Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
By dizzyone on
Hello
I have recently been getting bounced emails, but I have not sent any! I contacted my hosting company and this is what Technical Support said:
Thank you for contacting Technical Support.
I have reviewed the bounce back email and our server logs as well. It appears that the original email was sent via script from your account. Here is a copy of the server logs.
If you are not the one sending these emails we would recommend to ask you developer to review the code for any flaws that allow visitors to register and send emails automatically.
Please let us know if we could be of further assistance.
-------------------------------------------------------------------------
This is one bounced email that I received.
2016-12-05 19:21:30 [7865] 1cDypO-00022r-6r H=(uk1.siteground.eu) [127.0.0.1]:55414 I=[127.0.0.1]:25 Warning: SITEGROUND: admin@mysite.com : This message was sent via script. The details are as follows: SCRIPT_FILENAME=/home/mysite/public_html/index.php REQUEST_URI=/user/register PWD=/home/mysite/public_html REMOTE_ADDR=185.31.162.245 .
2016-12-05 19:21:30 [7865] 1cDypO-00022r-6r <= admin@mysite.com H=(uk1.siteground.eu) [127.0.0.1]:55414 I=[127.0.0.1]:25 P=smtp S=1304 M8S=0 T="Account details for harlesUnsum at mysite.com" from for izgoy7@gamesonlinefree.ru
2016-12-05 19:21:30 [7887] cwd=/ 3 args: /usr/sbin/exim -Mc 1cDypO-00022r-6r
2016-12-05 19:21:33 [7887] 1cDypO-00022r-6r => izgoy7@gamesonlinefree.ru I=[185.123.96.101] F= P= R=dk_lookuphost T=dk_remote_smtp S=1168 H=outbound.mailspamprotection.com [108.163.201.226]:587 X=TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=yes DN="/OU=Domain Control Validated/CN=*.mailspamprotection.com" C="250 OK id=1cDypP-0004Pg-Nr" QT=3s DT=3s
2016-12-05 19:21:33 [7887] 1cDypO-00022r-6r Completed QT=3s
----------------------------------------------------
Please could anyone help me. I don't know what to do next. I am using the Drupal 7 contact form
Thanks so much.
Pam
Comments
=-=
exact version of Drupal in use? If you are running an outdated core and/or outdated modules it's possible your site was hacked.
run a file compare on index.php in your site and a new copy from a new download. Are there differences? If yes, then you can be sure you've been hacked.
Thank you VM ... but, run a file compare
Hello once again VM,
Really don't know what has happened here and thank you so much for responding to my plea for help. Please could you explain how I "run a file compare on index.php in your site and a new copy from a new download."
Thank you and best regards
Pam
,
=-=
you can use diff, winmerge (if on windows), notepad++ (if on windows), or other software or simply open the file in two instances of a text editor and look at it.
you failed to mention exact version of Drupal in use.
compared index.php
Hi VM
I finally managed to compare the index.php files. At first, they did look different, but, when I looked again, everything seems ok!!! I decided to upgrade core to 7.53. I am still getting the bounced emails though which is frustrating. I will contact my host company again to see if they have any answers.
Thanks for your help once again VM.
Kind regards
Pam