php_mail.log – Exclude php_mail.log file from being checked by AutoRestore

Home Forums BulletProof Security Pro php_mail.log – Exclude php_mail.log file from being checked by AutoRestore

This topic contains 2 replies, has 2 voices, and was last updated by  KeithAdv 2 years, 8 months ago.

Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
    Posts
  • #25826

    KeithAdv
    Participant

    [irony] Two days after I bought BPS Pro, but a day before I installed it, my client’s site was hacked.[/irony]

    I’m trying to keep my client’s site afloat, but I’m finding BPS Pro overwhelming. I feel like I’m learning under trial by fire! I hope you won’t mind a little hand-holding.

    My client’s site was deactivated by Siteground due to malware.

    I deleted the client’s site and restored it from a backup I assumed to be good. I changed my cpanel/ftp password and deleted all user accounts except mine, changing the password on that. I am having some issues and want to make sure I’m not still infected, or reinfected, etc. Siteground has pronounced it clean and reactivated it. I have since installed the gotmls.net Anti-Malware plugin and have fully scanned the site.

    I have several issues that I’ll address idependently but here is the main one.

    The main issue (so far) is the file “php_mail.log” which keeps showing up in my public_html directory and gets immediately quarantined. It’s happening every few minutes so the quarantine files grows to several hundred in a very short time–hundreds a day.

    I’ve looked at the file itself and it seems benign. It seems to note only emails being sent to me either by BPS pro or BackupBuddy. I’ve included the last 9 entries below, but they are mostly identical to the rest, only the dates are different. (In the attached snip, I’ve changed my actual email address to me @ myemail.com.)

    Can anyone tell me what’s going on? What can I do about this?

    [26-Sep-2015 14:18:46 UTC] mail() on [/home/gzddev64/public_html/wp-includes/class-phpmailer.php:652]: To: me@myemail.com -- Headers: Date: Sat, 26 Sep 2015 14:18:46 +0000 From: BackupBuddy <me@myemail.com> Message-ID: <779776eeacf81185d9df331dfda779f8@www.gzddev.com> X-Priority: 3 X-Mailer: PHPMailer 5.2.10 (https://github.com/PHPMailer/PHPMailer/) Reply-To: me@myemail.com MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit
    [27-Sep-2015 21:41:23 UTC] mail() on [/home/gzddev64/public_html/wp-includes/class-phpmailer.php:652]: To: me@myemail.com -- Headers: Date: Sun, 27 Sep 2015 21:41:23 +0000 From: BackupBuddy <me@myemail.com> Message-ID: <8833bc92ba8d4297db4791addd42a666@www.gzddev.com> X-Priority: 3 X-Mailer: PHPMailer 5.2.10 (https://github.com/PHPMailer/PHPMailer/) Reply-To: me@myemail.com MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit
    [28-Sep-2015 20:10:17 UTC] mail() on [/home/gzddev64/public_html/wp-includes/class-phpmailer.php:652]: To: me@myemail.com -- Headers: Date: Mon, 28 Sep 2015 20:10:17 +0000 From: WordPress <wordpress@gzddev.com> Message-ID: <e9aaa2252b03c654ce0281b2b1b3fbcc@www.gzddev.com> X-Priority: 3 X-Mailer: PHPMailer 5.2.10 (https://github.com/PHPMailer/PHPMailer/) MIME-Version: 1.0 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 8bit
    #25829

    AITpro Admin
    Keymaster

    Create an AutoRestore single file exclude rule for the php_mail.log file so that it is not checked by AutoRestore|Quarantine.

    1. Go to AutoRestore and turn Off AutoRestore.
    2. Go to Quarantine and restore the php_mail.log file from Quarantine.
    3. Go to AutoRestore > Add|Exclude Other Folders & Files tab > under Exclude Folders & Files > select Exclude An Individual File > Enter an Exclude Folder or File Path in the text box (you can get that path from your Quarantine Log) and click the Exclude button.
    4. Turn AutoRestore back On.

    Other Help Info:  AutoRestore|Quarantine Exclude Folders & Files Video Tutorial:  http://forum.ait-pro.com/video-tutorials/#autorestore-quarantine

    #25830

    KeithAdv
    Participant

    Thank you!

Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.