Tips and Tricks HQ Support

Support site for Tips and Tricks HQ premium products

Help with security issues from debug log made public

by

Tips and Tricks HQ Support Portal Forums WP eMember Help with security issues from debug log made public

Viewing 7 posts - 1 through 7 (of 7 total)
  • Author
    Posts
  • August 14, 2012 at 9:46 pm #7173
    onerock.scott
    Spectator

    I had a debug log that I inadvertently posted in pastebin. What security issues are now opened up that I need to be concerned about? I see the following listed below. Thanks in advance for all your help in this matter.

    1) I have already disabled and changed my Mailchimp API.

    2) I need assistance to disable the links that look like this

    3) I have displayed several email addresses.

    4) I have displayed several eMember usernames, but appears no passwords.

    5) Anything else that I need to be concerned with?

    August 15, 2012 at 1:11 am #48415
    Ivy
    Member

    That covers the important information in the debug. The rest are just the steps the plugin took to complete the processes. Simply disable the debug info once you done debugging an issue and everything is working.

    August 15, 2012 at 2:13 am #48416
    wzp
    Moderator

    Any idea on how your debug logs got onto pastebin? You might also consider disabling debug logs, unless you have a need for them.

    August 15, 2012 at 1:33 pm #48417
    onerock.scott
    Spectator

    The logs were only enabled for a short time while troubleshooting a supposed mailchimp issue. Yes, I do know how the got there and lessons were learned. How do you disable the links that are in the logs? If clicked, it appears that an email is sent.

    August 15, 2012 at 11:11 pm #48418
    admin
    Keymaster

    There should be no link in that debug which can be used to send an email automatically. You may be referring to what happens when you click on an email address. The browser automatically opens up the email editor when you click on an email address. This doesn’t mean that the email actually gets sent. Its the same behavior if you place your email address on your contact us page and someone came and clicked on that link.

    If you are referring to some other link please post an example of that link here so I can check it (I will delete the link afterwards).

    August 17, 2012 at 12:22 am #48419
    onerock.scott
    Spectator

    There is one of these links for each user that registered in the eMember debug log.

    href=”http://kidsfashionpassion.us5.list-manage2.com/subscribe/send-email?u=4c38862681c33dfb160f5aa8d&id=1e89f1bc67&e=ZGVtaWRpb25AYW1lcml0ZWNoLm5ldA==”>Click here to update your profile.

    It seems to be linked to Mailchimp if you paste it into a web browser. I would like to verify what this does and how to disable it, if necessary.

    August 17, 2012 at 12:48 am #48420
    wzp
    Moderator

    It seems to be sending an email to whatever hashed email address is associated with the query string; containing a link to allow that user to update their preferences.

    At the very worst, that user will receive a lot of false emails, every time someone or something transverses the link. But at least their actual email address is protected.

  • Author
    Posts
Viewing 7 posts - 1 through 7 (of 7 total)
  • You must be logged in to reply to this topic.