In front of my email address is another email address.
[email protected] <[email protected]>
How do I get rid of the address preceding mine.
Help
]]>The mail server is getting hacked, sending thousands of emails out using our site domain.
Any form we have on the site which gets submitted sends an email to an internal mail address, followed by an immediate DB insert. I’ve checked the DB and there have been no inserts of spam at all. In any case, I removed the forms, and the spam was still occurring.
We have the BPS security plugin which has pointed to suspicious PHP files in the root /uploads and /wp-content directories (5 files so far).
Has anyone had something similar? Or can point me in the right direction? I can update the core to the most recent version as well as all plugins.However, after that point I am not sure how to isolate where the leak is…
Thanks for any help!
]]><a style="text-decoration:none" href="/buy-wellbutrin-sr-paypal-payment">.</a>
The links are obviously 404 because the pages don’t exist. I’ve run scans of the plugins and pages. I found a few outdated codes on legacy.php but all the plugins passed. I also got this warning:
hashes-4.4.2.php missing
The file containing hashes of all WordPress core files appears to be missing; modified core files will no longer be detected and a lot more suspicious strings will be detected
As well as some unknown files like the following, which I assume are plugin additions?
wp-includes/rss-functions.php
Unknown file found in wp-includes/ or wp-admin/ directory.
wp-includes/class-wp-customize-section.php
Unknown file found in wp-includes/ or wp-admin/ directory.
wp-includes/class-wp-widget-factory.php
Unknown file found in wp-includes/ or wp-admin/ directory.
wp-includes/class-feed.php
Unknown file found in wp-includes/ or wp-admin/ directory.
wp-includes/pomo/entry.php
Unknown file found in wp-includes/ or wp-admin/ directory.
wp-includes/pomo/streams.php
Unknown file found in wp-includes/ or wp-admin/ directory.
wp-includes/pomo/translations.php
Unknown file found in wp-includes/ or wp-admin/ directory.
wp-includes/pomo/mo.php
Unknown file found in wp-includes/ or wp-admin/ directory.
wp-includes/pomo/po.php
Unknown file found in wp-includes/ or wp-admin/ directory.
wp-includes/post.php
Unknown file found in wp-includes/ or wp-admin/ directory.
wp-includes/class.wp-styles.php
Unknown file found in wp-includes/ or wp-admin/ directory.
wp-includes/http.php
Is there a way to find out where these bad links came from, because it sounds like the exploit that was reported with 4.4.1? And is there an easy way to do a global clean of the pages? 1000 404’s is really bad news… The site actually has only about 10 pages.
Also, I found errors in something that looks like shared/email? – fail…. The site has no active comment section. Only a Simple Contact form.
]]>I’ve run so many spam tests on the site and nothing comes up as suspicious. I’ve installed WP Security and Anti-Malware Scan and Askimet and CleanTalk – and everything shows up cleaned and scrubbed. I have no idea what to do or what’s happening but I would like to get rid of the porn words that keep appearing on google webmasters.
I checked my .htaccess and did find a redirect code that I deleted. I don’t know what else to do!
]]>I just logged-on to my site (plutaoanao.ricjo.org) to find I had a post spam, as in – someone posted on my site with a link to https://www.ilerigel.net/.
I’ve deleted the post now, but you can see a print-screen of it here:
https://tiny.cc/wbbyr
I was on version 3.0.5 and immediately updated to 3.1 earlier today when I saw the post. I have all my other sites always up to date – I only left this one out because I’m always afraid it may screw my podcast, so take longer to backup database, etc.
Basically, is this undoubtedly proof that my site’s been hacked and therefore should follow this:
https://codex.www.ads-software.com/FAQ_My_site_was_hacked
or should I be OK now I’ve upgraded? I’ve been on WP for years and never had such a problem.
Thanks for your help guys.
Ric
]]>https://domain.com/?a=buy-drug-name
If I alter the request, like:
https://domain.com/?a=buy-drug-namez
I get a 404 that is NOT served by my server:
Not Found
The requested URL /files/buy-cialisz.html was not found on this server.
Apache/2.0.59 (FreeBSD) mod_ssl/2.0.59 OpenSSL/0.9.7e-p1 mod_perl/2.0.3 Perl/v5.8.8 Server at feed2.pills-searches.com Port 80
How is this hack working, and what can I do to fix it?
Thanks much.
The blog is up to date with 2.2.2. What mechanism in WP uses URLs with this format? Anyone know how this hack might have occurred?
]]>