Email vulnerability?

  • Resolved Danny-T

    (@danny-t)


    13 years, 4 months ago

    I run a server with several sites/apps hosted, about 5 of those are WordPress sites (all up to date). I just checked my mailserver logs and it seems each of the WordPress sites are sending out copious amounts of spam messages.

    My mailserver is configured to only allow locally installed applications to send mail and the only mails being sent are using email addresses with the domains of each of the WordPress installations.

    I’ve disabled the php mail function but somehow they’re still getting through. Is anyone aware of any such vulnerability or heard of something similar? The only evidence I have that it’s related to wordpress is the domains the emails are being sent from are all just the WordPress installs.

    This is a Win2k8 IIS7 server (“blame windows” won’t help me here). The server is protected by a hardware firewall so I’m pretty confident these emails are coming from somewhere on the machine and like I said, the domains being used point fingers at WordPress (although it could be generally just PHP).

Viewing 1 replies (of 1 total)
  • Thread Starter Danny-T

    (@danny-t)

    13 years, 4 months ago

    Seemingly disabling PHP’s mail() function did do the trick, there were a handful of spam messages in the retry queue which processed after I’d disabled it so I thought it hadn’t worked.

    For anyone else with the same issue:

    1 – Disable mail function in your php.ini:
    disable_functions=mail
    2 – Install SMTP plugin E.g. http://wordpress.org/extend/plugins/wp-mail-smtp/
    3 – Configure plugin settings

Viewing 1 replies (of 1 total)

The topic ‘Email vulnerability?’ is closed to new replies.