December 21, 2013
I am getting a notice from my server host – http://www.amerinoc.com that over 2000 emails are coming from my all-in-one-seo-pack folder. I’m am not sure if something from the plugin was installed there or what. This is the message received from Amerinoc server:
The bigacard account has just finished sending 2000 emails.
There could be a spammer, the account could be compromised, or just sending more emails than usual.
After some processing of the /etc/virtual/usage/bigacard.bytes file, it was found that the highest sender was email@example.com, at 2001 emails.
The top authenticated user was bigacard, at 2001 emails.
This accounts for 100% of the emails. The higher the value, the more likely this is the source of the emails.
An authenticated username is the user and password value used at smtp time to authenticate with exim for delivery.
The most common path that the messages were sent from is /home/bigacard/domains/bigacard.com/public_html/wp-content/plugins/all-in-one-seo-pack, at 1894 emails (94%).
The path value may only be of use if it’s pointing to that of a User’s home directory.
If the path is a system path, it likely means the email was sent through smtp rather than using a script.
This warning was generated because the 2000 email threshold was hit.
This is happening on 5 different domains I have the plugin installed on not just this one. Any help?
December 21, 2013
I believe that this was a script that was installed in this folder recently. Also, on this domain I deleted the All In One Seo Pack and installed the All In One SEO Pro. There was another script in another domain under a different app which is a helpdesk. This for http://www.big-legal.com
October 30, 2012
There isn’t anything in All in One SEO Pack out of the box that allows spammers to do this. It does sound as though your site has been hacked. There are a couple resources online to help you work through this, I’ve added links below to the WordPress guide for when your site is hacked, how to harden your site against future hacks, and a Support thread with a good amount of links that can help you.