Emails sent from backend

  • greyso

    (@greyso)


    5 years, 2 months ago

    Today I got a spammer email from a user “Elena” @klcwny.com I have no such user on my domain.

    I contacted siteground and all they could tell me is that it came from my WordPress backend and elementor backend.

    Here is the message source:

    Return-path: <[email protected]>
Envelope-to: [email protected]
Delivery-date: Sat, 20 Mar 2021 12:03:14 +0200
Received: from [127.0.0.1] (port=41916 helo=giowm1087.siteground.biz)
	by giowm1087.siteground.biz with smtp (Exim 4.90.1)
	(envelope-from <[email protected]>)
	id 1lNYRu-000KMv-8m
	for [email protected]; Sat, 20 Mar 2021 12:03:14 +0200
X-SG-User: u889-tdbe79mm3f7h
X-SG-Opt:  PWD=/home/customer/www/klcwny.com/public_html/wp-admin  REQUEST_URI=/wp-admin/admin-ajax.php  SCRIPT_FILENAME=/home/u889-tdbe79mm3f7h/www/klcwny.com/public_html/wp-admin/admin-ajax.php  REMOTE_ADDR=89.187.164.244 
To: [email protected]
Subject: New message from "Kinesthetic Listening Center"
X-PHP-Originating-Script: 1383:PHPMailer.php
Date: Sat, 20 Mar 2021 10:03:14 +0000
From: Kinesthetic Listening Center <[email protected]>
Message-ID: <[email protected]>
X-Mailer: PHPMailer 6.3.0 (https://github.com/PHPMailer/PHPMailer)
MIME-Version: 1.0
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: 8bit
SG-Abuse: script, USERNAME=u889-tdbe79mm3f7h PWD=/home/customer/www/klcwny.com/public_html/wp-admin  REQUEST_URI=/wp-admin/admin-ajax.php  SCRIPT_FILENAME=/home/u889-tdbe79mm3f7h/www/klcwny.com/public_html/wp-admin/admin-ajax.php  REMOTE_ADDR=89.187.164.244
X-Antivirus: AVG (VPS 210319-10, 03/19/2021), Inbound message
X-Antivirus-Status: Clean

Name: Elena<br>Email: [email protected]<br>Phone Number: 0<br>Describe your concern and how we can help: Good day<br /><br />World's Best Neck Massager Get it Now 50% OFF + Free Shipping!<br />Wellness Enthusiasts! There has never been a better time to take care of your neck pain! <br /><br />Our clinical-grade TENS technology will ensure you have neck relief in as little as 20 minutes.<br /><br />Get Yours: hineck.online<br /><br />Kind Regards,<br /><br />Elena<br />Kinesthetic Listening Center – Kinesthetic Listening – Athletic Neuro<br><br>---<br><br>Date: March 20, 2021<br>Time: 10:03 am<br>Page URL: https://klcwny.com/<br>User Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:3.4) Goanna/20180412 PaleMoon/27.9.0<br>Remote IP: 89.187.164.244<br>Powered by: Elementor<br>

    How do I prevent this? Does this mean I’m hacked? What backend do I need to check?

    The page I need help with: [log in to see the link]

Viewing 3 replies - 1 through 3 (of 3 total)
  • Moderator Steven Stern (sterndata)

    (@sterndata)

    Volunteer Forum Moderator

    5 years, 2 months ago

    Do you have a contact form on your site? This could have been sent through that. If not, then…

    Get a fresh cup of coffee, take a deep breath and carefully follow this guide. When you’re done, you may want to implement some (if not all) of the recommended security measures.

    If you’re unable to clean your site(s) successfully, there are reputable organizations that can clean your sites for you. Sucuri and Wordfence are a couple.

    Moderator Steven Stern (sterndata)

    (@sterndata)

    Volunteer Forum Moderator

    5 years, 2 months ago

    I found your form and sent a message… How does it appear when you receive it?

    Thread Starter greyso

    (@greyso)

    5 years, 2 months ago

    Thank you. That makes sense but Siteground told me it was backend. I’ll just take this down. It has to be this.

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘Emails sent from backend’ is closed to new replies.