Jump to content

spam open tickets if you have a user with no email address


Recommended Posts

I think I found something that may or not be known.

 

I have whmcs configured to only allow registered users to open tickets.

 

I recently removed a registered account's email address temporarily.

 

Now any spam messages that come to any of my support/sales addresses are getting tickets opened under that user's name (since he/she doesn't have an email address specified).

 

v 3.2.1

Link to comment
Share on other sites

You can just add that e-mail to your blocked e-mail list and ask that your client use a new e-mail address. Explain to them why they can't use that current address with your system.

 

I wanted to remove the email address from that profile entirely because it's in the process of owner transfer. So I removed it so nobody could get the login details for the moment.

 

But it seems logical that if you have it ticked to only enable registered users to email tickets, that a blank email address should not trigger every email to open tickets, right?

Link to comment
Share on other sites

Key word: enable registered uses to email tickets. The user is still essentially registered.

 

If it's going through an owner transfer, why are you just not having the owner create their own FRESH account? WHMCS has the ability to allow you to transfer items to another account very easily.

Link to comment
Share on other sites

I agree with your suggestions but I'm not sure you're understanding my point.

 

Because 1 profile is missing an email address, any email address in the world can open a ticket. That seems like it could be easily fixed and maybe is an oversight.

 

That means any user could remove their email address (not sure why they would) and cause spam flooding to the support system.

 

That was more of the reason why I opened this post. :)

Link to comment
Share on other sites

  • WHMCS CEO

By having a client with no email address entered, the only thing that could be happening here is someone sending in an email with a from address of nothing "" and thus that being assigned to this user. It shouldn't mean just any address can open a ticket.

 

Matt

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated