WordPress.org

Ready to get started?Download WordPress

Forums

EMAIL NOTIFICATION VUNERABILITY (5 posts)

  1. ladysham
    Member
    Posted 7 years ago #

    I recently upgraded my WordPress blog to the latest version. I also added some new plugins which included "Email Notification" plugin by Brian Groce. Shortly afterward, I starting receiving bounces from emails that were being sent out through my server, but not through me.

    I contacted Brian and heard back once from him. I noticed that data was being logged in the mySQL database from outside for this plugin. He verified that he knew that was happening, but that was all he knew about.

    I have since tried getting in touch with him again, but haven't heard back. As a precaution, I disabled the plugin, however, I didn't delete the plugin at the time. I also disabled the php-Myadmin plugin (just in case).

    Today, through my logs, I verified the email was being sent out through my server again. The logs showed that the perpetrator was using /maillist/index.php to send out the emails.

    If anyone wishes to discuss this with me, I would be glad to entertain any emails sent to ladysham@bellsouth.net

  2. splanters
    Member
    Posted 7 years ago #

    Wouldn't it be better to discuss in the forum itself instead of sending you an email directly?

  3. yosemite
    Member
    Posted 7 years ago #

    There's a specific thread on that plugin here:
    http://wordpress.org/support/topic/51521/page/2?replies=53

    Might want to comment there too...

  4. ladysham
    Member
    Posted 7 years ago #

    Not a problem discussing it in the forum. I don't like to give out server details, however, in a public forum.

    I will check out the other thread.

  5. Quix0r
    Member
    Posted 7 years ago #

    I have "solved" this by enabling "SMTP-AUTH" with TLS on my mail-server. Just google a little and you will find somehting usefull.

    :-)

Topic Closed

This topic has been closed to new replies.

About this Topic