wordpress mail spam

4 Tips to Preventing WordPress Mail Server Spam

It took me a long time to finally become mail spam-free. It was a constant, daily effort for the spammers to find new holes after I plugged the old ones. I was most amazed at the persistence of these bot scripts, which continued to try using one of my servers to send mail for months, squeezing every last bit of spam through any means possible.

Here’s a list of just about everything I tried. I can’t be 100% certain what worked, but it should, if anything, give you a few ideas:

  1. Check /var/spool/deferred for files. Open one of them up and skim around to find which script is sending the email.
  2. Add an .htaccess file in any folder that is writable by your web server. This might include:
    /wp-content/uploads
    /wp-content/cache

    The contents of the .htaccess are as follows

    <FilesMatch "\.(php|php5|php4|php3|pl|py|sh|cgi)$">
    order deny,allow
    deny from all
    </FilesMatch>
    

    This will prevent scripts in those folders from being executed by the web server.

    Make sure this .htaccess file has execute permissions.

  3. After you’ve patched a hole, clear the mail logs so you can reset the score and see what holes were left unplugged:
    rm -f /var/spool/mqueue/*
    postsuper -d ALL
    postsuper -d ALL deferred
  4. Although those PHP files in your uploads and cache directories are no longer executable, you still want to get rid of them. Any misconfiguration in your .htaccess file would give them free rein to wreak havoc again.
    cd /var/www/html
    find . -path "*wp-content/uploads*" -name "*.php" -delete
    find . -path "*wp-content/cache*" -name "*.php" -delete
    
    

Why follow me on Twitter?

  • I tweet about new technologies, services or libraries I find interesting
  • Yeah, sometimes I'll post a pet-peeve or rant about something trivial
  • If I discover something that made my web development life easier, I share it
  • I'll shout out any handy tip that I think might be useful to other devs


Tagged , , , , .

Updated: 2016-07-15

Phil LaNasa follow us in feedly