wordpress site shut for sending spam

Paljin
(@paljin)

11 years ago

we have a web hosting package with EZPZ hosting which includes 5 websites. 4 are run using wordpress, and one using html code. There is also a wordpress site under development for the html site which is the source of the problem.

EZPZ hosting has suspended our hosting package in the last few days several time, they have reopened it but re-suspended it within about 30min. They explained recently that it was due to our site sending out spam messages from a malicious file. They sent the logs pasted below. which include our url http://www.enjoymeditation.org and suggested we delete the malicious files. While I can find the Micah folder using either our FTP programme or the cpanel I cannot see which file to delete there.

Would anyone be able to offer any advice on how to find and delete the file? I am unable to check wordpress version as site is suspended.

Many thanks Paljin

Applicable Logs
—
2013-04-16 22:19:45 cwd=/home/blcuk/public_html/wp/wp-content/themes/Micah 3 args: /usr/sbin/sendmail -t -i
2013-04-16 22:19:45 1USDI1-004MsX-5k SMTP connection outbound 1366147185 1USDI1-004MsX-5k enjoymeditation.org ingo.nicole@t-online.de
2013-04-16 22:20:05 cwd=/home/blcuk/public_html/wp/wp-content/themes/Micah 3 args: /usr/sbin/sendmail -t -i
2013-04-16 22:20:06 1USDIL-004NCn-Nx SMTP connection outbound 1366147206 1USDIL-004NCn-Nx enjoymeditation.org ingramag@aol.com
2013-04-16 22:20:50 cwd=/home/blcuk/public_html/wp/wp-content/themes/Micah 3 args: /usr/sbin/sendmail -t -i
2013-04-16 22:20:50 1USDJ4-004NGB-Si SMTP connection outbound 1366147250 1USDJ4-004NGB-Si enjoymeditation.org ingo.sietas@t-online.de
2013-04-16 22:20:57 cwd=/home/blcuk/public_html/wp/wp-content/themes/Micah 3 args: /usr/sbin/sendmail -t -i
2013-04-16 22:20:57 1USDJB-004NH3-FW SMTP connection outbound 1366147257 1USDJB-004NH3-FW enjoymeditation.org inge@web.de
2013-04-16 22:21:31 cwd=/home/blcuk/public_html/wp/wp-content/themes/Micah 3 args: /usr/sbin/sendmail -t -i
2013-04-16 22:21:31 1USDJj-004NKS-Mt SMTP connection outbound 1366147291 1USDJj-004NKS-Mt enjoymeditation.org inlinesean@aol.com
2013-04-16 22:22:09 cwd=/home/blcuk/public_html/wp/wp-content/themes/Micah 3 args: /usr/sbin/sendmail -t -i
2013-04-16 22:22:09 1USDKL-004NNg-FK SMTP connection outbound 1366147329 1USDKL-004NNg-FK enjoymeditation.org inmanenglish@aol.com
2013-04-16 22:22:59 cwd=/home/blcuk/public_html/wp/wp-content/themes/Micah 3 args: /usr/sbin/sendmail -t -i
2013-04-16 22:22:59 1USDL9-004Niw-Kt SMTP connection outbound 1366147379 1USDL9-004Niw-Kt enjoymeditation.org inpa@prodigy.net
2013-04-16 22:23:00 cwd=/home/blcuk/public_html/wp/wp-content/themes/Micah 3 args: /usr/sbin/sendmail -t -i
2013-04-16 22:23:00 1USDLA-004Nj9-7G SMTP connection outbound 1366147380 1USDLA-004Nj9-7G enjoymeditation.org ingrambronx7@aol.com
2013-04-16 22:23:07 cwd=/home/blcuk/public_html/wp/wp-content/themes/Micah 3 args: /usr/sbin/sendmail -t -i
2013-04-16 22:32:28 cwd=/home/blcuk/public_html/wp/wp-content/themes/Micah 3 args: /usr/sbin/sendmail -t -i
2013-04-16 22:32:28 1USDUK-0000jP-Pq SMTP connection outbound 1366147948 1USDUK-0000jP-Pq enjoymeditation.org samnatesam@yahoo.com
2013-04-16 22:32:46 cwd=/home/blcuk/public_html/wp/wp-content/themes/Micah 3 args: /usr/sbin/sendmail -t -i
2013-04-16 22:32:46 1USDUc-0000ku-19 SMTP connection outbound 1366147966 1USDUc-0000ku-19 enjoymeditation.org samnatmar@msn.com
2013-04-16 22:34:09 cwd=/home/blcuk/public_html/wp/wp-content/themes/Micah 3 args: /usr/sbin/sendmail -t -i
