Andrew Mitrohin
asked 10 years ago

My hosting told me that my sites sending spam and disabled me. I use themes Argo and Simplex. They send out spam! Check!
./appdike.com/ld/index.php
./appdike.com/hyr/index.php
./appdike.com/irn/index.php
./appdike.com/knm/index.php
./appdike.com/yyy/index.php
./appdike.com/pf/index.php
./appdike.com/poi/index.php
./appdike.com/at/index.php
./appdike.com/pmd/index.php
./appdike.com/gyi/index.php
./appdike.com/zy/index.php
./appdike.com/ie/index.php
./appdike.com/qd/index.php
./appdike.com/kcd/index.php
./appdike.com/qda/index.php
./appdike.com/ixb/index.php
./appdike.com/og/index.php
./appdike.com/rsq/index.php
./appdike.com/wp-content/plugins/easy-digital-downloads/includes/libraries/googlechartlib/icons/emsrnzub.php
./appdike.com/wp-content/plugins/easy-digital-downloads/includes/libraries/googlechartlib/icons/ytnoopjhu.php
./appdike.com/wp-content/plugins/easy-digital-downloads/includes/libraries/googlechartlib/icons/mqyzpzwer.php
./appdike.com/wp-content/plugins/easy-digital-downloads/includes/libraries/googlechartlib/icons/pwaeglyg.php
./appdike.com/wp-content/plugins/easy-digital-downloads/includes/libraries/googlechartlib/icons/rdwvkpzb.php
./appdike.com/wp-content/plugins/easy-digital-downloads/includes/libraries/googlechartlib/icons/cjyzrsyo.php
./appdike.com/wp-content/plugins/easy-digital-downloads/includes/libraries/googlechartlib/icons/sitedata.php
./appdike.com/wp-content/plugins/easy-digital-downloads/includes/libraries/googlechartlib/icons/ssdqxpz.php
./appdike.com/wp-content/plugins/easy-digital-downloads/includes/libraries/googlechartlib/icons/sbcnv.php
./appdike.com/wp-content/plugins/easy-digital-downloads/includes/libraries/googlechartlib/icons/suly.php
./appdike.com/wp-content/plugins/easy-digital-downloads/includes/libraries/googlechartlib/icons/bdixjxl.php
./appdike.com/wp-content/plugins/easy-digital-downloads/includes/libraries/googlechartlib/icons/mrwkmr.php
./appdike.com/wp-content/plugins/easy-digital-downloads/includes/libraries/googlechartlib/icons/sss.php
./appdike.com/wp-content/plugins/easy-digital-downloads/includes/libraries/googlechartlib/icons/chasi56.php
./85tolife.com/wp-content/themes/dw-simplex/oymlzk.php
./85tolife.com/wp-content/themes/dw-simplex/jaqs.php
./85tolife.com/wp-content/themes/dw-simplex/templates/homepage-4.php
./85tolife.com/wp-content/themes/dw-simplex/hiylcondx.php
./85tolife.com/wp-content/themes/dw-simplex/blocks/blog.php
./85tolife.com/wp-content/themes/dw-simplex/vatb.php
./85tolife.com/wp-content/themes/dw-simplex/kmlrx.php
./85tolife.com/wp-content/themes/dw-simplex/gqdtxr.php
./85tolife.com/wp-content/themes/dw-simplex/pqcfrnkny.php
./85tolife.com/wp-content/themes/dw-simplex/inutg.php
./85tolife.com/wp-content/themes/dw-simplex/anmpbg.php
./85tolife.com/wp-content/themes/dw-simplex/cwzmegsrj.php
./85tolife.com/wp-content/themes/dw-simplex/mhqy.php
./85tolife.com/wp-content/themes/dw-simplex/chasi56.php

Andrew Mitrohin
replied 10 years ago

Here he wrote hosting:
With your account with the domain being appdike.com delivery SPAM `a. Apparently site is
infected with viruses. In order to prevent mailings domain has been disabled.

Return-path:
Received: from u253048 by team33.e-planet.ru with local (Exim 4.80.1)
(envelope-from )
id 1WtS1F-002rXE-AA
for [email protected]; Sun, 08 Jun 2014 05:35:33 +0400
To: [email protected]
Subject: Fw: He he, Tanned dark haired grandma sucking till facial
X-PHP-Script: appdike.com/wp-content/themes/dw-argo/inc/gallery/css/dirs.php for 46.105.37.61, 46.105.37.61
X-PHP-Originating-Script: 825:dirs.php
From: “Jacklyn Cannon”
Reply-To:”Jacklyn Cannon”
X-Priority: 3 (Normal)
MIME-Version: 1.0
Content-Type: text/html; charset=”iso-8859-1″
Content-Transfer-Encoding: 8bit
Message-Id:
Sender: u253048
Date: Sun, 08 Jun 2014 05:35:33 +0400

3 Answers
DominicStaff
answered 10 years ago

  Hi Andrew, Hope that you are well today.  From the info you provided above, we checked and the problem didn’t come from our themes. Please contact your hosting provider to check again first so they can help you find the proper solution to stop this. 

Andrew Mitrohin
answered 10 years ago

Hosting says that there is a vulnerability in the сode in the theme Simplex.

Andrew Mitrohin
replied 10 years ago

Why do I need an encrypted file maiink7.php???

Andrew Mitrohin
replied 10 years ago

mainik7.php

Andrew Mitrohin
answered 10 years ago

Host response:
If you no longer need a template dw-simplex, then recommend it to completely remove because it contains a lot of malicious scripts. Most likely it was with him and began infecting the rest of your site.

Andrew Mitrohin
replied 10 years ago

Also Argo template

Powered by DW Question & Answer Pro