Title: WordPress 3.0 email exploit
Last modified: August 19, 2016

---

# WordPress 3.0 email exploit

 *  [ryansaw](https://wordpress.org/support/users/ryansaw/)
 * (@ryansaw)
 * [15 years, 10 months ago](https://wordpress.org/support/topic/wordpress-30-email-exploit/)
 * I just saw a large increase of email being sent on my mail server. It was by 
   a company called
 * Br4|n Baba Inc
 * They uploaded a file to my Wp-Content/Uploads folder called
 * kimabanking.php
 * and were able to send out over 5000 messages before I caught it.
 * I searched the forum and didn’t see anything posted so I figured I would just
   let people know about it.
 * Here is the IP address that I blacklisted that was associated with the exploit.
 * 41.155.114.66
 * Not sure if this will ever help anyone, but figured it was worth letting people
   know about it.

Viewing 2 replies - 1 through 2 (of 2 total)

 *  Moderator [James Huff](https://wordpress.org/support/users/macmanx/)
 * (@macmanx)
 * [15 years, 10 months ago](https://wordpress.org/support/topic/wordpress-30-email-exploit/#post-1619659)
 * It’s a common hack technique. Your `/wp-content/uploads/` directory probably 
   has its permissions set to 777, which is writeable by everyone. The hack in question
   scours an exploited server (only one account needs to be exploited to compromise
   the entire server) for directories with 777 permissions to hide the file in.
 * [Setting the permissions](http://codex.wordpress.org/Changing_File_Permissions)
   of the directory to 755 should prevent that in the future, but WordPress may 
   no longer be able to upload to the directory under certain server configurations.
 *  [Vladimir Kolesnikov](https://wordpress.org/support/users/vladimir_kolesnikov/)
 * (@vladimir_kolesnikov)
 * [15 years, 6 months ago](https://wordpress.org/support/topic/wordpress-30-email-exploit/#post-1620143)
 * If you are running Apache, consider uploading .htaccess to /wp-content/uploads/
   directory with this line:
 *     ```
       php_value engine off
       ```
   
 * This will disable PHP interpreter for all PHP files in `/wp-content/uploads/`
   and subdirectories.

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘WordPress 3.0 email exploit’ is closed to new replies.

## Tags

 * [email](https://wordpress.org/support/topic-tag/email/)
 * [exploit](https://wordpress.org/support/topic-tag/exploit/)

 * In: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
 * 2 replies
 * 3 participants
 * Last reply from: [Vladimir Kolesnikov](https://wordpress.org/support/users/vladimir_kolesnikov/)
 * Last activity: [15 years, 6 months ago](https://wordpress.org/support/topic/wordpress-30-email-exploit/#post-1620143)
 * Status: not a support question

## Topics

### Topics with no replies

### Non-support topics

### Resolved topics

### Unresolved topics

### All topics