Is there a way to disable the Forward Message web page?

Somewhere it appears that a spam bot has gotten ahold of a link for Forwarding one of our campaign messages. It’s always the same message.

We don’t really use/need the Forwarding page, though. Is there a way to turn it off altogether? Or at least to disable it for a specific message?

(Yes, I can remove the links from new emails, but that doesn’t stop existing links from being spammed.)


@J8334SWC This is probably most effectively done by an Apache htaccess directive to block the page.

OK… do you happen to know but what ‘page’ it is? The URL for the forward function is just a query parameter passed into…the main PHPList location on our site.

I was hoping that there would just be a PHP file I could rename. :slight_smile:

@J8334SWC This should block access to the forward page

RewriteCond "%{QUERY_STRING}" "p=forward"
RewriteRule ^.*$ - [F,L]

That needs to go in the .htaccess file in the “lists” directory.

1 Like

Thanks! That appears to have done the trick - I get an error 403 - Forbidden now.

Well darn it… I’m stilling getting messages that a campaign was forwarded.

<email> has forwarded message 358 to <other email>

It’s always the same campaign - one from a number of months ago. So could the bot have recorded the specific URL somehow, and not be going through a PHP processor to get to the page? Or could it have recorded the specific page submission structure so that it’s not even using the forwarding page, but submitting directly to the backend process?

@J8334SWC Can you look at the web server access log to see the request that caused phplist to send that email. You should have a time to help narrow down the search.