Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Exploited Scripts in WordPress Sends Spam - Page 2
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Exploited Scripts in WordPress Sends Spam

2»

Comments

  • @Francisco said:
    This is why we wrote out send mail script.

    Francisco

    Good call. SMTP is an option in WordPress via a simple plug-in and all other apps also have SMTP function. With the free certs my mail domain is even secured now and only uses SSL for smtp. I see no need for legit phpmail now except laziness to get smtp working properly.

  • SadySady Member

    @robohost said:

    @Sady said:
    Have a look: https://github.com/saadismail/wp-clean/

    MUST GO THROUGH BASH FILE FIRST BEFORE RUNNING THIS.

    inmotionhosting.com/support/email/exim/find-spam-script-location-with-exim has always helped me tracking down the directory where the mailer is.

    Last week i was cleaning wordpress with infected files, the inmotion command cannot detect it, when i look into the files there is just single line php with var without base64, my asumption is the hacker using remote domains to execute the php

    Commands in that inmotion tutorial is not about infected files. It checks in exim maillog & then shows directories from where scripts were executed to send emails & the number of emails that were sent from those directories.

  • @Sady said:

    @robohost said:

    @Sady said:
    Have a look: https://github.com/saadismail/wp-clean/

    MUST GO THROUGH BASH FILE FIRST BEFORE RUNNING THIS.

    inmotionhosting.com/support/email/exim/find-spam-script-location-with-exim has always helped me tracking down the directory where the mailer is.

    Last week i was cleaning wordpress with infected files, the inmotion command cannot detect it, when i look into the files there is just single line php with var without base64, my asumption is the hacker using remote domains to execute the php

    Commands in that inmotion tutorial is not about infected files. It checks in exim maillog & then shows directories from where scripts were executed to send emails & the number of emails that were sent from those directories.

    Yups i was try that commands and it's return /usr/bin/some folder and there is nothing there

  • DewlanceVPSDewlanceVPS Member, Patron Provider

    If you also provide reseller hosting and same customer violate your rule again and again then terminate whole reseller account.





    I think there is a function which notify you If anyone start sending to many emails. I can't remember which function allow this option to get notified If cross x amount of email per minute or hour.

  • I will check this.

    sureiam said: I see no need for legit phpmail now except laziness to get smtp working properly.

    There are some custom coded applications too which use phpmail. So I can't turn it off globally.

    DewlanceVPS said: get notified If cross x amount

    CSF will send notifications. I'm already using it.

  • FranciscoFrancisco Top Host, Host Rep, Veteran

    rsk said: But, I do not know what @francisco has to say? :P

    Personally I don't care too much. The system blocks the emails before they even send, so it doesn't matter to me. Once in a while I'll audit the log and throw in some htaccess rules on infected sites to clean them up, but thankfully with the new wordpress anti-brute i put in place it has cut down how many reinfections happen after a cleanup;.

    Francisco

Sign In or Register to comment.