WordPress.org

Support

Support » Plugins and Hacks » [Resolved] [Plugin: Subscribe2] My site was hacked and sent out mass emails from this plugin

[Resolved] [Plugin: Subscribe2] My site was hacked and sent out mass emails from this plugin

  • I was just notified by my host that I was sending out 20000 emails and was in violation of TOS for sending more then allowed. I replied WHAT IN the world are you talking about.

    They said this plugin was sending out the emails. The strangest part was that the email had content and a link to my site and looked as if I had actually done the email list. Problem is NO ONE set up the list or attempted to send these emails out, yet it happened.

    This is not the first time I have seen strange behavior using this plugin and figured since was updated would have corrected the backdoor that was left that allowed people to post content to my site through the plugin.

    This post is directed at the makers, since there was no contact link and stated to post on the forum.

    I need answers as to how someone was able to access my site through your plugin and was allowed to create an email list.

    http://wordpress.org/extend/plugins/subscribe2/

Viewing 15 replies - 1 through 15 (of 24 total)
  • Christine Rondeau
    Volunteer Forum Moderator

    @crondeau

    I’m not sure why this plugin would do that, but I think that using a company like MailChimp, Constant Contact or Campaign Monitor is a better option for subscriber lists.

    I didnt want to send ANY emails!!!

    mattyrob
    Participant

    @mattyrob

    @pluto459,

    Subscribe2 has certainly been used by whoever hacked your site to send emails – in exactly the same way that you can use it to send emails to your subscribers from the Subscribe2->Send Email page.

    It has not however been used to hack your site unless between you and your hosting company you can show me the security flaw.

    The recent issues to which you allude were issues that allowed someone who already had administrator level access to your blog to execute arbitrary javascript – certainly nothing that would explain your site being hacked – anyone with this level of access could have emails already.

    You need to check your local machines for viruses and malware that may have captured passwords, then change your passwords on your sites for everything (cPanel, emails, WordPress, the whole lot). Then make sure you access your FTP via a secure means (like SFTP) and also consider changing the admin login name from ‘admin’ to something less obvious.

    All of that and a lot more are covered already by WordPress here

    My machine is checked EVERYDAY for malware and virus.

    The scary part about this whole thing is that the email that was sent out actually linked to site content and looks like I actually set up this email list.

    The logs show only my IP accessing the server and I know that I never created the email. Hostgator as pinpointed the mail sending out to this plugin. I would love to share any logs I have so this can e solved.

    Since my IP is the only one and I know I didnt do it and the link isnt the standard spam for drug sales or whatever something really screwing is going on.

    mattyrob
    Participant

    @mattyrob

    @pluto459,

    Just to get this clearer in my head – you have never used Subscribe2 then?

    If that is the case then who ever compromised your site (and you haven’t said if you used clear text pass wording for your FTP logins – that was how I got hacked back in January) could have installed this plugin, loaded up a mailing list via your admin panel and then clicked send – really not that hard once the site is compromised.

    I have never used it, yet was installed and active.

    According to logs it was just my IP accessing the server and the email sent was a link back to my site, which is the strange part. On the surface it looks 100% like I actually did the mailing.

    mattyrob
    Participant

    @mattyrob

    @pluto459,

    As I said above, once your site is compromised the attacker can log into the WordPress admin area and install plugins. Of course it will then look like the emails came from you – they used your site.

    If Subscribe2 was not installed before the attack then it is not under suspicion as part of your security breach – you are back to passwords, malware and brute force attacks.

    Guess I wasnt clear, the site wasnt compromised and the plugin was installed and active, although I never used it or opened it to even know how to set it up.

    NO ONE installed this plugin, I did while ago.

    Unless the hacker spoofed my IP there is no one else loggin in to the site or server.

    esmi
    Forum Moderator

    @esmi

    funny, i have that plugin installed as well and no issues.

    So, someone hacked my site to create an email to promote a page on my site?

    mattyrob
    Participant

    @mattyrob

    @pluto459,

    You have completely lost me now!

    Your title for this thread begins “My site was hacked” but more recently you are saying “the site wasnt compromised”. You also seem to be saying that subscribe2 was installed and activated. Well who did that then? Was your site hacked or not?

    if someone sent out an email list using this plugin and it wasnt me i call that hacked.
    the plugin sent out mass emails with a message promoting a page on my site.
    i said the logs show only my IP and i KNOW i didnt set up any email list.
    the plugin was activated a while ago thinking it was the social plugin allowing you to share.

    mattyrob
    Participant

    @mattyrob

    @pluto459,

    So are you saying that you installed it? You activated it? You left it on your site and then you are surprised when the plugin code does what it is supposed to do?

    so your telling me that the plugin auto generates an email and then after IT MAKES IT up sends it out?

    Last time I checked you have to setup the plugin, create an email and email list and then HIT SEND to start that list.

    I never did any of that!!!

    mattyrob
    Participant

    @mattyrob

    @pluto459,

    In the banner at the top of the plugin page: “Sends a list of subscribers an email notification when new posts are published to your blog “

    When you write new posts the plugin generates emails from your post content and sends to a subscriber list. That is the entire purpose of the plugin.

    It is designed to work on activation to keep things easy but it also allows site level customisation. So, no need for you to create any lists or hit send buttons.

    Again, I question why you would install a plugin and activate it when you don’t want to use it and don’t really know how it works.

Viewing 15 replies - 1 through 15 (of 24 total)
  • The topic ‘[Resolved] [Plugin: Subscribe2] My site was hacked and sent out mass emails from this plugin’ is closed to new replies.