But what if you’re using WP 5.2, not using any contact form plugin? Could it be that our WP theme (Divi) has a compromised form mailer built in?
We’re getting some spam messages from “Eric”…
X-PHP-Originating-Script: 30768:class-phpmailer.php
Date: Wed, 8 May 2019 13:10:37 +0000
From: Eric <[email protected]>
Reply-To: “\”Eric\”” <[email protected]>
Message-ID: <[email protected]>
X-Mailer: PHPMailer 5.2.22 (https://github.com/PHPMailer/PHPMailer)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
When we test the contact form on our site (it came as part of the theme) it sends the below format which is what we expect. A test email from our contact form goes to our [email protected] email acct…
Tester <[email protected]> via gator4156.hostgator.com
reply-to: Tester <[email protected]>
to: [email protected]
date: May 10, 2019, 9:38 PM
subject: New Message From Our Site
mailed-by: gator4156.hostgator.com
security: Standard encryption (TLS) Learn more
Does running an old version of php allow the php mailer to be compromised? Is that a stupid question with an “of course does” answer?
Sometimes we log into one of our sites and see that contact 7 has been added to plugins, when we don’t even use it. Might a hacker add to a site to take advantage of an older version of php being used?
Sadly our sites at HostGator don’t seem to get the auto-updates our other hosting provides.
