Forums

WordPress › Support » How-To and Troubleshooting

WP-Cron is hacked sends out thousands of spam (4 posts)

  1. michaelgs
    Member
    Posted 3 months ago #

    help.
    I have looked everywhere, but I am a WP user, not a techie.
    1.) I have now 72 WP installations.
    2.) my server has been hacked through wp-cron and I was shut down because my server was mailing out a lot of spam like viagra and porn
    3.) I was reading that I can disable wp-cron in the wp-config file using this code

    define(‘DISABLE_WP_CRON’, true);

    next I am to activate a true cron job but I cannot find out where and how to exactly do that, I need help please.
    The company where I lease my server from also tells me to install a special code into wp-admin> .htaccess to block access from any IP other than my own.
    Is there a WP plugin that can take care of the wp-cron problem and also a WP plugin which can write into the .htaccess file?

    Please, if someone out there would help me I really be grateful.
    thank you
    Michael

  2. esmi
    Theme Diva & Forum Moderator
    Posted 3 months ago #

    my server has been hacked through wp-cron

    You have evidence for this? That a hacker gained entry via wp-cron? (And, no, please do not post it here). There is no known security issue with wp-cron. If a hacker used the script, then all this proves is that a hacker gained entry to your site. Once he was in, he could use any script he wanted. I suggest that you start by reading:
    http://codex.wordpress.org/FAQ_My_site_was_hacked
    http://wordpress.org/support/topic/268083#post-1065779
    http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
    http://ottopress.com/2009/hacked-wordpress-backdoors/

  3. michaelgs
    Member
    Posted 3 months ago #

    thanks for the reply.
    here is what we have done.
    the server was shut down by the IP provider because since tuesday we emailed 4800 pieces of spam.
    I suspended my sites and the spam stopped
    I activated one site at a time and the spam started back up.
    I placed
    /* Disable evil background wp-cron */
    define('DISABLE_WP_CRON', true);
    into the WP config file and the spam stopped.
    Michael

  4. esmi
    Theme Diva & Forum Moderator
    Posted 3 months ago #

    This just proves that your site was hacked and that the hacker then hijacked wp_cron. I strongly recommend that you refer to the resources I posted above to clear this hack out of your site(s).

Reply

You must log in to post.

About this Topic

Tags