Make WordPress Core

Opened 9 years ago

Closed 9 years ago

Last modified 9 years ago

#10995 closed defect (bug) (invalid)

Spam created by index.php

Reported by: OiPenguin Owned by: ryan
Milestone: Priority: normal
Severity: normal Version: 2.8.4
Component: Security Keywords:
Focuses: Cc:


I'm unsure if this should be reported as a bug, but I'll try since it's possibly a flaw.

I've recently received spam which seems to be generated by index.php I've done some search for people with similar experience, but I've not found much, only this thread http://wordpress.org/support/topic/220946?replies=3 (I've posted the third message). My webhost says the problem is related to index.php and hence Wordpress' and my problem. I've inspected the file and from what I can tell it is clean. I've tried the new Exploit Scanner plugin which returns none. I've posted the headers of one of the spam e-mails below:



Return-path: <httpd@…> Delivered-To: my@… Received: (qmail 24450 invoked by uid 399); 21 Oct 2009 07:46:58 -0000 X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on mail.hosted.servetheworld.net X-Spam-Level: * X-Spam-Status: No, score=3.5 required=10.0 tests=RDNS_NONE,TVD_SPACE_RATIO, URI_NOVOWEL autolearn=disabled version=3.2.5 Received: from unknown (HELO outgoingsmtp.bordercontrol.dynavee.net)

( by mail.hosted.servetheworld.net with ESMTP; 21 Oct 2009 07:46:58 -0000

X-Originating-IP: Received-SPF: none (mail.hosted.servetheworld.net: domain at serve009.servetheworld.net does not designate permitted sender hosts) identity=mailfrom; client-ip=; envelope-from=<httpd@…>; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: Aj8JAFNZ3kpTj1Em/2dsb2JhbACbdka8I4QxBA Received: from serve009.servetheworld.net ([]) by

mxoutint.bordercontrol.dynavee.net with ESMTP; 21 Oct 2009 09:46:58 +0200

Received: from serve009.servetheworld.net (localhost.localdomain [])

by serve009.servetheworld.net (8.13.8/8.13.8) with ESMTP id n9L7kvQh009732 for <my@…>; Wed, 21 Oct 2009 09:46:57 +0200

Received: (from httpd@localhost) by serve009.servetheworld.net

(8.13.8/8.13.8/Submit) id n9L7kvO4009731; Wed, 21 Oct 2009 09:46:57 +0200

To: lars@… Subject: aoqRwWLLpZKghTrGad X-PHP-Script: lars.kvisle.no/index.php for Date: Wed, 21 Oct 2009 09:46:57 +0200 From: ouygxfml <uopzqa@…> Message-ID: <1575f532f60606f00f07e0390d2cee8c@…> X-Priority: 3 X-Mailer: PHPMailer (phpmailer.sourceforge.net) [version 2.0.4] MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="UTF-8" xsi2gn <a href="http://byflrxvcrmjj.com/">byflrxvcrmjj</a>, [url=http://pyuspcwliptb.com/]pyuspcwliptb[/url], [link=http://vtizrhwslfby.com/]vtizrhwslfby[/link], http://slocwcykllip.com/

Change History (2)

#1 @miqrogroove
9 years ago

  • Keywords spam index.php removed
  • Resolution set to invalid
  • Status changed from new to closed

Hi OiPenguin. Trac is not the place to post technical support issues. Please visit the support forums or coordinate with your webhost again. Create a new ticket here if you find a flaw in the original WordPress code.

#2 @Denis-de-Bernardy
9 years ago

  • Milestone Unassigned deleted
Note: See TracTickets for help on using tickets.