Using WordPress to send Email Spam

I came here because I noticed this is happening. As best as I can tell, it started today.

Jaxia – what version of WordPress are you using?

Do you have a contact form plug in?

Some of mine came in with “[<website name>] spam.email.address.website” and one came in “Email from the <website name> Website”.

Thanks for the quick response!

On the website where it is happening, I am using 1.5.1.1

Yes, I am using the ‘intouch’ contact form.

This is the header from the email:

Return-Path: Received: from rly-yb04.mx.aol.com (rly-yb04.mail.aol.com [172.18.205.136]) by air-yb03.mail.aol.com (vx) with ESMTP id MAILINYB31-19343e93cbe1b3; Tue, 07 Feb 2006 19:35:21 -0500 Received: from alexandria34.alexsrv34.com
(alexandria34.alexsrv34.com [66.45.231.122]) by rly-yb04.mx.aol.com (vx) with ESMTP id MAILRELAYINYB43-19343e93cbe1b3; Tue, 07 Feb 2006 19:35:10 -0500 Received: from nobody by alexandria34.alexsrv34.com with local (Exim 4.52) id 1F6dIX-0007RC-Q9; Tue, 07
Feb 2006 19:35:05 -0500 To: Subject: A comment from a site visitor X-PHP-Script: https://www.stealtheblinds.net/index.php for 221.239.5.194 From: UnknownSender@UnknownDomain X-AOL-ORIG-From: “[email protected]” Content-Type: text/html;
charset=\”us-ascii\” MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: The perfect marriage of science and nature From: [email protected] Message-Id: Date: Tue, 07 Feb 2006 19:35:05 -0500 X-AntiAbuse: This header was added to
track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname – alexandria34.alexsrv34.com X-AntiAbuse: Original Domain – aol.com X-AntiAbuse: Originator/Caller UID/GID – [99 32003] / [47 12] X-AntiAbuse: Sender Address Domain –
alexandria34.alexsrv34.com X-Source: X-Source-Args: /usr/local/apache/bin/httpd -DSSL X-Source-Dir: stealtheblinds.net:/public_html X-AOL-IP: 66.45.231.122 X-Mailer: Unknown (No Version)

The subject line appears to be the same subject line that shows up with my contact form emails. Do I just disable the contact form?

I don’t know. I don’t have that contact form.

I have WordPress Email Notification Plugin v2.1, which I’m upgading to v2.3.1, wp-email.php, and WP-ContactForm.

I’m trying to see what we have in common e-mail-wise.

WP-EMail? It have a logging feature u can check it. and it haev spam interval.

No…but I’m seriously thinking that might be by issue. I only got this spam on the two blogs that have that plugin. The other seems to have missed out. I’m going to disable it.

How can I check the logging feature?

Jaxia: WP-Admin -> Manage E-Mail

nmallory: 1.5.2? Okie the spam prevention is on WP 2.0 version only. But I cant see anyway they can use it to spam, unless they type it in their remarks. Did you check the log?

I cannot seem to locate that.

The problem is not that they are using it to send ME spam. They are somehow sending spam to other people.

“Thanks for the quick response!

On the website where it is happening, I am using 1.5.1.1

Yes, I am using the ‘intouch’ contact form.”

Jaxia, for one thing, upgrade it to 1.5.2. then to version 2.0.1. Rather then trying to fight this and figuring it out with that current version you have.. =) Then install the necessary plugins for spam blockers.. Spam Karma and such…

spencerp

Or however the upgrade process goes..

for one thing, upgrade it to 1.5.2. then to version 2.0.1

Both 1.5.2 and 2.0.1 have no known security holes, the 2.0.1 upgrade is optional if you want the features (and 2.0 only plugins).

Thanks for pointing that out IanD. Just was merely pointing him into a full upgrade of his outdated version though.. lol. Anyway! Whatever he chooses between them TWO, is ok as well.. <rolls eyes and goes back to drinking vodka>…sips…here’s one for you! =)

spencerp

I’m a “her” ??

I’ve already upgraded my other sites, but I haven’t got around to this one yet. I’m using bad behavior for spam protection.

I’ll guess I’ll upgrade and reactivate my intouch form and see what happens.

I’m sorry about that Jaxia… =( Wasn’t sure..I had ppl on here with girly names already and they turned out to be guys lol..now I feel bad. =(

“I’ve already upgraded my other sites, but I haven’t got around to this one yet. I’m using bad behavior for spam protection.

I’ll guess I’ll upgrade and reactivate my intouch form and see what happens.”

Ok, just wasn’t sure on that either..but you seem to know what you’re doing in that line of it. =) Just reply if needing more help.. =)

spencerp

Just note, that the upgrades of WP to newer versions, need upgraded plugins to work with that latest version of WP. =)

I upgraded my contact form and my wp-email to the latest versions on one of the sites — didn’t have time on the other. I deactivated the wp-email on the one I didn’t upgrade. I haven’t seen more spam since, but that’s not a sure fix.

I do like the logging feature.

I have a question though. Since the tables it creates in the db don’t have the blog’s db prefix (ie… nt_, wp_, twc_), will this muck up when I activate it on my other blog since they use the same MySQL db?