MailPoet CRON problems ( maby vulnerability )

mcart
(@mcartmailru)

8 years, 3 months ago

My web page was exploited by hackers-losers 😀

I update wordpress to 4.4.1. But maby not clear all infected files or something this way – after some days i found in LOGFILE this:

“POST /wp-cron.php?47861cc796a11ab11b17f1eb1633eaee&action=wysija_cron&process=bounce&silent=1 HTTP/1.0” 200 207 “-” “WordPress/4.4.1;”
“POST /wp-cron.php?47861cc796a11ab11b17f1eb1633eaee&action=wysija_cron&process=bounce&silent=1 HTTP/1.0” 200 207 “-” “WordPress/4.4.1;”
“POST /wp-cron.php?doing_wp_cron=1452739916.7670979499816894531250 HTTP/1.0” 200 207 “-” “WordPress/4.4.1; http://my_domain.com”
“POST /wp-cron.php?47861cc796a11ab11b17f1eb1633eaee&action=wysija_cron&process=bounce&silent=1 HTTP/1.0” 200 207 “-” “WordPress/4.4.1;”
“POST /wp-cron.php?47861cc796a11ab11b17f1eb1633eaee&action=wysija_cron&process=bounce&silent=1 HTTP/1.0” 200 207 “-” “WordPress/4.4.1;”
“POST /wp-cron.php?47861cc796a11ab11b17f1eb1633eaee&action=wysija_cron&process=bounce&silent=1 HTTP/1.0” 200 207 “-” “WordPress/4.4.1;”
“POST /wp-cron.php?47861cc796a11ab11b17f1eb1633eaee&action=wysija_cron&process=bounce&silent=1 HTTP/1.0” 200 207 “-” “WordPress/4.4.1;”
“POST /wp-cron.php?doing_wp_cron=1452742056.6926829814910888671875 HTTP/1.0” 200 222 “-” “WordPress/4.4.1; http://my_domain.com”
“POST /wp-cron.php?47861cc796a11ab11b17f1eb1633eaee&action=wysija_cron&process=bounce&silent=1 HTTP/1.0” 200 207 “-” “WordPress/4.4.1;”t.htm)”
“POST /wp-cron.php?47861cc796a11ab11b17f1eb1633eaee&action=wysija_cron&process=queue,bounce&silent=1 HTTP/1.0” 200 207 “-” “WordPress/4.4.1;”
“POST /wp-cron.php?47861cc796a11ab11b17f1eb1633eaee&action=wysija_cron&process=bounce&silent=1 HTTP/1.0” 200 207 “-” “WordPress/4.4.1;”
“POST /wp-cron.php?doing_wp_cron=1452743586.7845520973205566406250 HTTP/1.0” 200 207 “-” “WordPress/4.4.1; http://my_domain.com/pl”
“POST /wp-cron.php?47861cc796a11ab11b17f1eb1633eaee&action=wysija_cron&process=bounce&silent=1 HTTP/1.0” 200 207 “-” “WordPress/4.4.1;”
“POST /wp-cron.php?47861cc796a11ab11b17f1eb1633eaee&action=wysija_cron&process=bounce&silent=1 HTTP/1.0” 200 207 “-” “WordPress/4.4.1;”
“POST /wp-cron.php?47861cc796a11ab11b17f1eb1633eaee&action=wysija_cron&process=bounce&silent=1 HTTP/1.0” 200 207 “-” “WordPress/4.4.1;”bingbot.htm)”
“POST /wp-cron.php?47861cc796a11ab11b17f1eb1633eaee&action=wysija_cron&process=bounce&silent=1 HTTP/1.0” 200 207 “-” “WordPress/4.4.1;”
“POST /wp-cron.php?doing_wp_cron=1452745586.6049110889434814453125 HTTP/1.0” 200 222 “-” “WordPress/4.4.1; http://my_domain.com/pl”
“POST /wp-cron.php?47861cc796a11ab11b17f1eb1633eaee&action=wysija_cron&process=queue,bounce&silent=1 HTTP/1.0” 200 207 “-” “WordPress/4.4.1;”
“POST /wp-cron.php?47861cc796a11ab11b17f1eb1633eaee&action=wysija_cron&process=bounce&silent=1 HTTP/1.0” 200 207 “-” “WordPress/4.4.1;”
