gyles19
Forum Replies Created
-
Your wordpress website may not even be directly involved with this spam. There are two things I’d check on first, and you may need to involved your service provider for these checks unless you self-host and have root access on the servers…
1) is the email server itself secured, or is it an open relay that some hacker is taking advantage of? I’d be inspecting the mail.log files and looking for patterns in messages around those lines that mention your email address.
2) Some hacker may be spoofing your contact address in their spam From: lines, so the targets of the spam see your From: line and send the bounces to you instead of back to the spammer. If this were the case, none of your servers are involved in the spam sending, you’re just the receiver of all the bounces.
I don’t think anyone here has answered because there are too many variables and other ways this could be happening to you that don’t even touch your website or its servers.
Forum: Localhost Installs
In reply to: How to eplace crufty Debian package with a fresh tarballNope. Crap. Well, fine.
Forum: Localhost Installs
In reply to: How to eplace crufty Debian package with a fresh tarballAnd… I didn’t read all the markup tips here closely enough and the backticks disappeared, and I can’t esem to eidt the post to repair it. Oh, well.
tar czvf wordpress.tgz
find / -name wordpress
apt-get removedpkg -l | grep wordpress | awk '{print $2'}Maybe this will work…
Forum: Localhost Installs
In reply to: How to eplace crufty Debian package with a fresh tarballThank you! I ended up merging suggestions from several sources.
* backed up everything (automysqldump to save the db, and “tar czvf wordpress.tgz
find / -name wordpress” to get everything off the disk that mentions wordpress.
* apt-get removedpkg -l | grep wordpress | awk '{print $2'}to remove every debian package about wordpress (themes, main package, etc.) (Other sources say to purge rather than remove, but purge deletes configs and user content, not just the program files.)
* downloaded every X.Y version of wordpress newer than what I had.
* started with 3.9. The debian package did leave behind most of what I needed but the wp-config file was missing. Debian’s version of it is a big mangle of the original so I left it out.
* Extracted the 3.9 tarball to /var/www/wordpress.
* Deleted debian’s apache2 site files and restarted apache2.
* Copied back over most of wp-content/*, and including the uploads directory, which is omitted from all of the upgrade instruction pages. Phui.
* Went to http://localhost/wordpress/, and it tossed me right into the setup tool because wp-config was missing. Manually recreated the wp-config file with the db info for mysql.
* My original installation was using an apache2 alias of /blog/ to point to the /usr/share and /var/lib trees debian had split everything into. (What a mess.) Had to go through and fix all of the permissions, debian had “secured” it all by breaking all of the auto- and manual-update features. How secure is that… So of course all the existing content uses the same /blog/, so I created a /blog/ symlink pointed at ./wordpress/, and it got happy.
* Everything seems fine, tools work, reactivated the plugins and they worked. Couldn’t upgrade one, had to go fix permissions and chown everything to www-data.www-data.
* This morning when I checked my email, I discovered the wordpress software had auto-updated itself to the last 3.9.x release.So, step 1 accomplished: I’ve removed all the debian-based breakage and now have a fully functional, but still out-dated wordpress blog newer than where I started. I plan to do a more normal upgrade each evening until I’m totally current.
Thanks for the guidance, it was a big help.