[Plugin: Subscribe2] My site was hacked and sent out mass emails from this plugin

I’m not sure why this plugin would do that, but I think that using a company like MailChimp, Constant Contact or Campaign Monitor is a better option for subscriber lists.

I didnt want to send ANY emails!!!

@pluto459,

Subscribe2 has certainly been used by whoever hacked your site to send emails – in exactly the same way that you can use it to send emails to your subscribers from the Subscribe2->Send Email page.

It has not however been used to hack your site unless between you and your hosting company you can show me the security flaw.

The recent issues to which you allude were issues that allowed someone who already had administrator level access to your blog to execute arbitrary javascript – certainly nothing that would explain your site being hacked – anyone with this level of access could have emails already.

You need to check your local machines for viruses and malware that may have captured passwords, then change your passwords on your sites for everything (cPanel, emails, WordPress, the whole lot). Then make sure you access your FTP via a secure means (like SFTP) and also consider changing the admin login name from ‘admin’ to something less obvious.

All of that and a lot more are covered already by WordPress here

My machine is checked EVERYDAY for malware and virus.

The scary part about this whole thing is that the email that was sent out actually linked to site content and looks like I actually set up this email list.

The logs show only my IP accessing the server and I know that I never created the email. Hostgator as pinpointed the mail sending out to this plugin. I would love to share any logs I have so this can e solved.

Since my IP is the only one and I know I didnt do it and the link isnt the standard spam for drug sales or whatever something really screwing is going on.

@pluto459,

Just to get this clearer in my head – you have never used Subscribe2 then?

If that is the case then who ever compromised your site (and you haven’t said if you used clear text pass wording for your FTP logins – that was how I got hacked back in January) could have installed this plugin, loaded up a mailing list via your admin panel and then clicked send – really not that hard once the site is compromised.

I have never used it, yet was installed and active.

According to logs it was just my IP accessing the server and the email sent was a link back to my site, which is the strange part. On the surface it looks 100% like I actually did the mailing.

@pluto459,

As I said above, once your site is compromised the attacker can log into the WordPress admin area and install plugins. Of course it will then look like the emails came from you – they used your site.

If Subscribe2 was not installed before the attack then it is not under suspicion as part of your security breach – you are back to passwords, malware and brute force attacks.

Guess I wasnt clear, the site wasnt compromised and the plugin was installed and active, although I never used it or opened it to even know how to set it up.

NO ONE installed this plugin, I did while ago.

Unless the hacker spoofed my IP there is no one else loggin in to the site or server.

Perhaps you need to read https://blog.sucuri.net/2012/03/wordpress-understanding-its-true-vulnerability.html

funny, i have that plugin installed as well and no issues.

So, someone hacked my site to create an email to promote a page on my site?

@pluto459,

You have completely lost me now!

Your title for this thread begins “My site was hacked” but more recently you are saying “the site wasnt compromised”. You also seem to be saying that subscribe2 was installed and activated. Well who did that then? Was your site hacked or not?

if someone sent out an email list using this plugin and it wasnt me i call that hacked.
the plugin sent out mass emails with a message promoting a page on my site.
i said the logs show only my IP and i KNOW i didnt set up any email list.
the plugin was activated a while ago thinking it was the social plugin allowing you to share.

@pluto459,

So are you saying that you installed it? You activated it? You left it on your site and then you are surprised when the plugin code does what it is supposed to do?

so your telling me that the plugin auto generates an email and then after IT MAKES IT up sends it out?

Last time I checked you have to setup the plugin, create an email and email list and then HIT SEND to start that list.

I never did any of that!!!

@pluto459,

In the banner at the top of the plugin page: “Sends a list of subscribers an email notification when new posts are published to your blog “

When you write new posts the plugin generates emails from your post content and sends to a subscriber list. That is the entire purpose of the plugin.

It is designed to work on activation to keep things easy but it also allows site level customisation. So, no need for you to create any lists or hit send buttons.

Again, I question why you would install a plugin and activate it when you don’t want to use it and don’t really know how it works.