this is the email i got from the server, how do i protect from this? Below are the recently upload scripts that contain code to send email. You may wish to inspect them to ensure they are not sending out SPAM /home/photgcom/public_html/wp-login.php:153: if ( !wp_mail($user_email, sprintf(__('[%s] Password Reset'), get_option('blogname')), $message) ) /home/photgcom/public_html/wp-login.php:154: die('<p>' . __('The e-mail could not be sent.') . "<br />\n" . __('Possible reason: your host may have disabled the mail() function...') . '</p>'); /home/photgcom/public_html/wp-login.php:155: --- /home/photgcom/public_html/wp-login.php:190: if ( !wp_mail($user->user_email, sprintf(__('[%s] Your new password'), get_option('blogname')), $message) ) /home/photgcom/public_html/wp-login.php:191: die('<p>' . __('The e-mail could not be sent.') . "<br />\n" . __('Possible reason: your host may have disabled the mail() function...') . '</p>'); /home/photgcom/public_html/wp-login.php:192:
yes i was having issues with someone putting a 1000 or more links to pharmacy crap into my index.php and login.php files. the only reason i really noticed them was that the google ads were showing the pharmacy ads, they never showed on the page itself. ive done all kinds of stuff to try and secure it but i keep getting the email.
There is a guide on how to secure a wordpress install at http://blogsecurity.net/wordpress/wordpress-security-whitepaper/ that may help. although the wisest thing would probably be to backup your database, wipe your files and do a reinstall as per that article if you have had problems in the past in case they have left files giving a back-door in the past. so far you have not even renamed the wp-login.php file to something else. What things have you done so far? Are you still using the default directory names as well ?
well i changed passwords on cpanel, and admin, added .htaccess to deny access to admin folder only to my ip and deny access to login.php, and in cpanel not allowing anonymous ftp access. i may have to do a clean sweep like you say though and reinstall everything. how do i restore all the posts ive made once i do that?
well i just deleted the account from the server, made a new one, followed every security guide i could, hopefully it doesnt get defaced again.
Also if you can try to install mod_security , it will block most of the sql injections hacks with a mild configuration.
i did install login lock down which is a plugin for wordpress. if they try to brute force the password the ip gets locked out for an hour after like 3 tries. it also keeps track of the ips on the site.
ya.. better re-create the account. They could have upload additional php files which create backdoor to your site.. -- joseph