[wp-trac] [WordPress Trac] #10995: Spam created by index.php
WordPress Trac
wp-trac at lists.automattic.com
Wed Oct 21 18:26:13 UTC 2009
#10995: Spam created by index.php
--------------------------+-------------------------------------------------
Reporter: OiPenguin | Owner: ryan
Type: defect (bug) | Status: new
Priority: normal | Milestone: Unassigned
Component: Security | Version: 2.8.4
Severity: normal | Keywords: spam index.php
--------------------------+-------------------------------------------------
I'm unsure if this should be reported as a bug, but I'll try since it's
possibly a flaw.
I've recently received spam which seems to be generated by index.php I've
done some search for people with similar experience, but I've not found
much, only this thread http://wordpress.org/support/topic/220946?replies=3
(I've posted the third message). My webhost says the problem is related to
index.php and hence Wordpress' and my problem. I've inspected the file and
from what I can tell it is clean. I've tried the new Exploit Scanner
plugin which returns none. I've posted the headers of one of the spam
e-mails below:
Yours,
Lars
Return-path: <httpd at serve009.servetheworld.net>
Delivered-To: my at email.com
Received: (qmail 24450 invoked by uid 399); 21 Oct 2009 07:46:58 -0000
X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on
mail.hosted.servetheworld.net
X-Spam-Level: ***
X-Spam-Status: No, score=3.5 required=10.0
tests=RDNS_NONE,TVD_SPACE_RATIO, URI_NOVOWEL autolearn=disabled
version=3.2.5
Received: from unknown (HELO outgoingsmtp.bordercontrol.dynavee.net)
(217.170.207.178) by mail.hosted.servetheworld.net with ESMTP; 21 Oct
2009
07:46:58 -0000
X-Originating-IP: 217.170.207.178
Received-SPF: none (mail.hosted.servetheworld.net: domain at
serve009.servetheworld.net does not designate permitted sender hosts)
identity=mailfrom; client-ip=217.170.207.178; envelope-
from=<httpd at serve009.servetheworld.net>;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: Aj8JAFNZ3kpTj1Em/2dsb2JhbACbdka8I4QxBA
Received: from serve009.servetheworld.net ([83.143.81.38]) by
mxoutint.bordercontrol.dynavee.net with ESMTP; 21 Oct 2009 09:46:58 +0200
Received: from serve009.servetheworld.net (localhost.localdomain
[127.0.0.1])
by serve009.servetheworld.net (8.13.8/8.13.8) with ESMTP id
n9L7kvQh009732 for
<my at email.com>; Wed, 21 Oct 2009 09:46:57 +0200
Received: (from httpd at localhost) by serve009.servetheworld.net
(8.13.8/8.13.8/Submit) id n9L7kvO4009731; Wed, 21 Oct 2009 09:46:57 +0200
To: lars at kvisle.no
Subject: aoqRwWLLpZKghTrGad
X-PHP-Script: lars.kvisle.no/index.php for 118.39.27.110
Date: Wed, 21 Oct 2009 09:46:57 +0200
From: ouygxfml <uopzqa at txjhib.com.servetheworld.net>
Message-ID: <1575f532f60606f00f07e0390d2cee8c at lars.kvisle.no>
X-Priority: 3
X-Mailer: PHPMailer (phpmailer.sourceforge.net) [version 2.0.4]
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="UTF-8"
xsi2gn <a href="http://byflrxvcrmjj.com/">byflrxvcrmjj</a>,
[url=http://pyuspcwliptb.com/]pyuspcwliptb[/url],
[link=http://vtizrhwslfby.com/]vtizrhwslfby[/link],
http://slocwcykllip.com/
--
Ticket URL: <http://core.trac.wordpress.org/ticket/10995>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list