DEVHIDE
Login Or Sign up

logging mail/spam from wordpress

166 Views Asked by At

Good afternoon

I am trying to find out where some spam is coming from from one of my Wordpress sites. I could determine which site it was coming from using the rspamd dashboard, and have tightened the filter since some spam got through.

I started logging which IP address the site was accessed from when the mail would be send. I used both the phpmailer_init hook and wp_mail hook but somehow the spam is not going through either of those. I thought at first it was using the contact form as weak spot, but when I enter a message through the contact form it does go through these hooks. This particular site uses Contact Form 7 with reCaptcha v3.

How can I log when msmtp is executed if it is not available from the mentioned wordpress hooks?

here are some of my php-fpm logs

172.0.3.214 -  17/Jun/2021:17:00:19 +0200 "POST /wp-content/plugins/google-site-kit/third-party/google/apiclient-services/src/Google/Service/Pagespeedonline/Resource/table.php" 500
msmtp: the server did not accept the mail
msmtp: server message: 550 Detected as spam
msmtp: could not send mail (account default from /etc/msmtprc)
172.0.3.214 -  17/Jun/2021:17:00:44 +0200 "POST /wp-content/plugins/google-site-kit/third-party/google/apiclient-services/src/Google/Service/Pagespeedonline/Resource/table.php" 500
172.0.3.214 -  17/Jun/2021:17:01:08 +0200 "POST /wp-admin/admin-ajax.php" 200
msmtp: the server did not accept the mail
msmtp: server message: 550 Detected as spam
msmtp: could not send mail (account default from /etc/msmtprc)
172.0.3.214 -  17/Jun/2021:17:03:06 +0200 "POST /wp-content/plugins/google-site-kit/third-party/google/apiclient-services/src/Google/Service/Pagespeedonline/Resource/table.php" 500
172.0.3.214 -  17/Jun/2021:17:03:09 +0200 "POST /wp-admin/admin-ajax.php" 200
msmtp: the server did not accept the mail
msmtp: server message: 550 Detected as spam
msmtp: could not send mail (account default from /etc/msmtprc)
172.0.3.214 -  17/Jun/2021:17:03:20 +0200 "POST /wp-content/plugins/google-site-kit/third-party/google/apiclient-services/src/Google/Service/Pagespeedonline/Resource/table.php" 500
msmtp: the server did not accept the mail
msmtp: server message: 550 Detected as spam
msmtp: could not send mail (account default from /etc/msmtprc)
172.0.3.214 -  17/Jun/2021:17:04:28 +0200 "POST /wp-content/plugins/google-site-kit/third-party/google/apiclient-services/src/Google/Service/Pagespeedonline/Resource/table.php" 500

and nginx from the same time

ip1 - - [17/Jun/2021:14:59:08 +0000] "POST /wp-admin/admin-ajax.php HTTP/1.1" 200 58 "https://example.com/wp-admin/plugins.php?plugin_status=all&paged=1&s" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.106 Safari/537.36" "ip1"
2021/06/17 15:00:02 [warn] 7#7: *133867 a client request body is buffered to a temporary file /etc/nginx/client_body_temp/0000021094, client: ip2, server: _, request: "POST /wp-content/plugins/google-site-kit/third-party/google/apiclient-services/src/Google/Service/Pagespeedonline/Resource/table.php HTTP/1.1", host: "example.com"
ip2 - - [17/Jun/2021:15:00:04 +0000] "POST /wp-content/plugins/google-site-kit/third-party/google/apiclient-services/src/Google/Service/Pagespeedonline/Resource/table.php HTTP/1.1" 500 71769 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:79.0) Gecko/20100101 Firefox/79.0" "ip2"
2021/06/17 15:00:19 [warn] 7#7: *133869 a client request body is buffered to a temporary file /etc/nginx/client_body_temp/0000021095, client: ip3, server: _, request: "POST /wp-content/plugins/google-site-kit/third-party/google/apiclient-services/src/Google/Service/Pagespeedonline/Resource/table.php HTTP/1.1", host: "example.com"
ip3 - - [17/Jun/2021:15:00:21 +0000] "POST /wp-content/plugins/google-site-kit/third-party/google/apiclient-services/src/Google/Service/Pagespeedonline/Resource/table.php HTTP/1.1" 500 71769 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:79.0) Gecko/20100101 Firefox/79.0" "ip3"
ip4 - - [17/Jun/2021:15:00:46 +0000] "POST /wp-content/plugins/google-site-kit/third-party/google/apiclient-services/src/Google/Service/Pagespeedonline/Resource/table.php HTTP/1.1" 500 71769 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0" "ip4"
ip1 - - [17/Jun/2021:15:01:09 +0000] "POST /wp-admin/admin-ajax.php HTTP/1.1" 200 58 "https://example.com/wp-admin/plugins.php?plugin_status=all&paged=1&s" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.106 Safari/537.36" "ip1"
2021/06/17 15:03:06 [warn] 7#7: *133875 a client request body is buffered to a temporary file /etc/nginx/client_body_temp/0000021096, client: ip5, server: _, request: "POST /wp-content/plugins/google-site-kit/third-party/google/apiclient-services/src/Google/Service/Pagespeedonline/Resource/table.php HTTP/1.1", host: "example.com"
ip5 - - [17/Jun/2021:15:03:09 +0000] "POST /wp-content/plugins/google-site-kit/third-party/google/apiclient-services/src/Google/Service/Pagespeedonline/Resource/table.php HTTP/1.1" 500 71769 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:79.0) Gecko/20100101 Firefox/79.0" "ip5"
ip1 - - [17/Jun/2021:15:03:10 +0000] "POST /wp-admin/admin-ajax.php HTTP/1.1" 200 58 "https://example.com/wp-admin/plugins.php?plugin_status=all&paged=1&s" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.106 Safari/537.36" "ip1"
ip6 - - [17/Jun/2021:15:03:14 +0000] "HEAD / HTTP/1.1" 301 0 "https://www.example.com/" "Mozilla/5.0+(compatible; UptimeRobot/2.0; http://www.uptimerobot.com/)" "ip6"
ip6 - - [17/Jun/2021:15:03:14 +0000] "HEAD / HTTP/1.1" 200 0 "https://www.example.com/" "Mozilla/5.0+(compatible; UptimeRobot/2.0; http://www.uptimerobot.com/)" "ip6"
ip4 - - [17/Jun/2021:15:03:22 +0000] "POST /wp-content/plugins/google-site-kit/third-party/google/apiclient-services/src/Google/Service/Pagespeedonline/Resource/table.php HTTP/1.1" 500 71769 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0" "ip4"
2021/06/17 15:04:28 [warn] 7#7: *133883 a client request body is buffered to a temporary file /etc/nginx/client_body_temp/0000021097, client: 141.98.235.191, server: _, request: "POST /wp-content/plugins/google-site-kit/third-party/google/apiclient-services/src/Google/Service/Pagespeedonline/Resource/table.php HTTP/1.1", host: "example.com"
wordpress phpmailer msmtp
Original Q&A
0

There are 0 best solutions below

Related Questions in WORDPRESS

Related Questions in PHPMAILER

Related Questions in MSMTP

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Popular Questions

Copyright © 2021 Jogjafile Inc.