Score:0

SPAM after activating WordPress plugin on Linux VPS

mk flag

After activating a plugin I received an email that I had never recived before. What kind of miscellaneous code it might be? it's a coincidence? I received an email to my account Gmail that I never used on my VPS (not sure) and I am sure that I never used it on the website where I activated a plugin. But I activated the plugin exactly at 1:03 and I received SPAM (with pdf and link inside pdf) exactly at 1:03. I blocked using the root user years ago. I am using admin user of VestaCP.

My question is how can I scan WordPress plugin for malware or miscellaneous code or malware? I tried uploading zip with the plugin on virustotal but nothing was found. I need some help before I reinstall my VPS and all my websites.
Thank you

Score:0
nr flag

There are many WordPress plugins that offer malware scanning as part of their functionality, for example Wordfence.

I'd recommend trying to reproduce the issue with a unique email address in order to gain more certainty. Set up a fresh WordPress site, activate the plugin, and this time use the + suffix trick to create a unique email address like [email protected] where your normal address is [email protected]. If you get a spam email to that unique email address, then you can be reasonably certain that the spam is correlated to entering the address into the plugin form.

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.