Greetings,

My client has received some strange logs in the Drupal "recent log entries" related to the simplenews module which we are having trouble understanding.

We are seeing log messages from the "Vistor" user like these:

simplenews Nov 21 2011 - 8:25am 172 emails sent in 52.2 seconds, ... Visitor
simplenews Nov 21 2011 - 8:25am Outgoing email. Message type: node Visitor
simplenews Nov 21 2011 - 8:25am Outgoing email. Message type: node Visitor

The "Vistor" text is not a hyperlink, like if a regular authenticated user had performed the action. The log title is a hyperlink, for instance if you click on "172 emails sent in 52.2 seconds" give you a page with this information:

Details
Type simplenews
Date Mon Nov 21, 2011, 8:25am
User Visitor
Location http://marvistacc.org/poormanscron/run-cron-check
Referrer http://marvistacc.org/cityservices?phpMyAdmin=F13nQ0wF-tEEWXq94VJXVpkZtZ5
Message 172 emails sent in 52.2 seconds, 0 failed sending.
Severity notice
Hostname 96.229.138.144
Operations

Or if you click on one of the log entries for "Outgoing email. Message type: node", the next page will display details like these:

Details
Type simplenews
Date Mon Nov 21, 2011, 8:25am
User Visitor
Location http://marvistacc.org/poormanscron/run-cron-check
Referrer http://marvistacc.org/cityservices?phpMyAdmin=F13nQ0wF-tEEWXq94VJXVpkZtZ5
Message Outgoing email. Message type: node
Subject: [MVCC Green Committee Announcements] What's Happening at the Green Committee?
Recipient: [email address omitted for privacy] Sent via Mime Mail
Severity debug
Hostname 96.229.138.144
Operations

Under permissions for this module we see these rows:

simplenews module

administer newsletters
administer simplenews settings
administer simplenews subscriptions
send newsletter
subscribe to newsletters

The "administer simplenews subscriptions" and "subscribe to newsletters" are checked for anonymous users, but other config settings are only enabled for admin users.

We find the "phpMyAdmin" in the links disturbing. phpMyAdmin is not installed on the system (A VPS, running Debian 6.0, up to date patch level, Drupal 6.22/latest stable modules). We don't understand what "message type: node" means? Our main concern is that somehow an unauthenticated user is able to send emails through the module?

Can someone help interpret this log, and verify there is not a misconfiguration or bug involved here?

Comments

simon georges’s picture

simon georges commented
Assigned: Unassigned » miro_dietiker

Miro, do you understand what is happening?

miro_dietiker’s picture

miro_dietiker
Location Switzerland
commented
Assigned: miro_dietiker » Unassigned
Status: Active » Fixed

If you enable debug mode of outgoing mails, you'll see one debug line per outgoing mail sent.

You're using poormanscron which is executed as Visitor here. Nothing to bother.

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.