Thread: my website was (is) under spam attack !!!

my website was (is) under spam attack !!!

It started about 10-15 days ago, but I have not see it until yesterday. In every 5 minutes about 5-10 new ads are posted. Ofcourse, not real ads, but spam ads, with links to some other sites. It is obviously that it is some kind of automatic script that is posting this ads.

When I entered my website files on the server, there were a lot of some strange files that are not part of wordpress or classipres. I deleted everything.

1. deleted complete wordpress and classipress folder, and uploaded latest versions of both.
2. check wp-uploads folder and deleted all strange files there
3. change mysql database user and password (deleted the old one).

And nothing of that helped me, still ads are publish every minute!!!

Looking at ads IP adresses, I saw they are all different, this is not being published from one or 2 IPs, but many, many IPs from different countries.

At the end, I found a WP plugin called Wordfence, which have the option to block a range of IPs. So I created rules and blocked IPs from many countries arround the world from which is all this comming. And for now the attack on my website is stoped. Here and there another one of this ad is posted, but I just ad anotred IP to block.

One more thing, besides posting spam ads, every one of this user registered has posted links in their profiles. Is there any way I can delete users who dont have any ads? Because I deleted the ads in bulk, but it would be very time consuming to delete one by one all users who dont have ads.

Does anybody have any idea what is going on here ? What is this software that is doing this ? What should I do to secure my wordpress and classipress site?