WordPress.org

Make WordPress Core

Opened 6 years ago

Closed 5 years ago

Last modified 5 years ago

#10995 closed defect (bug) (invalid)

Spam created by index.php

Reported by: OiPenguin Owned by: ryan
Milestone: Priority: normal
Severity: normal Version: 2.8.4
Component: Security Keywords:
Focuses: Cc:

Description

I'm unsure if this should be reported as a bug, but I'll try since it's possibly a flaw.

I've recently received spam which seems to be generated by index.php I've done some search for people with similar experience, but I've not found much, only this thread http://wordpress.org/support/topic/220946?replies=3 (I've posted the third message). My webhost says the problem is related to index.php and hence Wordpress' and my problem. I've inspected the file and from what I can tell it is clean. I've tried the new Exploit Scanner plugin which returns none. I've posted the headers of one of the spam e-mails below:

Yours,

Lars

Return-path: <httpd@…>
Delivered-To: my@…
Received: (qmail 24450 invoked by uid 399); 21 Oct 2009 07:46:58 -0000
X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on mail.hosted.servetheworld.net
X-Spam-Level: *
X-Spam-Status: No, score=3.5 required=10.0 tests=RDNS_NONE,TVD_SPACE_RATIO, URI_NOVOWEL autolearn=disabled version=3.2.5
Received: from unknown (HELO outgoingsmtp.bordercontrol.dynavee.net)

(217.170.207.178) by mail.hosted.servetheworld.net with ESMTP; 21 Oct 2009
07:46:58 -0000

X-Originating-IP: 217.170.207.178
Received-SPF: none (mail.hosted.servetheworld.net: domain at serve009.servetheworld.net does not designate permitted sender hosts) identity=mailfrom; client-ip=217.170.207.178; envelope-from=<httpd@…>;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: Aj8JAFNZ3kpTj1Em/2dsb2JhbACbdka8I4QxBA
Received: from serve009.servetheworld.net ([83.143.81.38]) by

mxoutint.bordercontrol.dynavee.net with ESMTP; 21 Oct 2009 09:46:58 +0200

Received: from serve009.servetheworld.net (localhost.localdomain [127.0.0.1])

by serve009.servetheworld.net (8.13.8/8.13.8) with ESMTP id n9L7kvQh009732 for
<my@…>; Wed, 21 Oct 2009 09:46:57 +0200

Received: (from httpd@localhost) by serve009.servetheworld.net

(8.13.8/8.13.8/Submit) id n9L7kvO4009731; Wed, 21 Oct 2009 09:46:57 +0200

To: lars@…
Subject: aoqRwWLLpZKghTrGad
X-PHP-Script: lars.kvisle.no/index.php for 118.39.27.110
Date: Wed, 21 Oct 2009 09:46:57 +0200
From: ouygxfml <uopzqa@…>
Message-ID: <1575f532f60606f00f07e0390d2cee8c@…>
X-Priority: 3
X-Mailer: PHPMailer (phpmailer.sourceforge.net) [version 2.0.4]
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="UTF-8"

xsi2gn <a href="http://byflrxvcrmjj.com/">byflrxvcrmjj</a>, [url=http://pyuspcwliptb.com/]pyuspcwliptb[/url], [link=http://vtizrhwslfby.com/]vtizrhwslfby[/link], http://slocwcykllip.com/

Change History (2)

comment:1 @miqrogroove5 years ago

  • Keywords spam index.php removed
  • Resolution set to invalid
  • Status changed from new to closed

Hi OiPenguin. Trac is not the place to post technical support issues. Please visit the support forums or coordinate with your webhost again. Create a new ticket here if you find a flaw in the original WordPress code.

comment:2 @Denis-de-Bernardy5 years ago

  • Milestone Unassigned deleted
Note: See TracTickets for help on using tickets.