How to protect a WordPress site owner from mass spam mailing?

As a result of hacking into your system, hackers can use access to your account for a variety of purposes, which can mean the loss of confidential data, financial losses due to downtime in the operation of the site, and a loss of customer confidence. After a successful attack using your hosting account (e.g. through a PHP script) spam may also be sent out. What to do in the case of such a situation? How to protect against hacker  break-ins to your website?

 

How can you know that your account is sending spam?

The fact that your account was used to send spam can be found out in a number of ways. You can, for example, get an e-mail containing information about a password change done by the Admin of your site, but you can also receive information about messages bouncing off recipient inboxes that look as if someone had sent them from your address. You should also pay attention to replies to messages you had never sent in your own spam folder. In the case of such a situation, you can suspect that hackers have broken into your system and are using it to send spam.

 

Why do hackers send spam?

By impersonating you, hackers can falsify the their messages' return address to conceal their true origin. It is just like writing a return address on an envelope – you can provide any address of origin, not necessarily your own. Through spam, hackers can attempt to further hack the systems of unsuspecting recipients. However, the sender will always be you, hence the very real risk of losing face in the eyes of customers and all the recipients of all these messages. Getting on the spam list limits your ability to establish contact with new customers, because your messages are classified as "junk". In a word, this brings only losses.

 

Why can your account be sending spam?

The reason for the sending of spam from your address is probably a hacker or hacker-created malicious software break-in, which may have occurred because of a simple panel login password (either yours or of your co-workers, i.e. all the persons with access to the editorial panel). A virus which broke into your computer or system (can also be responsible.

 

How to identify the cause of spam and remove the problem?

Situation No. 1.

If:

Sender: the main system e-mail [login]@[main_account_domain]

Authentication: the name of the primary DirectAdmin account, main login

Sender host: no data, unavailable

Path: indicates the directory from which spam is sent, for example /home/login/domains/domain.com/public_html

What this means:

A file with malicious code has been placed on your server. This may be due to hackers hacking into your site. They could have exploited loopholes in the scripts – many such loopholes can be found on WordPress and other CMS platforms, especially if you do not install available updates on a regular basis.

Solution:

Find the piece of suspicious, malicious code, which has been placed on your site and delete it, and then update your systems to the latest version. Remember that effectively infected pages are at a higher risk of such incidents in the future, so be sure to update regularly.

 

Situation No. 2.

If:

Sender: e-mail server address

Authentication: e-mail server address

Sender host: unknown IP address

Path: no data, unavailable

What this means:

The password to your account has been guessed or cracked. It may have been too weak, or used for other accounts. Someone could have also gained access to it if you sent it in a private message.

Solution:

Change the cracked password, and if you use it in other places, also consider changing it there. Make the new password secure – the more characters the better, as a strong password consist of uppercase and lowercase letters, numbers and special characters. Make sure that your passwords to all of your accounts, especially email ones, are safe and unique.

 

Situation No. 3.

If:

Sender: e-mail server address

Authentication: e-mail server address

Sender host: IP address of email user (the address can be checked at, for example, http://support.smallservers.pl/ip.php)

Path: no data, unavailable

What this means:

Your computer has been infected by malware created by hackers. It could have gotten into your system, among others, through loopholes in security systems caused by a lack of update installation.

Solution: Take care of your computer – scan it using an antivirus to get rid of any infections and update the system. In such a situation it is advisable to also change your passwords to other accounts to new, more secure ones. It is also worth it to take advantage of the automatic update installation option.

 

How will Webanti help you prevent break-ins to your systems?

The Webanti antivirus application allows you to protect your website from hackers. The intelligent engine system is able to detect threats on a regular basis (such as malware, spyware, backdoors or ransomware) and delete them. Thus, the Webanti system enables complex site protection. The price of the Maxi Package is only 19.99 PLN per month. So take advantage of tested solutions and do not let anyone expose you to a loss of sensitive data and reputation.

Get free virus protection

As the saying goes – prevention is better than cure. This is also true for website security. Each year, there are more and more cybercrimes done by hackers or resulting from software created by them. Viruses/malware, ransomware, backdoor – the list of threats is long. Luckily, there are effective ways to prevent them. See, how Webanti can take care of the security of your website.

Webanti is antivirus software which makes it possible to protect websites in real time and which informs the website owner about any attempted hacker attacks. Interested? You can test the Webanti tool for free. If necessary, you can use the assistance of our consultants – 24/7, all year round.

Trust our expertise and start protecting your website effectively – try Webanti