1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Spam Attacked.

Discussion in 'Web Hosting' started by olienet, Aug 5, 2014.

Tags:
  1. olienet

    olienet Newbie

    Joined:
    Dec 19, 2013
    Messages:
    26
    Likes Received:
    0
    Hello,

    Good day. I really need some help.
    I got a message from my hosting company. It said 1 of my site sending out spam.
    Here the original message:

    Hi,

    We detect a spam send out again from your website script at

    /home/#$%^&*/public_html/bisneskecantikan.com

    This is the 2nd time warning on your account about the spam issue.
    Please resolve it ASAP.

    If we detect a spam again, we will suspend your account without notice.
    Thanks.


    Regards,
    Technical Support

    May i know how to solve the problem?
    Before this I've already delete the spam script in my site. And i already change the website password.
    Please help me. This is the first time it happen to me. :(

    regard
    olie
     
  2. popcrdom29

    popcrdom29 Jr. VIP Jr. VIP Premium Member

    Joined:
    May 20, 2008
    Messages:
    807
    Likes Received:
    518
    You should contact your hosting company and ask for assistance. They already know you had a spam script so I can't see the harm in asking for help. If they do contact you again or suspend your account, you can at least prove that you asked them for assistance.
     
  3. sashablack

    sashablack Elite Member

    Joined:
    Jan 8, 2010
    Messages:
    3,697
    Likes Received:
    2,050
    Gender:
    Male
    Yes def get someone no the phone from you hosting company and ask them guys wtf is going?

    What script did you remove? Were you sending out a high volume of emails? Is this a plugin you have or custom script?
     
  4. olienet

    olienet Newbie

    Joined:
    Dec 19, 2013
    Messages:
    26
    Likes Received:
    0
    Thanks guys..
    Before this the spam script is at 1 of my installed plugin.
    Here the original message i got from my hosting company:

    Hi,

    We found there are alot spam mail send out from your website recently.
    The spam mail is send out from the script

    /home/#$%^&*/public_html/bisneskecantikan.com/wp-content/plugins/opt/includes/infusionsoft/xmlrpc-3.0/lib

    If it is not your script, please scan your website for virus and update all theme and plugin to latest version.
    If we found there is spam send out from your website again, we will temporary suspend your website.
    Thanks.

    Regards,
    Technical Support

    So i've already remove the plugin. But the spam script cannot be remove so i ask them how to remove the script.
    Then they said they already remove the script.
    But now it happen again on the different file.
    I also don't know where this script come from. :(
     
  5. wild1

    wild1 Jr. VIP Jr. VIP

    Joined:
    Dec 19, 2008
    Messages:
    485
    Likes Received:
    1,000
    Location:
    Caribbean
    remove everything and start all over again.
     
  6. sashablack

    sashablack Elite Member

    Joined:
    Jan 8, 2010
    Messages:
    3,697
    Likes Received:
    2,050
    Gender:
    Male
    Ok so what I would do in your case, first delete this plugin since it looks like someone is able to either access it or use it to their advantage.

    Then manually look in the /wp-content/plugins/ folder to see if all files of that plugin were deleted.

    If that does not stop the attack, call your provider and ask them if there are any IP visit irregularities, like 1 IP with thousands of visits to the same page/post or script. If they find something, there should be a way to block that IP from accessing your site.

    Your host should be able to help you out, if not then you might need a wordpress guy to take a look!

    -Sasha
     
    • Thanks Thanks x 1
  7. gary2

    gary2 Jr. VIP Jr. VIP Premium Member

    Joined:
    Jan 20, 2013
    Messages:
    970
    Likes Received:
    82
    Occupation:
    Inbound Marketer. Blogger. Author.
    Location:
    Near River
    I already faced same kind of issue in my hosting account..

    Seems some one accessing your files through themes or plugins.. update all Plugins and WordPress files..

    Ask your hosting company to close temporarily outgoing email port to stop sending emails immediately

    Or better rebuild your blog (easiest method)

    (at)sashablack

    In my experience ip blocking is waste, because spammers will use tons of proxies to send spam emails.. if we block all those ip's , they will use another set of proxies..
     
  8. olienet

    olienet Newbie

    Joined:
    Dec 19, 2013
    Messages:
    26
    Likes Received:
    0
    Thanks Sasha..

    I've already remove the plugin but the problem was still there.
    Maybe i can ask them about IP irregularities.
    I will update if i have new information.
    Thank you for your help. :)

    regard
    olie
     
  9. olienet

    olienet Newbie

    Joined:
    Dec 19, 2013
    Messages:
    26
    Likes Received:
    0
    Thanks gary..
    If i rebuild my blog how about the content?
    I need to delete all my wordpress(that domain) file including database?

    regard
    olie
     
  10. olienet

    olienet Newbie

    Joined:
    Dec 19, 2013
    Messages:
    26
    Likes Received:
    0
    Did you mean to start from zero back?
    Do i need to delete all the file including database?

    regard
    olie
     
  11. kindarthur

    kindarthur Jr. VIP Jr. VIP

    Joined:
    Nov 27, 2011
    Messages:
    2,219
    Likes Received:
    332
    You need to do a full reset on your site access codes. That means resetting all your passwords including FTP, database passwords, admin accounts, and any other passwords associated with the account. If you use the same password for your email as you do on your site, reset your email password as well.
     
  12. gary2

    gary2 Jr. VIP Jr. VIP Premium Member

    Joined:
    Jan 20, 2013
    Messages:
    970
    Likes Received:
    82
    Occupation:
    Inbound Marketer. Blogger. Author.
    Location:
    Near River
    No.. you can take mysql backup.. follow the step,

    Backup your Database files:

    1. go to cpanel
    2. open phpMyadmin
    3. You can see the list of database name left site.
    4. Choose your site database name (if you dont know the database name, open file manager and you can see file wp-config.php. View this file, you find "DB_ Name" Or download this file)
    5. Click the database name in phpMyadmin
    6. you can see all tables, now you can select all files by clicking "Check All"
    7. Click "Export". and then click "Go" ..

    Backup your images:

    You can download uploads folder from file manager (/wp-content/uploads)

    Restoring backup:

    after taking these.. delete all files from file manager.. dont delete Database alone (some time error will occur while uploading database, at that time you will need to down load database newly)

    1. First install wordpress
    2. Restore all images to same location (/wp-content/uploads)
    3. Find DB_Name in wp-config.php file (Replace the new wp-config.php with old one if you downloaded wp-config.php file)
    4. Click Db name in phpMyadmin
    5. you can see all tables, now you can select all files by clicking "Check All"
    6. Now you can see option "With Selected", Choose "Empty". then click "Go"
    7. you can see all tables, now you can select all files by clicking "Check All"
    8. Then client "Import"
    9. Choose downloaded file from your computer
    10. Click "Go"


    Dont use old Theme.. Use new one..

    Thanks



    Most of peoples using Free wordpress themes.. You are not able to change access codes. Spammer can easily login your account through Theme or plugin..

     
    • Thanks Thanks x 1
    Last edited: Aug 5, 2014
  13. olienet

    olienet Newbie

    Joined:
    Dec 19, 2013
    Messages:
    26
    Likes Received:
    0
    Thanks guy..

    It help me a lot :)

    regard
    olie