WordPress.org

Ready to get started?Download WordPress

Forums

Using WordPress to send Email Spam (29 posts)

  1. Jaxia
    Member
    Posted 8 years ago #

    According to my host, spammers are using my wordpress sites to send email spam. How can I stop this from happening?

  2. nmallory
    Member
    Posted 8 years ago #

    I came here because I noticed this is happening. As best as I can tell, it started today.

    Jaxia - what version of WordPress are you using?

    Do you have a contact form plug in?

    Some of mine came in with "[<website name>] spam.email.address.website" and one came in "Email from the <website name> Website".

  3. Jaxia
    Member
    Posted 8 years ago #

    Thanks for the quick response!

    On the website where it is happening, I am using 1.5.1.1

    Yes, I am using the 'intouch' contact form.

    This is the header from the email:

    Return-Path: Received: from rly-yb04.mx.aol.com (rly-yb04.mail.aol.com [172.18.205.136]) by air-yb03.mail.aol.com (vx) with ESMTP id MAILINYB31-19343e93cbe1b3; Tue, 07 Feb 2006 19:35:21 -0500 Received: from alexandria34.alexsrv34.com
    (alexandria34.alexsrv34.com [66.45.231.122]) by rly-yb04.mx.aol.com (vx) with ESMTP id MAILRELAYINYB43-19343e93cbe1b3; Tue, 07 Feb 2006 19:35:10 -0500 Received: from nobody by alexandria34.alexsrv34.com with local (Exim 4.52) id 1F6dIX-0007RC-Q9; Tue, 07
    Feb 2006 19:35:05 -0500 To: Subject: A comment from a site visitor X-PHP-Script: http://www.stealtheblinds.net/index.php for 221.239.5.194 From: UnknownSender@UnknownDomain X-AOL-ORIG-From: "Pentatomidae954@stealtheblinds.net" Content-Type: text/html;
    charset=\"us-ascii\" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: The perfect marriage of science and nature From: Pentatomidae954@stealtheblinds.net Message-Id: Date: Tue, 07 Feb 2006 19:35:05 -0500 X-AntiAbuse: This header was added to
    track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - alexandria34.alexsrv34.com X-AntiAbuse: Original Domain - aol.com X-AntiAbuse: Originator/Caller UID/GID - [99 32003] / [47 12] X-AntiAbuse: Sender Address Domain -
    alexandria34.alexsrv34.com X-Source: X-Source-Args: /usr/local/apache/bin/httpd -DSSL X-Source-Dir: stealtheblinds.net:/public_html X-AOL-IP: 66.45.231.122 X-Mailer: Unknown (No Version)

    The subject line appears to be the same subject line that shows up with my contact form emails. Do I just disable the contact form?

  4. nmallory
    Member
    Posted 8 years ago #

    I don't know. I don't have that contact form.

    I have WordPress Email Notification Plugin v2.1, which I'm upgading to v2.3.1, wp-email.php, and WP-ContactForm.

    I'm trying to see what we have in common e-mail-wise.

  5. Lester Chan
    Member
    Posted 8 years ago #

    WP-EMail? It have a logging feature u can check it. and it haev spam interval.

  6. nmallory
    Member
    Posted 8 years ago #

    No...but I'm seriously thinking that might be by issue. I only got this spam on the two blogs that have that plugin. The other seems to have missed out. I'm going to disable it.

  7. Jaxia
    Member
    Posted 8 years ago #

    How can I check the logging feature?

  8. Lester Chan
    Member
    Posted 8 years ago #

    Jaxia: WP-Admin -> Manage E-Mail

  9. Lester Chan
    Member
    Posted 8 years ago #

    nmallory: 1.5.2? Okie the spam prevention is on WP 2.0 version only. But I cant see anyway they can use it to spam, unless they type it in their remarks. Did you check the log?

  10. Jaxia
    Member
    Posted 8 years ago #

    I cannot seem to locate that.

