Getting a spam mail from my public_html/wp-content/plugins/all-in-one-seo-pack folder | Troubleshooting All in One SEO Pack Pro | Support | Semper Plugins

Avatar

Lost password?
Advanced Search

— Forum Scope —




— Match —





— Forum Options —





Minimum search word length is 3 characters - maximum search word length is 84 characters

sp_Feed Topic RSS sp_TopicIcon
Getting a spam mail from my public_html/wp-content/plugins/all-in-one-seo-pack folder
February 2, 2014
9:19 am
Avatar
Michael Davis
Texas
Member
AIOSEOP
Forum Posts: 3
Member Since:
December 21, 2013
sp_UserOfflineSmall Offline

I am getting a notice from my server host – http://www.amerinoc.com that over 2000 emails are coming from my all-in-one-seo-pack folder. I’m am not sure if something from the plugin was installed there or what. This is the message received from Amerinoc server:

The bigacard account has just finished sending 2000 emails.
There could be a spammer, the account could be compromised, or just sending more emails than usual.

After some processing of the /etc/virtual/usage/bigacard.bytes file, it was found that the highest sender was bigacard@tunitascreek.amerinoc.com, at 2001 emails.

The top authenticated user was bigacard, at 2001 emails.
This accounts for 100% of the emails.  The higher the value, the more likely this is the source of the emails.
An authenticated username is the user and password value used at smtp time to authenticate with exim for delivery.

The most common path that the messages were sent from is /home/bigacard/domains/bigacard.com/public_html/wp-content/plugins/all-in-one-seo-pack, at 1894 emails (94%).
The path value may only be of use if it’s pointing to that of a User’s home directory.
If the path is a system path, it likely means the email was sent through smtp rather than using a script.

This warning was generated because the 2000 email threshold was hit.

This is happening on 5 different domains I have the plugin installed on not just this one. Any help?

February 2, 2014
10:07 am
Avatar
Michael Davis
Texas
Member
AIOSEOP
Forum Posts: 3
Member Since:
December 21, 2013
sp_UserOfflineSmall Offline

I believe that this was a script that was installed in this folder recently. Also, on this domain I deleted the All In One Seo Pack and installed the All In One SEO Pro.  There was another script in another domain under a different app which is a helpdesk. This for http://www.big-legal.com

February 3, 2014
11:16 am
Avatar
Nina Gerrero
Member
Members
Forum Posts: 214
Member Since:
October 30, 2012
sp_UserOfflineSmall Offline

Hi PrimeTimeTicket,

There isn’t anything in All in One SEO Pack out of the box that allows spammers to do this.  It does sound as though your site has been hacked.  There are a couple resources online to help you work through this, I’ve added links below to the WordPress guide for when your site is hacked, how to harden your site against future hacks, and a Support thread with a good amount of links that can help you.  

http://codex.wordpress.org/FAQ…..was_hacked

http://codex.wordpress.org/Har….._WordPress

http://wordpress.org/support/t…..ware-virus

Good Luck,

Nina

Forum Timezone: America/New_York

Most Users Ever Online: 964

Currently Online:
28 Guest(s)

Currently Browsing this Page:
1 Guest(s)

Top Posters:

Member Stats:

Guest Posters: 35

Members: 19465

Moderators: 0

Admins: 8

Forum Stats:

Groups: 4

Forums: 28

Topics: 1873

Posts: 7977

Newest Members:

Susan Kane

Administrators: Michael TorbertPeter BayliesSupport TeamSteve MortiboyMatthew RobinsonSteve KlasenArnaud BroesAshish Ravi

[i]
[i]
Skip to toolbar