[resolved] hack or virus? (8 posts)

  1. sventje
    Posted 2 years ago #

    I got a mail from a friend asking me why he is receiving emails from our site through the contact page.
    He send me one of them and yes those are spam.

    the thing is that I have a captcha installed, and this honeypot plugin to the contactpage.
    The contactpage is in 4 languages.

    Since he had send me the mail I have changed the contacpage and gave it a new core name.

    Seems he keeps receiving the mails. Actually in his primary language.
    An important detail is that the man's email adress is not in any way added to the list of receivers in the contactform's setings

    Someome got suggestion?

    I'm using contactform 7, simple captcha and honeypot


  2. Tara
    Volunteer Moderator
    Posted 2 years ago #

    first off, try scanning your site for malware: http://sitecheck.sucuri.net/scanner/

  3. sventje
    Posted 2 years ago #

    Hi there Tara,

    I did that already and nothing came up.
    But thanks for the suggestion

  4. Jesin A
    Posted 2 years ago #

    Tell him to send the headers of that email. Check if these headers contain the IP address of your mail/web server.

    It isn't required to hack a server to send emails with that domain in the "From:" address.

    Recently received a SPAM email from "user@wordpress.org" inviting me to download a malicious plugin. That doesn't mean this site was hacked.

  5. sventje
    Posted 2 years ago #

    Hi there,

    Thanks for the reply.

    the thing is not just the sender, but the layout of the mail looks like the layout of the mails received from our contactpages.

    I did a test through a contactform and there are some difference.
    but it is very convinsing looking alike as if it came from our contactpage.

    How does one stop one like that?

  6. Jesin A
    Posted 2 years ago #

    The layout doesn't matter, anyone who knows it can create mails like that.

    As I said before look at the headers of your original email and the one your friend is receiving. Search for the "Received:" part.

    The notification emails I receive from WordPress forum contain this

    Received: from mail.wordpress.org (mail.wordpress.org. [])
            by mx.google.com with ESMTP id tr4si21500394pab.208.2013.
            for <myemailID>;

    You can also check your mail log.

    At what interval is your friend receiving emails?

    What plugin are you using for this contact form?

  7. sventje
    Posted 2 years ago #

    Problem solved.

    I overlooked a certain un-secured contactpage on the site.

    Thanks for helping

  8. Tara
    Volunteer Moderator
    Posted 2 years ago #

    Glad you got it sorted :)

Topic Closed

This topic has been closed to new replies.

About this Topic