“POST /wp-cron.php?doing_wp_cron=1452747485.8760919570922851562500 HTTP/1.0” 200 207 “-” “WordPress/4.4.1; http://my_domain.com/pl”
“POST /wp-cron.php?47861cc796a11ab11b17f1eb1633eaee&action=wysija_cron&process=bounce&silent=1 HTTP/1.0” 200 207 “-” “WordPress/4.4.1;”
“POST /wp-cron.php?47861cc796a11ab11b17f1eb1633eaee&action=wysija_cron&process=bounce&silent=1 HTTP/1.0” 200 207 “-” “WordPress/4.4.1;”
“POST /wp-cron.php?doing_wp_cron=1452749134.6345729827880859375000 HTTP/1.0” 200 222 “-” “WordPress/4.4.1; http://my_domain.com”
“POST /wp-cron.php?47861cc796a11ab11b17f1eb1633eaee&action=wysija_cron&process=bounce&silent=1 HTTP/1.0” 200 207 “-” “WordPress/4.4.1;”
“POST /wp-cron.php?47861cc796a11ab11b17f1eb1633eaee&action=wysija_cron&process=bounce&silent=1 HTTP/1.0” 200 207 “-” “WordPress/4.4.1;”
“POST /wp-cron.php?47861cc796a11ab11b17f1eb1633eaee&action=wysija_cron&process=bounce&silent=1 HTTP/1.0” 200 207 “-” “WordPress/4.4.1;”
“POST /wp-cron.php?47861cc796a11ab11b17f1eb1633eaee&action=wysija_cron&process=bounce&silent=1 HTTP/1.0” 200 207 “-” “WordPress/4.4.1;”
“POST /wp-cron.php?47861cc796a11ab11b17f1eb1633eaee&action=wysija_cron&process=queue,bounce&silent=1 HTTP/1.0” 200 207 “-” “WordPress/4.4.1;”
“POST /wp-cron.php?doing_wp_cron=1452750886.3478291034698486328125 HTTP/1.0” 200 207 “-” “WordPress/4.4.1; http://my_domain.com”
“POST /wp-cron.php?47861cc796a11ab11b17f1eb1633eaee&action=wysija_cron&process=bounce&silent=1 HTTP/1.0” 200 207 “-” “WordPress/4.4.1;”
“POST /wp-cron.php?47861cc796a11ab11b17f1eb1633eaee&action=wysija_cron&process=bounce&silent=1 HTTP/1.0” 200 207 “-” “WordPress/4.4.1;”
“POST /wp-cron.php?47861cc796a11ab11b17f1eb1633eaee&action=wysija_cron&process=bounce&silent=1 HTTP/1.0” 200 207 “-” “WordPress/4.4.1;”
“POST /wp-cron.php?doing_wp_cron=1452753320.0254650115966796875000 HTTP/1.0” 200 222 “-” “WordPress/4.4.1; http://my_domain.com/ru”
“POST /wp-cron.php?47861cc796a11ab11b17f1eb1633eaee&action=wysija_cron&process=bounce&silent=1 HTTP/1.0” 200 207 “-” “WordPress/4.4.1;”

AND SO ON!!!

https://wordpress.org/plugins/wysija-newsletters/

Viewing 2 replies - 1 through 2 (of 2 total)

Plugin Author MailPoet
(@mailpoet)

8 years, 2 months ago

Have you run a test with Securi to check your site and see whether there’s any residual files that may need removing?

Wysija
(@wysija)

8 years, 2 months ago

If you are a Premium user, that might be our server pinging your WP-Cron to trigger your newsletters queue. It seems normal. Check if you don’t have a server side cron job created as well.

Related: https://support.mailpoet.com/knowledgebase/configure-cron-job/

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘MailPoet CRON problems ( maby vulnerability )’ is closed to new replies.