To post a new support question, click the Post New Topic button below.
Current Version: 4.9.2 | Sytist Manual | Common Issues | Feature Requests
Please log in or Create an account to post or reply to topics.
You will still receive notifications of replies to topics you are part of even if you do not subscribe to new topic emails.
Potential Malware Threat
p
paul Smith
91 posts
Fri Jul 29, 22 4:27 AM CST
I have been advised by my web host that my site that runs on a dedicated server is sending out spam.
I have logged into the Plesk panel and run a malware scan and its showing the following as a venerability
/sytist/sy-inc/PHPmailer/class.phpmailer.php
RCE : CVE-2016-10045, CVE-2016-10031
Has this been seen elsewhere ??
I have logged into the Plesk panel and run a malware scan and its showing the following as a venerability
/sytist/sy-inc/PHPmailer/class.phpmailer.php
RCE : CVE-2016-10045, CVE-2016-10031
Has this been seen elsewhere ??
Tim - PicturesPro.com
16,242 posts
(admin)
Fri Jul 29, 22 6:55 AM CST
The PHPMailer version is 5.2.8. That exploit is for versions 5.2.2 and earlier.
Are you able to tell what script is sending out the spam?
Are you able to tell what script is sending out the spam?
Tim Grissett, DIA - PicturesPro.com
My Email Address: info@picturespro.com
My Email Address: info@picturespro.com
p
paul Smith
91 posts
Fri Jul 29, 22 7:00 AM CST
Hi Tim,
Unfortunately not, the hosting company just reported that my site on the dedicated server had been reported to RBL auditors - The scan only showed the info above
here's a copy of the email I received
In our routine investigation, we have found that your server IP has been listed in 2 RBL auditors.
The reason your server IP is been listed is because
5.NN.NN.NNN is infected with malware and is emitting spam.
5.NN.NN.NNN is making SMTP connections with HELO values that indicate a problem. The HELOs that it is connecting with are as follows:
Unfortunately not, the hosting company just reported that my site on the dedicated server had been reported to RBL auditors - The scan only showed the info above
here's a copy of the email I received
In our routine investigation, we have found that your server IP has been listed in 2 RBL auditors.
The reason your server IP is been listed is because
5.NN.NN.NNN is infected with malware and is emitting spam.
5.NN.NN.NNN is making SMTP connections with HELO values that indicate a problem. The HELOs that it is connecting with are as follows:
Tim - PicturesPro.com
16,242 posts
(admin)
Fri Jul 29, 22 7:37 AM CST
I think you are going to have to get more information like copy of the emails sent (could actually be legit) and the script sending them.
Tim Grissett, DIA - PicturesPro.com
My Email Address: info@picturespro.com
My Email Address: info@picturespro.com
Please log in or Create an account to post or reply to topics.
Loading more pages