Home › Forums › Newsletter Plugin Support › Security issue in Newsletter Plugin
- This topic has 9 replies, 4 voices, and was last updated 9 years, 1 month ago by
MKJ.
-
AuthorPosts
-
October 5, 2014 at 4:20 pm #11976
MKJ
ParticipantHallo,
today, I’ve received a message from my hosting company. They think that there is a severe security issue. Yesterday, more that 3000 emails were sent from a romanian IP through my clients website. The support told us that this was not the first time. The script involved /was wp-content/plugins/newsletter/do/subscribe.php.
Would you please check this? Thanks in advance!
October 5, 2014 at 5:28 pm #11977Stefano
KeymasterProbably it’s a bot trying subscriptions. Have you enabled the anotibot feature on subscription steps panel? Your provider should be able to see if those call to the subscribe.php page are originating from the same ip.
Bye, Stefano.
Already tried Nearby Photos? Try it and see what’s happening around you!October 6, 2014 at 8:50 am #11991MKJ
ParticipantNo, I did not activate this feature. How exactly does it work? I can’t see any difference in the source code after enabling the antibot.
Thanks!
Mike
October 7, 2014 at 7:08 am #12009Stefano
KeymasterIt change the behavior of subscribe.php, nothing in the page.
Bye, Stefano.
Already tried Nearby Photos? Try it and see what’s happening around you!October 11, 2014 at 11:07 am #12033MKJ
ParticipantHi Stefano,
it’s very unlikely that this is a bot trying subscription, I guess. We should then see much more non-confirmed subscribers. Our Provider told us, that more than 3000 emails were sent through subscribe.php from a romanian IP. But we had only 10 or so non-confirmed subscriptions. Very weird. We blocked the IP. That seems to do the trick. However, would be nice to know what’s going on here. The Support told us also that this problem appeared on several installations of other customers. I’ll keep you posted. Don’t get me wrong: I don’t blame the plugin for having any security issues.
October 11, 2014 at 12:24 pm #12035kimosogi
ParticipantMKJ have you tried to install Wordfence Plugin to do a malware scan? I had something similar happen and was able to find a lot of bad files.
October 13, 2014 at 10:26 am #12054MKJ
ParticipantHi there,
thanks for the reply. I’ve just installed Wordfence and let it scan the site. Everything is fine. I always have file monitoring enabled on my sites. It is very unlikely that the site can be hacked without any notification. Blocking the romanian IP seems to do the trick. However, I don’t really know how the email spamming was possible.
October 15, 2014 at 7:11 pm #12078Francis
ParticipantI have had an infection as well where the newsletter plugin was also installed. It compares to what is described here: http://somewebgeek.com/2014/wordpress-remote-code-execution-base64_decode/ (attributed to the WP mailpoet plugin)
I do not have mailpoet installed, maybe somebody can confirm infection without mailpoet being installed.
October 15, 2014 at 8:21 pm #12080Stefano
KeymasterHi as far as I know there are not security problems with Newsletter, which other plugin and themes (even NOT active) have installed. Remember that not active plugins or themes does not grants that, if they have vulnerabilities, they cannot be used!
Bye, Stefano.
Already tried Nearby Photos? Try it and see what’s happening around you!October 15, 2014 at 8:23 pm #12081MKJ
ParticipantI didn’t say it was an infection. My installation was clean according to Wordfence and my own file scans.
-
AuthorPosts
- You must be logged in to reply to this topic.