Wordpress site infected via .config then used to send mass emails (help)
Paid on delivery
I have this random situation, I have some hackers that are using a script on one of my websites to send emails from the server.
Here is how it looks like:
Time: Mon Mar 14 14:46:45 2016 +0000
Type: LOCALRELAY, Local Account - hairloss
Count: 101 emails relayed
Sample of the first 10 emails:
2016-03-14 14:36:41 1afTbt-0003LN-MX <= [url removed, login to view] U=hairloss P=local S=1365 id=55444c5a6b6f0c33afd7840105270b27@ T="Your Neighbor Is a Dirty Wh0re" for [url removed, login to view]
I keep getting these type of notifications to my email, I've received 50+ so far same emails above, slightly different on each.
Now I spoke to my host and they have said:
Certain parts of my config files have been infected, I have the "WordFence" plugin and I can see multiple proxies on the site right now alternating they are using a page that doesn't even exist...
I need someone to close them off and help me restrict anything happening in the future. Anyone that has done this in the past can probably find the bugs with great ease, I have all the info, all the emails and best of all you have the wordfence widget that gives you the exact location they are coming from.
Project ID: #9942040
About the project
17 freelancers are bidding on average $77 for this job
Hi, I am interested in this project. Just check my review of work and give me an opportunity to prove myself. Please consider my bid. Thanks & Regards Dev ONLINE NOW
We're ready to be hired by you. We will be more than excited to provide you a quality solution and earn your respect, confidence and trust. and i give best solutions of this project.
I am experienced in cleaning malware from WordPress websites and finding the root of infection. I will also secure the website and advise you on how to prevent it from happening again