    The problem is not that they are using it to send ME spam. They are somehow sending spam to other people.

  11. spencerp
    Member
    Posted 8 years ago #

    "Thanks for the quick response!

    On the website where it is happening, I am using 1.5.1.1

    Yes, I am using the 'intouch' contact form."

    Jaxia, for one thing, upgrade it to 1.5.2. then to version 2.0.1. Rather then trying to fight this and figuring it out with that current version you have.. =) Then install the necessary plugins for spam blockers.. Spam Karma and such...

    spencerp

    Or however the upgrade process goes..

  12. iand
    Member
    Posted 8 years ago #

    for one thing, upgrade it to 1.5.2. then to version 2.0.1

    Both 1.5.2 and 2.0.1 have no known security holes, the 2.0.1 upgrade is optional if you want the features (and 2.0 only plugins).

  13. spencerp
    Member
    Posted 8 years ago #

    Thanks for pointing that out IanD. Just was merely pointing him into a full upgrade of his outdated version though.. lol. Anyway! Whatever he chooses between them TWO, is ok as well.. <rolls eyes and goes back to drinking vodka>...sips...here's one for you! =)

    spencerp

  14. Jaxia
    Member
    Posted 8 years ago #

    I'm a "her" :)

    I've already upgraded my other sites, but I haven't got around to this one yet. I'm using bad behavior for spam protection.

    I'll guess I'll upgrade and reactivate my intouch form and see what happens.

  15. spencerp
    Member
    Posted 8 years ago #

    I'm sorry about that Jaxia... =( Wasn't sure..I had ppl on here with girly names already and they turned out to be guys lol..now I feel bad. =(

    "I've already upgraded my other sites, but I haven't got around to this one yet. I'm using bad behavior for spam protection.

    I'll guess I'll upgrade and reactivate my intouch form and see what happens."

    Ok, just wasn't sure on that either..but you seem to know what you're doing in that line of it. =) Just reply if needing more help.. =)

    spencerp

    Just note, that the upgrades of WP to newer versions, need upgraded plugins to work with that latest version of WP. =)

  16. nmallory
    Member
    Posted 8 years ago #

    I upgraded my contact form and my wp-email to the latest versions on one of the sites -- didn't have time on the other. I deactivated the wp-email on the one I didn't upgrade. I haven't seen more spam since, but that's not a sure fix.

    I do like the logging feature.

    I have a question though. Since the tables it creates in the db don't have the blog's db prefix (ie... nt_, wp_, twc_), will this muck up when I activate it on my other blog since they use the same MySQL db?

  17. spencerp
    Member
    Posted 8 years ago #

    nmallory, if you are running the two blogs on the same db, you shouldn't have a problem, as long as you are still using the or that "plugin" in the second blog too (calling it up via the first blog's location, or info for the plugin).

    If you are trying to use the main blog's contact plugin db info within the second one, without the actual files..I think you'll have a problem.

    Unless you use the call tags from blog2's files to blog's one's files.. if you know what I mean..Or maybe I'm wrong..someone else can tell ya better..

    spencerp

  18. nmallory
    Member
    Posted 8 years ago #

    For the WP-Email, pluggin, I'll have all the .php files in their appropriate wordpress direcories for each blog. My concern is in the db itself, can 2 blogs share the same table?

  19. spencerp
    Member
    Posted 8 years ago #

    As far as I know..the contact plugins run on the same "email" connections as your main site's or host's email settings..so if you have blog1 at this setting, and use the same settings for blog2 you'll be ok..

    The email part of it, doesn't necessarily get stored in the database persay..but that email stuff runs off of the Host's email settings you got when signing up with the host...I hope I'm making sense.. lol..

    spencerp

  20. nmallory
    Member
    Posted 8 years ago #

    Facinanting.

    BTW, Jaxia, there are several other posts around here about someone using the contact forms to spam.

