index.php hijack for 'spam'

  • LoLyfe

    (@lolyfe)


    12 years, 1 month ago

    I’ve just had my sites closed by my host due to a spout of malicious spam emails that have been sent via my index.php.

    I’ve since updated the page via the update and changed passwords to the site but thought I’d run it through here to see if anyone had come across a similar problem.

    Below is the information that 1&1 passed to me:

    With reference to the issue, all the details are provided below. Please notice, that the php code of the mentioned file is not corrupted
    or malicious. It was misused as spam, just as you know some “tell-a-friend” script are being misused to sent out thousands of spam mails due to, e.g. no installed captcha.

    Nonetheless, our system detected the following issue:
    +———+——-+——-+——-+——-+
    Message class: | % 550er | 550er | 400er | 500er | 200er |
    +———+——-+——-+——-+——-+
    | 18.87 | 20 | 6 | 9 | 71 |
    +———+——-+——-+——-+——-+
    +———————————-+——-+———-+——-+
    Sender(86): | Sender | Total | Bouncers | Other |
    +———————————-+——-+———-+——-+
    | liqi-1392245288@lolyfe.co.uk | 2 | 2 | 0 |
    | kristin-1392243027@lolyfe.co.uk | 2 | 2 | 0 |
    | robert-1392242924@lolyfe.co.uk | 2 | 2 | 0 |
    | tangela-1392246426@lolyfe.co.uk | 1 | 1 | 0 |
    | terrick-1392244345@lolyfe.co.uk | 1 | 1 | 0 |
    | julie-1392245974@lolyfe.co.uk | 1 | 1 | 0 |
    | gregg-1392245925@lolyfe.co.uk | 1 | 1 | 0 |
    | babette-1392244668@lolyfe.co.uk | 1 | 1 | 0 |
    | muhammad-1392244656@lolyfe.co.uk | 1 | 1 | 0 |
    | eduardo-1392243679@lolyfe.co.uk | 1 | 1 | 0 |
    +———————————-+——-+———-+——-+
    +————+——-+———-+——-+
    Script(1): | Script | Total | Bouncers | Other |
    +————+——-+———-+——-+
    | /index.php | 106 | 20 | 86 |
    +————+——-+———-+——-+

    +————————+——-+———-+——-+————+———+
    Domain(44): | Domain | Total | Bouncers | Other |
    Recipients | Percent |

    +————————+——-+———-+——-+————+———+
    | hotmail.com | 15 | 4 | 11 | 14
    | 26.67 |
    | aol.com | 5 | 3 | 2 | 4
    | 60.00 |
    | earthlink.net | 2 | 2 | 0 | 2
    | 100.00 |
    | dreamvisionstudios.com | 2 | 2 | 0 | 1
    | 100.00 |
    | comcast.net | 8 | 2 | 6 | 6
    | 25.00 |
    | msn.com | 3 | 1 | 2 | 3
    | 33.33 |
    | sbcglobal.net | 1 | 1 | 0 | 1
    | 100.00 |
    | savvis.net | 1 | 1 | 0 | 1
    | 100.00 |
    | tx.rr.com | 1 | 1 | 0 | 1
    | 100.00 |
    | sccoast.net | 1 | 1 | 0 | 1
    | 100.00 |

    +————————+——-+———-+——-+————+———+
    Please undertake appropriate actions in order to close the case.

Viewing 2 replies - 1 through 2 (of 2 total)
Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘index.php hijack for 'spam'’ is closed to new replies.