2013-04-16 22:34:09 1USDVx-00018e-E6 SMTP connection outbound 1366148049 1USDVx-00018e-E6 enjoymeditation.org sammydo2124@aol.com
2013-04-16 22:34:10 cwd=/home/blcuk/public_html/wp/wp-content/themes/Micah 3 args: /usr/sbin/sendmail -t -i
2013-04-16 22:34:10 1USDVy-00018p-82 SMTP connection outbound 1366148050 1USDVy-00018p-82 enjoymeditation.org samoflynn@yahoo.co.uk
2013-04-16 22:34:37 cwd=/home/blcuk/public_html/wp/wp-content/themes/Micah 3 args: /usr/sbin/sendmail -t -i
2013-04-16 22:34:37 1USDWP-0001D4-52 SMTP connection outbound 1366148077 1USDWP-0001D4-52 enjoymeditation.org sammiemammie@sbcglobal.net
2013-04-16 22:34:50 cwd=/home/blcuk/public_html/wp/wp-content/themes/Micah 3 args: /usr/sbin/sendmail -t -i
2013-04-16 22:34:51 1USDWc-0001EP-Ul SMTP connection outbound 1366148091 1USDWc-0001EP-Ul enjoymeditation.org sammosr23@aol.com
2013-04-16 22:34:59 cwd=/home/blcuk/public_html/wp/wp-content/themes/Micah 3 args: /usr/sbin/sendmail -t -i
2013-04-16 22:34:59 1USDWl-0001FM-PV SMTP connection outbound 1366148099 1USDWl-0001FM-PV enjoymeditation.org sammygirl2609@aol.com
2013-04-16 22:35:11 cwd=/home/blcuk/public_html/wp/wp-content/themes/Micah 3 args: /usr/sbin/sendmail -t -i
2013-04-16 22:35:11 1USDWx-0001IE-CV SMTP connection outbound 1366148111 1USDWx-0001IE-CV enjoymeditation.org sammybern@aol.com
2013-04-16 22:35:12 cwd=/home/blcuk/public_html/wp/wp-content/themes/Micah 3 args: /usr/sbin/sendmail -t -i
2013-04-16 22:36:04 cwd=/home/blcuk/public_html/wp/wp-content/themes/Micah 3 args: /usr/sbin/sendmail -t -i
2013-04-16 22:36:04 1USDXo-0001f4-9P SMTP connection outbound 1366148164 1USDXo-0001f4-9P enjoymeditation.org gordparsons@eastlink.ca
2013-04-16 22:37:49 cwd=/home/blcuk/public_html/wp/wp-content/themes/Micah 3 args: /usr/sbin/sendmail -t -i
2013-04-16 22:37:49 1USDZV-0001nd-DI SMTP connection outbound 1366148269 1USDZV-0001nd-DI enjoymeditation.org gosegosoges@aol.com
2013-04-16 22:37:52 cwd=/home/blcuk/public_html/wp/wp-content/themes/Micah 3 args: /usr/sbin/sendmail -t -i
2013-04-16 22:37:52 1USDZY-0001o1-O7 SMTP connection outbound 1366148272 1USDZY-0001o1-O7 enjoymeditation.org regina.lettmann@web.de
2013-04-16 22:37:55 cwd=/home/blcuk/public_html/wp/wp-content/themes/Micah 3 args: /usr/sbin/sendmail -t -i
2013-04-16 22:37:55 1USDZb-0001oh-TU SMTP connection outbound 1366148275 1USDZb-0001oh-TU enjoymeditation.org reginafmiller@aol.com
2013-04-16 22:38:13 cwd=/home/blcuk/public_html/wp/wp-content/themes/Micah 3 args: /usr/sbin/sendmail -t -i
2013-04-16 22:38:13 1USDZt-0001qh-Gi SMTP connection outbound 1366148293 1USDZt-0001qh-Gi enjoymeditation.org regan.west@radpharm.com.au

— log continues with many more entries

Viewing 1 replies (of 1 total)

esmi
(@esmi)

11 years ago

That sounds like you’ve been hacked. You need to start working your way through these resources:
http://codex.wordpress.org/FAQ_My_site_was_hacked
http://wordpress.org/support/topic/268083#post-1065779
http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
http://ottopress.com/2009/hacked-wordpress-backdoors/

Anything less will probably result in the hacker walking straight back into your site again.

Additional Resources:
Hardening WordPress
http://sitecheck.sucuri.net/scanner/
http://www.unmaskparasites.com/
http://blog.sucuri.net/2012/03/wordpress-understanding-its-true-vulnerability.html

Viewing 1 replies (of 1 total)

The topic ‘wordpress site shut for sending spam’ is closed to new replies.

wordpress site shut for sending spam

Tags

Topics

Topics with no replies

Non-support topics

Resolved topics

Unresolved topics

All topics