Enjoy unlimited access to all forum features for FREE! Optional upgrade available for extra perks.

Just removed a nasty little mailer script (WP)

Discussion in 'Wordpress' started by Alien, Apr 26, 2012.

Thread Status:
Not open for further replies.
  1. Alien

    Alien Well-Known Member

    Joined:
    May 2006
    Posts:
    6,029
    Likes Received:
    67
    Just noticed some odd activity in my mail queue on one of the dedicated. Lots of mails bouncing to Indian e-mail addresses.

    Some poking about on one of my WP sites that was referenced in the mails found a script called 'cll.php' in one of my CHMOD 777 folders, called "FSS Mailer 2012".

    It was being used to mail through the server. Removed it and the rest of the stuff there, changed folder permissions now.

    I've replaced the file with an alternative 'get lost' message. But, does anyone have any ideas on what I could place there instead to get their attention?! :evil::evil::evil::evil:

    It might be interesting to log who goes there too actually... ;)
     
  2. Domain Forum

    Acorn Domains Elite Member

    Joined:
    1999
    Messages:
    Many
    Likes Received:
    Lots
    IWA Meetup
     
  3. Admin

    Admin Administrator Staff Member

    Joined:
    Jun 2004
    Posts:
    11,120
    Likes Received:
    464
    You did well to spot it. Would be interesting to have installed the WordPress Anti Virus Plugin to see if it detected it.

    Admin
     
  4. atlas Canada

    atlas Well-Known Member

    Joined:
    Oct 2007
    Posts:
    1,747
    Likes Received:
    101
    Might want to make sure your IP address hasn't been blacklisted by any ISPs.
     
  5. PoshTiger United Kingdom

    PoshTiger Retired Member

    Joined:
    Jun 2011
    Posts:
    1,502
    Likes Received:
    74
    also - do you know how the script actually got there in the first place?

    There may be an underlying vulnerability somewhere..
     
Thread Status:
Not open for further replies.