Wordpress - class-phpmailer.php hacked? Elasticmail limit continuously being reach


#1

I have been working with Cloudways support with this with not much success. According to them, the class-phpmailer.php file on many of the sites I host are sending a lot of mails, qq.com crap.

This stops emails from forms being sent which effect my clients.

It is effectively up to me to fix but i have no idea what im doing, looking for, where to start. I am at the point where I probably need to look at (god help me) fiverr or something to find someone to work out what is going on.

Cloudways inform they do not support application level issues, nad have just been told to find a developer to fix. Support have been great up until this issue.

Will probably have to look for a full support host after this.

Sorry, just upset and desperate.


#2

Do you use any antispam protection such as Akismet or reCaptcha with the forms?


#3

Install wordfence and run a site scan. It will tell you what plug-ins have may malicious code in them that is likely to cause your site to be behaving that way


#4

Hi Neil,

Akismet has always been on the site. Recaptcha was installed 3-4 weeks ago after the first contact with support.


#5

Hi Krk,

Wordfence has always been on the site. Has given no warnings. Have run a scan and it turns up no issues.


#6

Hacking like this can happen from a theme or plugin vulnerability. Wordfence would usually catch these issues. Integrating Akismet and reCaptcha with contact forms like Contact form 7 is usually effective. So trying these approaches was good…

A couple of general thoughts…

Disable the Elastic mail plugin @ Cloudways and try an application level plugin that uses SMTP sendmail such as WP Mail SMTP- https://wordpress.org/plugins/wp-mail-smtp/

Put your sites behind Cloudflare which may help mitigate threats and bot attacks.

Best,

Neil


#7

Thanks Neil. All sites are behind Cloudflare as a rule of our clients hosting on it.

Might have to disable it just for the limits alone, or get which app is sending the most and farm them out. Either way, not happy.

Thanks for your help.


#8

Its not going to be up to support to help you with this. Id recommend a developer and not any of the advise given here. Wordfence is NOT a solution. Its a band aid at best, IF its configured properly. Iv been in this biz 20 years and nearly every hacked site I worked on, had wordfence in it.

You need a professional audit. SOmething is causing the issue aand its what needs solving. After that, the hack can be fixed. And if you dont do so soon, your email will get blacklisted everywhere.

It possible you are not hacked and have more of a tech issue which can be resolved somehow. No advice given here is going to fix your issue permanently. O and using fiver is going to get you hacked again. Dont do it. Pay a little money and get it fixed correctly.