SMTP WordPress Plugin Hack

Hackers exploited SMTP plugin to gain control of websites

Right, I am writing this post now because I have just finished correcting all the websites hosted on my server.

If you are not aware, 2 hackers found a loophole in a WordPress plugin Easy WP SMTP (a plugin which allows you to send emails from your website that has been downloaded over 300k times).

This loophole allowed them to duplicate the admin logins and gain control of the website.

The vulnerability is only present in version 1.3.9 of the plugin, and all of the plugin’s users should update to 1.3.9.1 as quickly as possible. 

From my findings and also the reports online regarding this plugin hack, they gained access to websites and their goal was to redirect web visitors to two online scam websites warning you of a virus on your computer.

Hack Information

There were two pieces of information that I could find from these hackers and that was a consistency of IP addresses and two URL’s.

Hacker IP’s

  • 185.212.131.45
  • 185.212.128.22
  • 185.212.131.46
  • 86.109.170.200

Hacker Redirects

  • setforconfigplease (.com
  • getmyfreetraffic (.com

Hacked Website Cleanups

From what I could gather from looking at hacked websites on my server and speaking to different hosting guru’s, the hackers were embedding strings of code that redirected your website to the above-mentioned scam websites.

The problem with malicious code such as theirs, if you leave one string on within a website, it will reproduce and take over your website again.

Cleaning a WordPress Website

Now, I am sure there are many ways to clean a WordPress website after it has been hacked.

Personally, I remove all of the WordPress files so I am left with 3 elements of the old website

  • WP Content folder
  • WP-Config file
  • .htaccess file

I then proceed to go through every folder & file and view them and see if I can see the hackers script. There did not seem to be a similarity of where to find the scripts which meant you had to go through them all.

Once I was satisfied the remaining files were clear of all malicious code, I then installed a fresh copy of WordPress to the Cpanel. 

This would take about 40 mins in total to clean and take a site from hacked to clean. 

What is an SMTP?

Simple Mail Transfer Protocol (SMTP) is an Internet standard for email transmission. SMTP was first defined in 1982 by RFC 821, and updated in 2008 by RFC 5321 to Extended SMTP additions; which is the protocol in widespread use today. via Wikipedia

Basically, an SMTP plugin allows your website to send emails.

You are able to use your own email outgoing server details or use a dedicated email provider:

  • Mailgun
  • Amazon SES
  • Sparkpost
  • Mandrill
  • SendGrid

It will depend on what emails are being sent from your website and of course how many. 

Previous Post

Next Post

It is time, take the next step and sign up to our awesome newsletter!

It is time, take the next step and sign up to our awesome newsletter!

Get our newsletter directly in your inbox with tips and tricks to help your business online.

Oh, and we HATE spam and we will NOT spam your email address!!!

You have Successfully Subscribed!

Pin It on Pinterest

Share This