresses. nothing can be done here, sorry.
2) no char map, besides occidental, is tested.
3) i have no fix for centos.
4) HTTP_SERVER_VARS on line 48 problem: edit php.ini file and set the variable “register_long_arrays = On”. This is necessary for php > 5.0. source: http://www.karakas-online.de/forum/viewtopic.php?t=1314&start=10
i definitely think ccmail has problems with some php 5.0 setups. I’ll tyr to further investigate but i can’t give any date.
Thanks you all for trying and using ccmail!
June 9th, 2009 at 15:13
Great script! Only a few issues i had to overcome to get everything to work…
A few comments up above are asking about the $HTTP_SERVER_VARS issue…my solution was to change it to just $_SERVER on the config script. Also, on the import script and the protect script i found errors. First, the protect.php was missing the opening and ending php tags. The import.php had $crypted_address_array spelled wrong and the $HTTP_POST_FILES variable was giving me trouble so i added…
if( !isset( $HTTP_POST_FILES ) )
{
$HTTP_POST_FILES = $_FILES;
}
to the beginning of the script. Everything works great!
June 9th, 2009 at 17:14
I get the error below, and no matter what I try, I cant get rid of it. Any ideas?
Fatal error: Call to undefined function key_gen() in /home/*****/public_html/ccmail/config.php on line 74