Table of Contents
Hackers exploited SMTP plugin to gain control of websites
Right, I am writing this post now because I have just finished correcting all the websites hosted on my server.
If you are not aware, 2 hackers found a loophole in a WordPress plugin Easy WP SMTP (a plugin which allows you to send emails from your website that has been downloaded over 300k times).
This loophole allowed them to duplicate the admin logins and gain control of the website.
The vulnerability is only present in version 1.3.9 of the plugin, and all of the plugin’s users should update to 184.108.40.206 as quickly as possible.
From my findings and also the reports online regarding this plugin hack, they gained access to websites and their goal was to redirect web visitors to two online scam websites warning you of a virus on your computer.
There were two pieces of information that I could find from these hackers and that was a consistency of IP addresses and two URL’s.
Hacked Website Cleanups
From what I could gather from looking at hacked websites on my server and speaking to different hosting guru’s, the hackers were embedding strings of code that redirected your website to the above-mentioned scam websites.
The problem with malicious code such as theirs, if you leave one string on within a website, it will reproduce and take over your website again.
Cleaning a WordPress Website
Now, I am sure there are many ways to clean a WordPress website after it has been hacked.
Personally, I remove all of the WordPress files so I am left with 3 elements of the old website
- WP Content folder
- WP-Config file
- .htaccess file
I then proceed to go through every folder & file and view them and see if I can see the hackers script. There did not seem to be a similarity of where to find the scripts which meant you had to go through them all.
Once I was satisfied the remaining files were clear of all malicious code, I then installed a fresh copy of WordPress to the Cpanel.
This would take about 40 mins in total to clean and take a site from hacked to clean.
What is an SMTP?
Simple Mail Transfer Protocol (SMTP) is an Internet standard for email transmission. SMTP was first defined in 1982 by RFC 821, and updated in 2008 by RFC 5321 to Extended SMTP additions; which is the protocol in widespread use today. via Wikipedia
Basically, an SMTP plugin allows your website to send emails.
You are able to use your own email outgoing server details or use a dedicated email provider:
- Amazon SES
It will depend on what emails are being sent from your website and of course how many.