• Resolved Drumrocker365

    (@drumrocker365)


    Hi,

    On my friend’s WordPress website (which is hosted on my server), someone managed to upload a php script to theme_compat titled “general99.php” The script was trying to send thousands of spam emails a minute and attempted to send 302,000 spam emails before I caught the issue. My IPs are all now blacklisted and Amazon has blocked my Amazon EC2 instance from sending email. How is this possible? How could they just upload a php file like that, then get it to trigger every minute? It was each minute on the dot.

    I deleted the entire WordPress installation, as my friend said it wasn’t important. I’m just trying to figure out what happened. For the server configuration people out there – what can I do to configure my EC2 instance so this won’t be a problem?

    I am working on downloading a backup of the WP installation so I can examine the files and maybe solve this mystery.

    • This topic was modified 7 years, 7 months ago by Drumrocker365.
Viewing 8 replies - 1 through 8 (of 8 total)
Viewing 8 replies - 1 through 8 (of 8 total)
  • The topic ‘Someone uploaded a malicious file to theme_compat’ is closed to new replies.