[closed] My WP is sending email to wordpressslog@yandex.com (12 posts)

  1. Novisoft
    Posted 2 years ago #


    This morning, I noticed that my WP sent more than 250 emails in less than 3 hours. It was the same email content sent 260 times to the same recipient which is wordpressslog@yandex.com. I am not able to figure out what plugin is doing that. Can someone help with that plsease ?

    Below the spool content :

    user 551 551
    1373080169 0
    -ident user
    -received_protocol local
    -body_linecount 2
    -max_received_linelength 83
    -auth_id user
    -auth_sender user@myserver

    190P Received: from era by my.server.com with local (Exim 4.80.1)
    (envelope-from <user@my.server.com>)
    id 1UvIsL-0003G2-K5
    for wordpressslog@yandex.com; Sat, 06 Jul 2013 05:09:29 +0200
    029T To: wordpressslog@yandex.com
    026 Subject: WordPress Plugin
    055 X-PHP-Script: domain.com/2013/index.php for
    037 Date: Sat, 6 Jul 2013 03:09:29 +0000
    030* Return-Path: wordpress@domaine.com
    035F From: WordPress <wordpress@domain.com>
    054I Message-ID: <ba5bef5fbbfe6b61d5c16ace669b18a0@domain.com>
    014 X-Priority: 3
    084 X-Mailer: PHPMailer 5.2.1 (http://code.google.com/a/apache-extras.org/p/phpmailer/)
    018 MIME-Version: 1.0
    032 Content-Transfer-Encoding: 8bit
    042 Content-Type: text/plain; charset="UTF-8"

  2. alecoelho
    Posted 2 years ago #

    Hi You could solve this problem? I'm getting the same message you. Thank you.

  3. Ave Elite
    Posted 2 years ago #

  4. Also give this reply a read too.

  5. Novisoft
    Posted 2 years ago #


    Thank you very much.

    This is very helpful. I didn't noticed any other emails sent to yandex. My customer told me he made some plugins tests before removing them. So the emails has been sent during the test but we are unable to identify which plugin caused that.

    Thanks again :)

  6. Ave Elite
    Posted 2 years ago #

    Yes it's hard to find when the code already has been removed and it's just the email bounching around in the mail queue. Just be sure to remove those bounching emails from the queue and check later if NEW onces apear.


  7. sakkiotto
    Posted 2 years ago #

    i have this problem... can u help me? i read all. but i haven't more confidence for find it the problem..

  8. Novisoft
    Posted 2 years ago #

    Hi Sakkiotto,

    As explained in my previous reply, I wasn't able to identify the plugin that sent the emails since it has been tested by my customer for some hours before being removed.

    So, you should inspect all plugins installed recently. Try to download all plugins directory on your desk the perform a keyword search inside all php files. You can also disable plugins one by one and notice the impact on the email sending.

  9. utilibre
    Posted 2 years ago #

    i don't know if you are still having this issue but look for a plugin and a file inside its includes folder:

    and it is more likely to be contained in a file called <langs.php>

    many of these things come with a plugin called mymail.

  10. esmi
    Forum Moderator
    Posted 2 years ago #

  11. dimospbru
    Posted 2 years ago #

    I was not hacked, I made it myself =( when uploaded an infected script.
    Checked others - everything is ok for now.

  12. Ave Elite
    Posted 2 years ago #

    Install this plugin:

    Exploit Scanner

    It will scan all your files and look for signs of suspicious activity. It will find base64 encoded strings for you to evaluate.

    A handy tool to find "infected" scripts.


Topic Closed

This topic has been closed to new replies.

About this Topic