A php file is being added automatically in file_manager

hyder95

• July 19, 2016 05:06

Hello, There is a Wordpress site hosted on my server and often i get alerts from server that this site is generating spam mails which are in thousands. Server sends me alert like this : 2016-07-19 11:38:13 cwd=/home/domain/public_html 3 args: /usr/sbin/sendmail -t -i 2016-07-19 11:38:14 cwd=/home/domain/public_html 3 args: /usr/sbin/sendmail -t -i Possible Scripts: '/home/domain/public_html/wp-login.php' '/home/domain/public_html/wp-mail.php' Or sometime : Sample of the first 10 emails: 2016-07-19 01:36:11 cwd=/home/domain/public_html/wp-includes/js/thickbox 4 args: /usr/sbin/sendmail -t -i [EMAIL='-fgwendolyn_brewer@fastmarketingonline.com">-fgwendolyn_brewer@domain.com[/EMAIL] This path gets changed on next alert and always there is a .php file at given path by server with nasty script which generates spam mails. and to stop spaming i delete that injected file. My question is : how files are being added in different directories and who is doing this and how we can track down this with all details like: time stamp, IP, etc etc. and how can we stop this ?? Thank You.

• 

  Infopro

  • July 19, 2016 10:59

  This is a wordpress issue mostly. This recent topic and the first comment to it, should be of some use to you: wordpress.org/support/topic/hack-attempts-vulnerabilitybug-report More great tips: inmotionhosting.com/support/edu/wordpress/wp-login-brute-force-attack Server side, ConfigServer eXploit Scanner is very useful.

  0

Please sign in to leave a comment.