Ticket #656 (closed maintenance: fixed)
Spam being sent out via Transition Culture
| Reported by: | chris | Owned by: | chris |
|---|---|---|---|
| Priority: | major | Milestone: | Maintenance |
| Component: | Parrot server | Keywords: | |
| Cc: | ed, aland | Estimated Number of Hours: | 0.0 |
| Add Hours to Ticket: | 0 | Billable?: | yes |
| Total Hours: | 0 |
Description
I'm getting several of thee day day:
From: Mail Delivery System <Mailer-Daemon@parrot.webarch.net>
Date: Sat, 14 Dec 2013 13:21:02 +0000
To: tc@parrot.webarch.net
Subject: Mail delivery failed: returning message to sender
This message was created automatically by mail delivery software.
A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:
inxzkysnf@gmail.com
SMTP error from remote mail server after RCPT TO:<inxzkysnf@gmail.com>:
host gmail-smtp-in.l.google.com [173.194.78.26]:
550-5.1.1 The email account that you tried to reach does not exist. Please try
550-5.1.1 double-checking the recipient's email address for typos or
550-5.1.1 unnecessary spaces. Learn more at
550 5.1.1 http://support.google.com/mail/bin/answer.py?answer=6596 l11si2175565wjw.16 - gsmtp
------ This is a copy of the message, including all the headers. ------
Return-path: <tc@parrot.webarch.net>
Received: from tc (uid=1011)
by parrot.webarch.net with local (Exim 4.80)
(envelope-from <tc@parrot.webarch.net>)
id 1Vrp9L-0002BF-Kf
for inxzkysnf@gmail.com; Sat, 14 Dec 2013 13:20:56 +0000
To: inxzkysnf@gmail.com
Subject: Thanks for your message
X-PHP-Originating-Script: 1011:lib_nonajax.php
From: robjhopkins@gmail.com
Reply-To: robjhopkins@gmail.com
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----MIME_BOUNDRY_main_message"
Message-Id: <E1Vrp9L-0002BF-Kf@parrot.webarch.net>
Date: Sat, 14 Dec 2013 13:20:55 +0000
This is a multi-part message in MIME format.
------MIME_BOUNDRY_main_message
Content-Type: text/plain; charset="UTF-8"; format=flowed
Content-Transfer-Encoding: quoted-printable
Dear timberland france,
Thank you for your message on the Transition Culture website - I will get back to you as soon as possible.
------MIME_BOUNDRY_main_message
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><BODY>
<div style=3D"font:normal 1em arial; margin-top:10px"><p><strong>Dear timberland france,</strong></p>
<p>Thank you for your message on the Transition Culture website - I will get back to you as soon as possible.
<div style=3D"width:80%; background:#f4faff ; color:#aaa; font-size:11px; padding:10px; margin-top:20px"><strong>This is an automatic
+confirmation message. 14 December, 2013.</strong></div></div></BODY></HTML>
It appears to be spam sent fro the Transition Culture WordPress site to a Gnmail user who doesn't exist.
It appears, from the email headers that this form is being used for the spamming /home/tc/sites/default/wp-content/plugins/contactforms/lib_nonajax.php.
This needs some more investigation.
Change History
comment:1 Changed 3 years ago by chris
- Summary changed from Spam being sent out vi Transition Culture to Spam being sent out via Transition Culture
comment:2 Changed 3 years ago by sam
Hi Chris
I'd stick http://wordpress.org/plugins/wordfence/ on the site & see if it detects any malware.
Shall I do this?
Thanks
Sam
comment:4 Changed 3 years ago by sam
Hi Chris.
Not sure i'm a Wordpress expert either. I have been using it for a few years on various projects. I'm happy to take this on.
Let's continue the conversation here: /trac/ticket/699 where i'll document what I do.
Thanks
Sam
Note: See
TracTickets for help on using
tickets.
