Andrew Mitrohin
asked 6 years ago

My hosting told me that my sites sending spam and disabled me. I use themes Argo and Simplex. They send out spam! Check!
./appdike.com/ld/index.php
./appdike.com/hyr/index.php
./appdike.com/irn/index.php
./appdike.com/knm/index.php
./appdike.com/yyy/index.php
./appdike.com/pf/index.php
./appdike.com/poi/index.php
./appdike.com/at/index.php
./appdike.com/pmd/index.php
./appdike.com/gyi/index.php
./appdike.com/zy/index.php
./appdike.com/ie/index.php
./appdike.com/qd/index.php
./appdike.com/kcd/index.php
./appdike.com/qda/index.php
./appdike.com/ixb/index.php
./appdike.com/og/index.php
./appdike.com/rsq/index.php
./appdike.com/wp-content/plugins/easy-digital-downloads/includes/libraries/googlechartlib/icons/emsrnzub.php
./appdike.com/wp-content/plugins/easy-digital-downloads/includes/libraries/googlechartlib/icons/ytnoopjhu.php
./appdike.com/wp-content/plugins/easy-digital-downloads/includes/libraries/googlechartlib/icons/mqyzpzwer.php
./appdike.com/wp-content/plugins/easy-digital-downloads/includes/libraries/googlechartlib/icons/pwaeglyg.php
./appdike.com/wp-content/plugins/easy-digital-downloads/includes/libraries/googlechartlib/icons/rdwvkpzb.php
./appdike.com/wp-content/plugins/easy-digital-downloads/includes/libraries/googlechartlib/icons/cjyzrsyo.php
./appdike.com/wp-content/plugins/easy-digital-downloads/includes/libraries/googlechartlib/icons/sitedata.php
./appdike.com/wp-content/plugins/easy-digital-downloads/includes/libraries/googlechartlib/icons/ssdqxpz.php
./appdike.com/wp-content/plugins/easy-digital-downloads/includes/libraries/googlechartlib/icons/sbcnv.php
./appdike.com/wp-content/plugins/easy-digital-downloads/includes/libraries/googlechartlib/icons/suly.php
./appdike.com/wp-content/plugins/easy-digital-downloads/includes/libraries/googlechartlib/icons/bdixjxl.php
./appdike.com/wp-content/plugins/easy-digital-downloads/includes/libraries/googlechartlib/icons/mrwkmr.php
./appdike.com/wp-content/plugins/easy-digital-downloads/includes/libraries/googlechartlib/icons/sss.php
./appdike.com/wp-content/plugins/easy-digital-downloads/includes/libraries/googlechartlib/icons/chasi56.php
./85tolife.com/wp-content/themes/dw-simplex/oymlzk.php
./85tolife.com/wp-content/themes/dw-simplex/jaqs.php
./85tolife.com/wp-content/themes/dw-simplex/templates/homepage-4.php
./85tolife.com/wp-content/themes/dw-simplex/hiylcondx.php
./85tolife.com/wp-content/themes/dw-simplex/blocks/blog.php
./85tolife.com/wp-content/themes/dw-simplex/vatb.php
./85tolife.com/wp-content/themes/dw-simplex/kmlrx.php
./85tolife.com/wp-content/themes/dw-simplex/gqdtxr.php
./85tolife.com/wp-content/themes/dw-simplex/pqcfrnkny.php
./85tolife.com/wp-content/themes/dw-simplex/inutg.php
./85tolife.com/wp-content/themes/dw-simplex/anmpbg.php
./85tolife.com/wp-content/themes/dw-simplex/cwzmegsrj.php
./85tolife.com/wp-content/themes/dw-simplex/mhqy.php
./85tolife.com/wp-content/themes/dw-simplex/chasi56.php

Andrew Mitrohin
replied 6 years ago

Here he wrote hosting:
With your account with the domain being appdike.com delivery SPAM `a. Apparently site is
infected with viruses. In order to prevent mailings domain has been disabled.

Return-path:
Received: from u253048 by team33.e-planet.ru with local (Exim 4.80.1)
(envelope-from
)
id 1WtS1F-002rXE-AA
for david.maclean5@bigpond.com; Sun, 08 Jun 2014 05:35:33 +0400
To: david.maclean5@bigpond.com
Subject: Fw: He he, Tanned dark haired grandma sucking till facial
X-PHP-Script: appdike.com/wp-content/themes/dw-argo/inc/gallery/css/dirs.php for 46.105.37.61, 46.105.37.61
X-PHP-Originating-Script: 825:dirs.php
From: “Jacklyn Cannon”
Reply-To:”Jacklyn Cannon”

X-Priority: 3 (Normal)
MIME-Version: 1.0
Content-Type: text/html; charset=”iso-8859-1″
Content-Transfer-Encoding: 8bit
Message-Id:
Sender: u253048
Date: Sun, 08 Jun 2014 05:35:33 +0400

4 Answers
DominicStaff
answered 6 years ago

  Hi Andrew, Hope that you are well today.  From the info you provided above, we checked and the problem didn’t come from our themes. Please contact your hosting provider to check again first so they can help you find the proper solution to stop this. 

Andrew Mitrohin
answered 6 years ago

Hosting says that there is a vulnerability in the сode in the theme Simplex.

Andrew Mitrohin
replied 6 years ago

Why do I need an encrypted file maiink7.php???

Andrew Mitrohin
replied 6 years ago

mainik7.php

Andrew Mitrohin
answered 6 years ago

Host response:
If you no longer need a template dw-simplex, then recommend it to completely remove because it contains a lot of malicious scripts. Most likely it was with him and began infecting the rest of your site.

Andrew Mitrohin
replied 6 years ago

Also Argo template

BigHug
answered 6 years ago

Hi Andrew,
As your infomation that you provided above, i think that your site was attacked and contained virus files. “mainik7.php” is an encrypted file and it is not coming from DW Argo theme or any our theme, you can redownload DW Argo from Designwall.com and compare. 
To resolve your problem you can hire developers to clean your site and double check your security problem.

Regards
Rambu

Powered by DW Question & Answer Pro