I have a problem that i've been trying to figure out, but can't seem to fix. Perhaps someone here has had this problem before and knows a solution.
Problem:
Recently noticed the contact form on my website does not work reliably. The issue is, sometimes the form submits successfully, and sometimes not at all. When the forms are not successful, there is an error page displayed but does not list any error information so difficult to know what the problem is. It has been like this for over a month now.
Situation:
Prior to the above, there were no changes, updates or edits to the website, server or email app and all form submissions from the website were 100% successful. The website is hosted on digital ocean. We use outlook office365 for receiving form submissions from the website.
What we've tried so far:
We have set up a temp sendgrid account and used smtp settings from this 3rd party to send contact form from website. This seemed to resolve the problem.
BUT! We would prefer to continue to use outlook office 365 instead of setting up with another 3rd party.
Likely cause of problem:
So it seems, the issue probably has something to do with smtp settings for outlook office365. We've checked our settings, and everything is as it should. If it wasn't then we wouldn't be receiving any forms summited from the website at all. We are able to receive some form submissions and not others. You can test it out on our website contact page to see exactly what I mean.
https://www.miscea.com/en/contact
We've tried adding the website IP to the SPF records in the DNS.
We also tried adding website IP to Office 365 IP allow list.
Does anyone have experience with this kind of problem specifically with outlook office 365 and digital ocean? If more information needed, let me know.
~ Khanh
Related
Running Laravel 8 with Fortify.
I am running into an issue with outlook web mail adding strict-origin-when-cross-origin in the headers when clicking on a link that comes in an email from my web server. This is causing your session to be dropped and if you were already logged in you are now logged out.
Also, if it is a link like mysite.com/dashboard/editor/1234 you are redirected to mysite.com/login. Once you login you end up going to mysite.com/dashboard instead of the original link. The problem with this is if you receive a notification to go view something in the editor, you can't find it because the id '1234' is lost in this translation.
Through a desktop mail app this isn't a problem but it is a problem only through outlook web mail that I have found so far.
What would be a possible solution?
I have tried a solution I thought would work at How to Solve CORS error in accessing laravel routes but nothing in that conversation lead to any results on my end. I tried everything suggested and nothing worked.
So I have a very simple form with just 2 fields that submits on the staging site, tested and got my clients to test and everything was fine.
Uploaded exactly the same code to the live site and it works for me but my clients just get the same empty form after submitting instead of the intended thank you message that should be showing in its place...there are no error messages and I can't seem to replicate this anywhere other than on the live site and i don't want to turn debugging mode on there.
I have also checked the host for error logs but unfortunately the host doesn't seem to have this feature.
How do I debug this or any information as to why it wouldn't be working would be super helpful.
I have gotten clients to hard refresh and clear browser cache. They have tried on multiple machines and in different places with the same result.
If you would like to take a look the staging site is here: http://ams.staging.gooi.ltd/
It's the Newsletter Sign Up button in the top left. This has been working for everyone that has tried though....like I said...only seems to not work on the live site for some people.
I received email from Google search console saying my website contains social engineering contents. Sample URL is,
http://www.sanenthusiast.com/~stechies/Blessin/ba/index.php
Safety tip For your own safety do not type anything in the page.
Somebody hosted a mockup site of Google drive login page on these links. How to get rid of this? I have thoroughly checked my webserver an I dont see any of these folders or files. Looks likes ~stechies/ could be some other webserver and I guess using Apache they have pointed ~stechies/Blessin/ba/index.php and ~stechies/Blessin/ba/ to my webserver sanenthusiast.com/?
Is this correct? It will be of great help if someone could help to stop this redirection.
I checked who owns stechies and found https://www.stechies.com/ Are they behind this phishing scam? Or possibly someone else has hacked them?
Edit:
Another user in stackoverflow posted similar issue on his site - Someone put malicious code with "~" on my website
Tried all possible ways to mitigate the issue. But it was very hard to get rid of the URL redirect. My site runs on WordPress. I can confirm that WordPress was intact and not compromised. The possible issue is with the hosting account or the hosting provider itself.
Checked hidden file in the hosting account root directory, no where ~stechies/Blessin/ba/ to be seen. Finally I ended up migrating to a new hosting provider. Copied only mail and WordPress backup. Once done, the URL redirect is not working now. Submitted my site again for review and Google cleared the error and no more warning comes up.
This still not a effective solution but Google reporting Social engineering content on the site caused panic and I had very less time to respond.
I have done several searches, and I'm not entirely sure what the problem is. Im using bootstrap and a php contact form for a user to input data. This was my reference to building that form: http://rosstanner.co.uk/2012/11/build-simple-contact-form-html-php-bootstrap/
Im able to successfully post in the form, and receive my success or failure alert. However, the email is not actually being sent. My email is in the php file that the form is being redirected to, but is not receiving anything (yes I have checked my spam).
I want to check if there is something server side I am missing (module wise for php). I've just installed LAMP and left it at that. The site works fine, but the form wont post an email.
Thanks!
Without seeing your setup and code, and by looking at the link in your post, I would guess that your PHP.ini file is not setup.
For PHP to be able to send a mail it will need to use an SMTP server. I know a lot of people use Googles (if you have an account) as it's pretty trusted.
There is a great article on setting up your PHP.ini file below:
http://www.quackit.com/php/tutorial/php_mail_configuration.cfm
Another alternative is to install your own mail server. But I wouldn't necessarily recommend this due to problems with SPAM if it is not secured properly.
I'm trying to continue building up an email tracker - successfully done GMail Yahoo and several web clients. Now I'm stuck with AOL webmail.
Trying the usual methods of using HTTP_REFERER, HTTP_USER_AGENT and REMOTE_ADDR have all yeilded in showing my details and nothing for the referer.
Upon further inspection, it seems that AOL's Webmail somehow is loading the messages into an iFrame where the content is local.
Is there anyway to get the referer and still show the image - I did think of using javascript's parent method, though this would stop the tracker pixel/web bug from appearing. Besides, it wouldn't load in web clients.
I would appreciate any help. I also would like to know if AOL's Desktop Email had a User Agent string - I haven't looked on Google just yet (though finding User Agent's for email clients is difficult - still hunting for Outlook versions prior to 2007).