When we open mail.log we can see so many undelivered, delay mail status, some time server security will break and hackers sent bulk Spam mails from our servers. we can find it using terminal.
UN-authorized word-press themes, plug-ins, server security risks , permission faults,file upload validation are occur this errors and hacker can inject codes to our website
Find spam script using mailq
- Switch to a user with sudo rights
- Check the mail queue with command mailq
- The first column of the mail queue list shows unique mail ID’s, pick one from an obvious spam email and copy it
- Check this email’s details with command postcat -q <ID> using the unique mail ID you copied in place of <ID>
- Identify the line starting with “X-PHP-Originating-Script”. This should show which script is generating the spam emails
- Empty the mail queue with command postsuper -d ALL
- Check the mail queue again with command mailq
Remove spam script using SED command
‘sed’ which stands for ‘stream editor’. Whenever you want to modify any text, any string sed always comes handy.so we can use SED to remove injunction code from wordpress site, this particular code check each and every php files and remove injected code
In our case injected code starting like this <?php $zdwyyyta and script middle part is $gyeemsq then ends with $hrhaior-1; ?>
So open your terminal and go to the injected website, example domain.com/public-html the run particular command
find . -type f -print0 | xargs -0 sed -ri ‘1 s/.*<\?php \$zdwyyyta.*\$gyeemsq.*\$hrhaior-1; \?>//g’ *.php
It will search particular code in all php files and replace with white space.so injected code is cleaned from your website and files
Again check the mail queue again with command mailq to see if more emails are now generated. If the problem persists, repeat the above steps and see if you find other scripts causing you problems.
spam script sent mails again, what is next ?
This time we want to find particular mail script in wordpress website or any other php files, we need to find php.ini file
if your using php 7 , php.ini location is /etc/php/7.0/apache2/php.ini, it will change per version and Linux distro so please check INTERNET or visit www.php.net
- Open php.ini file
- Add following line mail.add_x_header = On
- = /var/log/
- Then create a file in log directory touch /var/log/
- Give permission chown httpd:httpd /var/log/phpmail.log or chmod 777 /var/log/phpmail.log
- restart your server, example sudo service apache2 restart
- Check the login file nano /var/log/
Then you can see which script sent spam mail example
[18-Jan-2018 17:58:35 UTC] mail() on [/home/yourdomain.com/public_html/wp-includes/hack.php:698]: To: [email protected] — Headers: Date: Thu, 18 Jan 2018 17:58:35 +0000 From: xxx xxx
remove this particular file or script, it will solve your issue
PHP mailer script sending spam from WordPress
what happend when you see class-phpmailer.php sent spam script ?
[18-Jan-2018 17:58:35 UTC] mail() on [/home/yourdomain.com/public_html/wp-includes/class-phpmailer.php:698]: To: [email protected] — Headers: Date: Thu, 18 Jan 2018 17:58:35 +0000 From: xxx xxx
it does not send the spam by itself,it is being triggered probably by spamhackbots, misusing some vulnerable extension, or leftover backdoor malware scripts, or both
We alts solution Suggest you to install WordFence or Better WordPress security plugin to find vulnerabilities
At last you found it but, delete or uninstall the plug-in or theme, might loose the client data and files which they have uploaded. so please backup and check it carefully .
We believe that this article has helped you with the information on WordPress security. If you have any doubt regarding this topic, please make sure to comment, the professional techies at Alts solution are always happy to help you. Alts solution is one of the top most Digital marketing and App Development company. We offer high-quality service in Web Design and development, SEO, Web Hosting, App Development and Social Media Marketing,Online Reputation Management. We are one of the top Online Reputation Management in India.