Normally stable WP 4.2.2 site hacked – sending spam

  • the_enn

    (@the_enn)


    9 years ago

    We have a WP 4.2.2 site hosted on our own server that has been stable, no hack issues, for several years until this past weekend. No coding changes or plugins have been put into prod in the last few weeks. All plugins(about 17) were last updated about 4 months ago.

    The mail server is getting hacked, sending thousands of emails out using our site domain.

    Any form we have on the site which gets submitted sends an email to an internal mail address, followed by an immediate DB insert. I’ve checked the DB and there have been no inserts of spam at all. In any case, I removed the forms, and the spam was still occurring.

    We have the BPS security plugin which has pointed to suspicious PHP files in the root /uploads and /wp-content directories (5 files so far).

    Has anyone had something similar? Or can point me in the right direction? I can update the core to the most recent version as well as all plugins.However, after that point I am not sure how to isolate where the leak is…

    Thanks for any help!

Viewing 1 replies (of 1 total)
Viewing 1 replies (of 1 total)
  • The topic ‘Normally stable WP 4.2.2 site hacked – sending spam’ is closed to new replies.

Tags