Results 1 to 7 of 7
Thread: spam from my server
-
01-11-2016, 12:15 PM #1WHT Addict
- Join Date
- Apr 2012
- Posts
- 174
spam from my server
hello i installed wordpress on one of my domain and i can see that they are doing spam from my website i paid an company to check from where and they said
{HEX}php.base64.v23au.185 : public_html/wp-content/plugins/akismet/_inc/page23.php
{HEX}php.cmdshell.unclassed.359 :public_html/wp-content/themes/twentyfourteen/system.php
{HEX}php.cmdshell.unclassed.359 : public_html/wp-content/themes/bootcake/index.php
{HEX}php.base64.v23au.185 : public_html/wp-admin/includes/test85.php
{HEX}php.generic.cav7.410 : public_html/wp-linki.php
how can i check what they are spamming and how this can come from and official theme of wordpress i installed wordpress from softaculous , what i need to do to stop this
-
01-11-2016, 12:21 PM #2~~~~
- Join Date
- May 2008
- Posts
- 3,424
First off, hopefully you didn't pay that company too much for something as trivial as just running a scan, and not actually cleaning the infection as well.
how can i check what they are spamming
how this can come from and official theme of wordpress
what i need to do to stop this
Best of luck.Uptime Monitor - Minimize your downtime by being the first to know about it!
Blacklist Monitor - Are any of your IPs or Domains blacklisted? Find out before it gets to affect you or your clients.
-
01-11-2016, 12:34 PM #3WHT Addict
- Join Date
- Apr 2012
- Posts
- 174
-
01-11-2016, 02:07 PM #4Web Hosting Evangelist
- Join Date
- Jul 2005
- Posts
- 489
Use cpanel's mail queue manager, see https://documentation.cpanel.net/dis...+Queue+Manager
From the message headers you will be able to see the abuse script. Also check the mail server logs at /var/log/exim_mainlog and you might be able to find more details.
should i install some plugins that can hide that im using wordpress?
-
01-12-2016, 12:35 AM #5Newbie
- Join Date
- Aug 2015
- Location
- Melbourne, Australia
- Posts
- 17
I'd also recommend install ConfigServer eXploit Scanner as way of find anymore potential issues with your wordpress sites,
This will save you having to pay an external company each time you need to run a check.
ConfigServer eXploit Scanner - configserver.com/cp/cxs.html
Good Luck!
Tom
-
01-12-2016, 01:35 AM #6Web Hosting Master
- Join Date
- Feb 2015
- Posts
- 571
In addition to the steps mentioned above,
1) Immediately reset your control panel and FTP passwords to strong ones. If you are using cpanel, use the password generator option there.
2) Remove all infected files. If you have a good working copy which is not infected, remove all files from the website and start afresh from the working copy
3) Set a strong password for you wordpress admin area
4) Password protect your admin area, so that the hackers will have to crack two passwords to gain access
5) Restrict access to admin area to your IP Address alone.
6) Disable/remove unnecessary plugins█ Hope Web Host, Fully Managed cPanel Hosting ||
█ Shared Web Hosting Reseller Hosting ||
█ CMS Hosting || Virtual Private Servers ||
█ Customer Friendly Staff and Management || 24/7/365 Technical Support
-
01-12-2016, 03:10 AM #7Web Hosting Guru
- Join Date
- Nov 2014
- Posts
- 298
Hello,
Since most spammings are not intentional, its very difficult to go and tell every customer that to take care the themes every time. So its better to audit your server regularly and inform the respective clients after blocking the spam script file or folder. So from next time onward the client we will more careful while choosing the themes or plugins. You can use the following commands to find out the spammers,
>> Below script will displays the total count of emails sent and the corresponding directory/location,
grep cwd /var/log/exim_mainlog|grep -v /var/spool|awk -F"cwd=" '{print $2}'|awk '{print $1}'|sort|uniq -c|sort -n
>> To find top 5 mail sending user,
grep "<=.*P=local" /var/log/exim_mainlog | awk '{print $6}' | sort | uniq -c | sort -nr | head -5
>> To find the script path,
awk '{ if ($0 "home") {print $3} }' /var/log/exim_mainlog | sort | uniq -c | sort -nk 1
>> To get a sorted list of email sender in exim mail queue. It will show the number of mails send by each one,
exim -bpr | grep "<" | awk {'print $4'} | cut -d "<" -f 2 | cut -d ">" -f 1 | sort -n | uniq -c | sort -n
Let me know if it helps.█ WebHostRepo.com
█ Linux | Windows | VPS | Cloud
█ Outsourced Technical Support since 2009
█ sales@webhostrepo.com
Similar Threads
-
SPAM from my server, I can't identify the sender!
By junglecat in forum Hosting Security and TechnologyReplies: 11Last Post: 03-19-2006, 02:18 PM -
SPAM from my server
By smilesinblues in forum Hosting Security and TechnologyReplies: 6Last Post: 05-27-2005, 08:25 AM -
some one do spam from my server :( :(
By loverboy in forum Hosting Security and TechnologyReplies: 5Last Post: 05-05-2005, 01:49 PM -
Help! spammer using Local to send spam from my server
By creativesolu in forum Hosting Security and TechnologyReplies: 3Last Post: 02-02-2004, 03:24 PM -
Spam from my server! How? Please help.
By labrocca in forum Hosting Security and TechnologyReplies: 15Last Post: 09-23-2003, 10:34 PM