  21. spencerp
    Member
    Posted 8 years ago #

    nmallory, don't make me sound like a flucking idiot! That pisses me off for one! I posted my reply to best of my knowledge, the questioned asked was:

    "For the WP-Email, pluggin, I'll have all the .php files in their appropriate wordpress direcories for each blog. My concern is in the db itself, can 2 blogs share the same table?"

    I basically said, that as long as your email connections with your host are the same, then you should be ok. If you're trying to run two WP DBS within the same DB, then just change the one "table_prefix" on one of them.

    If you want anti-spam plugins, search for them... If you want to "mask" one blog to be able to spam other's blogs....then I'm not helping..get the shit straight..cause I basically answered to the best of my knowledge...don't post replies like this basically saying I'm an idiot..

    "Facinanting.

    BTW, Jaxia, there are several other posts around here about someone using the contact forms to spam. "

    spencerp

    And no matter how many times you'd try to mask the fact of using the same DB as the original WP, you'll still be having others tracking ya down for spamming...if that's your intentions...just not do it period.. cause it's all in the IP addy anyways.

    If that's not your intentions, then forgive me, but still understand that your contactform plugins will WORK OFF THE MAIN ACCOUNT OF YOUR HOST ACCOUNT FOR EMAILS, OR OTHERS...

    It don't matter on which DB it's running on or BLOG! Change it from blog to blog then. If you want the Main site account email on blog1 use it...if you want Hotmail.com account on blog2 use it...simple shit...

  22. nmallory
    Member
    Posted 8 years ago #

    *blink*

    Woah. I was neither being insulting nor sarcastic in any of my posts. I certainly never implied anyone was an idiot, except maybe me. I'm just trying to figure all this out as I am neither a db expert nor a php expert.

    Sorry if you took it the wrong way.

  23. nmallory
    Member
    Posted 8 years ago #

    Look, I couldn't even spell fascinating right...that should tell you something. :P

  24. spencerp
    Member
    Posted 8 years ago #

    It's just the "title" of this post as this:

    "Using WordPress to send Email Spam"

    And the way things were commented, just got me hot. And also the way that one comment of your's was made,..made me even more mad. Sorry for blowing up..but just don't do that shit again lol..please. Cause I was "trying" to help. With the best of my knowledge..

    WP can share the same DB's, just as long as you have different "table_prefixes" for each WP installed. And for the email stuff, it's basically the same as your host email account or either another account of your choosing.

    But you have to have it setup just right. No flaws n stuff with the "connection" settings..

    spencerp

    Again, please forgive of my outburst..just got hot quick. Because it sounded like you were making me out to be a dumbass...

  25. nmallory
    Member
    Posted 8 years ago #

    I was just trying to re-explain it from my understanding to make sure that I understood. ;)

    Not sure how I got blamed for actually trying to send spam. I'm a fanatic spam-hater and the fact that someone was using my blogs to send spam really bothers me. I've had to shut down email accounts in the past because spammers were using the address somehow. To me, it's like identity theft.

  26. spencerp
    Member
    Posted 8 years ago #

    "Not sure how I got blamed for actually trying to send spam."

    I wasn't blaming you persay on spamming others, just the post title was wrote wrong to being with lol! Ya gotta admit that would put anyone through a loop in confusion maybe.

    And that's why I through in "assumptions" at you or others, because of that "post title". But the argument brought out the truth now...so lets not dwell on it further, for EVEN MORE arguments.. Because I'm game if ya want more arguments.. lol!

    Anyway...I said I was sorry.. I understand your intentions, questions and such now..it's all good. =)

    spencerp

  27. Lester Chan
    Member
    Posted 8 years ago #

    erm, so is it the contact form problem or my wp-email problem? I will take spam issue seriously.

  28. nmallory
    Member
    Posted 8 years ago #

    GamerZ -- I'm not entirely sure. However, since I upgraded to the newest versions of both, I haven't seen any spam activity.

  29. Lester Chan
    Member
    Posted 8 years ago #

    okie thanks alot for the feedback =)

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags