Home Forums Newsletter Plugin Support Security issue in Newsletter Plugin

Viewing 10 posts - 1 through 10 (of 10 total)
  • Author
    Posts
  • #11976
    MKJ
    Participant

    Hallo,

    today, I’ve received a message from my hosting company. They think that there is a severe security issue. Yesterday, more that 3000 emails were sent from a romanian IP through my clients website. The support told us that this was not the first time. The script involved /was wp-content/plugins/newsletter/do/subscribe.php.

    Would you please check this? Thanks in advance!

    #11977
    Stefano
    Keymaster

    Probably it’s a bot trying subscriptions. Have you enabled the anotibot feature on subscription steps panel? Your provider should be able to see if those call to the subscribe.php page are originating from the same ip.

    Bye, Stefano.
    Already tried Nearby Photos? Try it and see what’s happening around you!

    #11991
    MKJ
    Participant

    No, I did not activate this feature. How exactly does it work? I can’t see any difference in the source code after enabling the antibot.

    Thanks!

    Mike

    #12009
    Stefano
    Keymaster

    It change the behavior of subscribe.php, nothing in the page.

    Bye, Stefano.
    Already tried Nearby Photos? Try it and see what’s happening around you!

    #12033
    MKJ
    Participant

    Hi Stefano,

    it’s very unlikely that this is a bot trying subscription, I guess. We should then see much more non-confirmed subscribers. Our Provider told us, that more than 3000 emails were sent through subscribe.php from a romanian IP. But we had only 10 or so non-confirmed subscriptions. Very weird. We blocked the IP. That seems to do the trick. However, would be nice to know what’s going on here. The Support told us also that this problem appeared on several installations of other customers. I’ll keep you posted. Don’t get me wrong: I don’t blame the plugin for having any security issues.

    #12035
    kimosogi
    Participant

    MKJ have you tried to install Wordfence Plugin to do a malware scan? I had something similar happen and was able to find a lot of bad files.

    #12054
    MKJ
    Participant

    Hi there,

    thanks for the reply. I’ve just installed Wordfence and let it scan the site. Everything is fine. I always have file monitoring enabled on my sites. It is very unlikely that the site can be hacked without any notification. Blocking the romanian IP seems to do the trick. However, I don’t really know how the email spamming was possible.

    #12078
    Francis
    Participant

    I have had an infection as well where the newsletter plugin was also installed. It compares to what is described here: http://somewebgeek.com/2014/wordpress-remote-code-execution-base64_decode/ (attributed to the WP mailpoet plugin)

    I do not have mailpoet installed, maybe somebody can confirm infection without mailpoet being installed.

    #12080
    Stefano
    Keymaster

    Hi as far as I know there are not security problems with Newsletter, which other plugin and themes (even NOT active) have installed. Remember that not active plugins or themes does not grants that, if they have vulnerabilities, they cannot be used!

    Bye, Stefano.
    Already tried Nearby Photos? Try it and see what’s happening around you!

    #12081
    MKJ
    Participant

    I didn’t say it was an infection. My installation was clean according to Wordfence and my own file scans.

Viewing 10 posts - 1 through 10 (of 10 total)
  • You must be logged in to reply to this topic.