Hi, @Hassan I don't know how to reach you ASAP but you need to check this out. I received a mail from My hosting company a few hours ago and it reads "Email Abuse on Account 'my Cpanel username' - premium130.web-hosting.com". below is the mail content

"Hello,

We are writing from Namecheap Legal and Abuse team.

It has come to our attention that there is a high number of similar emails queued on the server by the hosting account with the username "my Cpanel username".

In order to cease the abuse, the PHP function has been disabled.

The emails were sent from the account automatically per each automated request. In order to avoid the issue from being repeated in the future, it is suggested to protect your website from automated requests using anti-spam software (e.g. Captcha).

As a reminder, we would like to point out that transmitting any unsolicited commercial or bulk mail, or being engaged in any activity known or considered to be spamming or Mail Bombing is expressly prohibited on our hosting servers according to our Acceptable Use Policy, paragraph 8 "Prohibited Activities" at www.namecheap.com/legal/hosting/aup.aspx .

Please note that in case the issue reoccurs, we may be forced to suspend the subject account to stop the outbreak.

Thank you for understanding. Please let us know if you have any questions.

==============================

Bounced Queue - 850 emails.

 

BELOW IS THE CONTENT OF THE SCANNED RESULTS

"

===============================================================================

1nKYvB-00DbS8-6H-D
This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its
recipients. This is a temporary error. The following address(es) deferred:

s308sam@yahoo.com
Domain mydomain has exceeded the max emails per hour (248/200 (124%)) allowed. The message will be reattempted later

------- This is a copy of the message, including all the headers. ------
Received: from "my Cpanel username" by premium130.web-hosting.com with local (Exim 4.94.2)
(envelope-from <my Cpanel username@premium130.web-hosting.com>)
id 1nKYvA-00DbOX-C2; Thu, 17 Feb 2022 00:01:36 -0500
To: stevet1961@hotmail.com,egorun17@iinet.net.au,jeffhanan@aol.com,rf33333333@yahoo.com,gelvinmike@gmail.com,bill0838@comcast.net,sfurciato@aol.com,llonnie20@yahoo.com,darrencarr1970@yahoo.com.au,andrewikim@yahoo.com,olivier.s.selig@gmail.com,michaelhaselhuhn@web.de,pedrocayla@hotmail.com,btakano2@hawaii.rr.com,jlp_moreno@hotmail.com,sebastiancor@libero.it,emcall91@gmail.com,bill_gregorio@yahoo.com,nstemple85@gmail.com,pkonn72@hotmail.com,mohammadchohan@hotmail.com,peter.50322@home.se,ghgob@hotmail.com,marcelultra@hotmail.com,fredrikwedin1975@hotmail.com,julio57crisostomo@hotmail.com,magictlm@hotmail.com,shaunleemutton@hotmail.co.uk,deamorimcarlos@live.fr,memosimo62@yahoo.com,dasilvaramos.romeo@neuf.fr,s308sam@yahoo.com,helffrichrob@gmail.com,chawkybekka@yahoo.com,sparkleunlimited@gmail.com
Subject: For her and for him
X-PHP-Script: mydomain/wp-content/plugins/wordfence/crypto/vendor/composer/options.php for 2.44.136.120, 2.44.136.120
X-PHP-Filename: /home/username/public_html/wp-content/plugins/wordfence/crypto/vendor/composer/options.php REMOTE_ADDR: 2.44.136.120
From: USA Pharmacy - Super Deals <USAPharmacy-SuperDeals@mydomain>
Reply-To: USAPharmacy-SuperDeals@mydomain
X-Mailer: PHP/7.4.27
MIME-Version: 1.0
Content-Type: multipart/alternative;boundary=cca2a2217af02be9112edadd5230741c
Message-Id: <E1nKYvA-00DbOX-C2@premium130.web-hosting.com>
Sender: <cpanel username@premium130.web-hosting.com>
Date: Thu, 17 Feb 2022 00:01:36 -0500

 

--cca2a2217af02be9112edadd5230741c
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: base64

R29vZCBhZnRlcm5vb24gZGFybGluZy4KCkZvcmdldCBhYm91dCBkb2N0b3JzLiBFbmpveSBiZXR0
ZXIgc29sdXRpb24uIEZhbW91cyBQaWxscy4KCmh0dHA6Ly92ZXJpY3JlZC5nc2R0ZXN0LmNvLnph
L3dwLWNvbnRlbnQvcGx1Z2lucy9jYWxkZXJhLWZvcm1zL3ZlbmRvci9uZXNib3QvY2FyYm9uL3Ny
Yy9DYXJib24vb3B0aW9ucy5odG1s

--cca2a2217af02be9112edadd5230741c
Content-Type: text/html;charset=utf-8
Content-Transfer-Encoding: base64

PGh0bWwgbGFuZz0iZW4iPgo8aGVhZD48bWV0YSBuYW1lPSJ2aWV3cG9ydCIgY29udGVudD0id2lk
dGg9ZGV2aWNlLXdpZHRoIiAvPjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIgY29udGVu
dD0idGV4dC9odG1sOyBjaGFyc2V0PVVURi04IiAvPjwvaGVhZD4KPGJvZHk+R29vZCBhZnRlcm5v
b24gZGFybGluZy48YnI+PGJyPgoKRm9yZ2V0IGFib3V0IGRvY3RvcnMuIEVuam95IGJldHRlciBz
b2x1dGlvbi4gRmFtb3VzIFBpbGxzLjxicj48YnI+Cgo8YSBocmVmPSJodHRwOi8vdmVyaWNyZWQu
Z3NkdGVzdC5jby56YS93cC1jb250ZW50L3BsdWdpbnMvY2FsZGVyYS1mb3Jtcy92ZW5kb3IvbmVz
Ym90L2NhcmJvbi9zcmMvQ2FyYm9uL29wdGlvbnMuaHRtbCI+WU9VUiAtMTAlIERJU0NPVU5UIEhF
UkU8L2E+PC9ib2R5PjwvaHRtbD4=

--cca2a2217af02be9112edadd5230741c--

"

from the results the perps created an email which they are using to spam through the plugin.

 

please go through it @hassan @admin @support

from H-educate Forum - Recent Topics https://ift.tt/Z7RxIMX
via