WordPress.org

Ready to get started?Download WordPress

Forums

Akismet
[resolved] New SPAM from that plugin (10 posts)

  1. mizel
    Member
    Posted 1 year ago #

    I receive several scam emails "Your Direct Deposit payment ID 65484664 was declined" from that akismet plugin. In email contain link to /wp-content/plugins/akismet/track.php?c003 that is redirect to other fraudlent bank website.

    Edit: This was Vulnerability cross site scripting.

  2. esmi
    Forum Moderator
    Posted 1 year ago #

    Site url? I think your site may have been hacked. There's absolutely nothing in Akismet that does this.

  3. mizel
    Member
    Posted 1 year ago #

    You did not know what sendmail does script in askimet

  4. esmi
    Forum Moderator
    Posted 1 year ago #

    This is NOT coming from the original Akismet plugin. There is no track.php in the plugin. Re-download the plugin yourself and see. Your site has been hacked.

  5. mizel
    Member
    Posted 1 year ago #

    I looked at browser history and here this link from email http://new-demo-site.com/wp-content/plugins/akismet/track.php?c003 take look. Now script broken. Earlier that link was working redirect.

  6. mizel
    Member
    Posted 1 year ago #

    By the way I am not using wordpress and that plugin. I just inform a warning that I received fraudlent emails.

  7. esmi
    Forum Moderator
    Posted 1 year ago #

    Your site has been hacked.

  8. esmi
    Forum Moderator
    Posted 1 year ago #

    Then the site that it is emanating from has been hacked.

  9. mizel
    Member
    Posted 1 year ago #

    Esmi, You are correct that their website hacked.

  10. esmi
    Forum Moderator
    Posted 1 year ago #

    Thank you. But this is not because of the plugin. Hackers can, and often will, add scripts to multiple folders in a site once they gain access. The site in question needs to be completely cleaned.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic

Tags

No tags yet.