|
Kris Zebrowski
|
April 18, 2013 at 9:04 am
My website is running WordPress 3.5.1 (just verified earlier this week), with Event Espresso 3.1.31.1 P
I received notification from my host that our domain is being used as a spam relay, sending out thousands of spam messages from the domain per hour. It wasn’t a password issue – they changed the password but the problem started up almost immediately. The host told me that it is most likely being cause by an unsecure form on the website.
Our domain was temporarily suspended by our host in an effort to solve this problem. I had them reinstate it, then deleted Event Espresso, which seemed to fix the problem for the time being. I then downloaded and reinstalled, but left it unactivated hoping that would buy me some time to do some research into the issue and solve the problem. I was hoping to keep it installed so that once I figured out the specific problem, I could go to my dashboard, edit the appropriate file, and have it fixed. However, I got another message from the host this morning saying the problem is still occuring and they had to once again suspend the domain.
This is a little beyond my area of expertise – I have a basic understanding how email works, and a tiny bit of knowledge about coding. Can someone give me an idea of which .PHP file and/or .js file to look at and which line of code might need changing to make sure the forms are secure and prevent this problem?
Thanks!
-Kris
|
|
Josh
|
April 18, 2013 at 10:31 am
Hi Kris,
I read through your post a few times and I have a question:
Is Event Espresso activated right now or is it still deactivated?
|
|
Kris Zebrowski
|
April 18, 2013 at 10:32 am
Event Espresso is deactivated right now.
|
|
Josh
|
April 18, 2013 at 10:51 am
If Event Espresso is deactivated and the host says the spam is still a problem then I don’t see how this is an issue with Event Espresso’s forms. Do you have any other plugins on the site that display forms or posts where there are open comment forms?
|
|
Kris Zebrowski
|
April 18, 2013 at 11:53 am
I have no other activated plugins that display forms, nor the ability for website visitors to post comments.
I am waiting to have my domain reinstated so I can get into the WordPress Dashboard, and I hope that I can provide a little more information then. Right now I cannot access the site in any way, including WordPress dashboard and FTP.
|
|
Sidney Harrell
|
April 18, 2013 at 1:22 pm
It could be a case where your WordPress admin or ftp access credentials have been compromised. I would suggest changing your admin username from “admin” to something else that uses uppercase and lowercase letters, numbers, and at least one special character. And a long password that uses at least one each of uppercase and lowercase letters, numbers, and special characters. And the same for your ftp account.
|
|
Kris Zebrowski
|
April 18, 2013 at 1:24 pm
Hi Sidney,
A compromised password doesn’t seem to be the issue. Our webhost changed the password (used to access the FTP site and CPanel) when they noticed the problem but said even after that, the problem started again within minutes. This is what led him to the conclusion that it was a web forms issue.
|
|
Josh
|
April 18, 2013 at 2:02 pm
Changing the password wouldn’t matter if it was a case where someone had gained access to the site and left a backdoor in place. If Event Espresso is deactivated and the issue with spam is persisting then other possibilities should be looked at.
|
