hack or virus?

  • Resolved sventje

    (@sventje)


    11 years, 2 months ago

    I got a mail from a friend asking me why he is receiving emails from our site through the contact page.
    He send me one of them and yes those are spam.

    the thing is that I have a captcha installed, and this honeypot plugin to the contactpage.
    The contactpage is in 4 languages.

    Since he had send me the mail I have changed the contacpage and gave it a new core name.

    Seems he keeps receiving the mails. Actually in his primary language.
    An important detail is that the man’s email adress is not in any way added to the list of receivers in the contactform’s setings

    Someome got suggestion?

    I’m using contactform 7, simple captcha and honeypot

    Thanks

Viewing 7 replies - 1 through 7 (of 7 total)
  • Moderator t-p

    (@t-p)

    first off, try scanning your site for malware: https://sitecheck.sucuri.net/scanner/

    Thread Starter sventje

    (@sventje)

    Hi there Tara,

    I did that already and nothing came up.
    But thanks for the suggestion

    Tell him to send the headers of that email. Check if these headers contain the IP address of your mail/web server.

    It isn’t required to hack a server to send emails with that domain in the “From:” address.

    Recently received a SPAM email from “[email protected]” inviting me to download a malicious plugin. That doesn’t mean this site was hacked.

    Thread Starter sventje

    (@sventje)

    Hi there,

    Thanks for the reply.

    the thing is not just the sender, but the layout of the mail looks like the layout of the mails received from our contactpages.

    I did a test through a contactform and there are some difference.
    but it is very convinsing looking alike as if it came from our contactpage.

    How does one stop one like that?

    The layout doesn’t matter, anyone who knows it can create mails like that.

    As I said before look at the headers of your original email and the one your friend is receiving. Search for the “Received:” part.

    The notification emails I receive from WordPress forum contain this 

    Received: from mail.www.ads-software.com (mail.www.ads-software.com. [66.155.40.19])
        by mx.google.com with ESMTP id tr4si21500394pab.208.2013.12.26.09.28.30
        for <myemailID>;

    You can also check your mail log.

    At what interval is your friend receiving emails?

    What plugin are you using for this contact form?

    Thread Starter sventje

    (@sventje)

    Problem solved.

    I overlooked a certain un-secured contactpage on the site.

    Thanks for helping

    Moderator t-p

    (@t-p)

    Glad you got it sorted ??

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘hack or virus?’ is closed to new replies.