WordPress.org

Ready to get started?Download WordPress

Forums

WP SMTP
[resolved] PHISHING plugin? (5 posts)

  1. Erik
    Member
    Posted 6 months ago #

    Ten seconds after I configured this plugin and sent a test message I got a message from Gmail that someone from China tried to access my Gmail account.

    I use Dreamhost and they seem to be in California. I am not 100% sure about the exact server I ran this script on, but I have a hard time thinking this was in China.

    Anyway... Google stopped the login attempt and I've changed my password (it was time anyway)...

    Just a little security heads up about putting in login and password info in a WordPress plugin... Don't do it...

    http://wordpress.org/plugins/wp-smtp/

  2. acalbert
    Member
    Plugin Author

    Posted 6 months ago #

    It is absolutely impossible! This is an open source software, You can see the source code!!!

  3. acalbert
    Member
    Plugin Author

    Posted 6 months ago #

    There is no server or connection information in any of the files. Meaning that it can only connect to whatever servers you put in !!!!!

  4. acalbert? Thanks for the plugin (I use it myself on one of my installations) but you may want to calm down. For your own health. ;)

    @Erik As acalbert indicated this plugin is GPL'ed opensource (like all plugins in the repository) and you can view the source code yourself on your own installation or on trac.

    http://plugins.trac.wordpress.org/browser/wp-smtp/trunk

    There's no server defined in the 2 PHP files. If you're routing e-mail through China (and you're not in China) then my guess is that your server has either been misconfigured or hacked.

    Either way you want to speak with your web host.

  5. Erik
    Member
    Posted 6 months ago #

    This incident made me realize I was putting my Google login information in a database on the web ... which isn't actually my style.

    On the other hand, my server has been hacked before, and I've had things happening with my Google account before (unsure if it was a Google glitch or me being careless with my login info).

    So, this was probably just a coincidence!

    And, it was a question of whether this plug-in was phishing or not...

    The question has been answered to my satisfaction, and that's good enough for me.

    Thanks for your replies guys!

Reply

You must log in to post.

About this Plugin

About this Topic

Tags

No tags yet.