Today, I received this scary-looking email:
Note: If this is the first time you received this mail, it contains the history for the entire month so far.
Below are the recently upload scripts that contain code to send email. You may wish to inspect them to ensure they are not sending out SPAM.
/home/mydomain/public_html/wp-content/plugins/private-rss/privateRSS.php:267: $additional_header='Content-type: text/plain; charset=utf-8';
/home/mydomain/public_html/wp-content/plugins/private-rss/privateRSS.php:268: mail($wpdb->escape($_GET['mail']), __('Successfull subscription', 'privateRSS'), sprintf(__("You have successfully subscribed to %s. \nYou could access your private RSS feed by this url: %s till %s. \n\nThank you for your subscription.", 'privateRSS'), get_option('siteurl'), get_option('siteurl').'/feed/?pRSS='.$url, $wpdb->escape($_GET['due'])), $additional_header);
This is an "error" message generated by WHM/cPanel, as a warning to the server admin, pertaining to a script that sends emails. It's a spam prevention policy found within WHM, though you may not realize this policy is in place until you receive one of these email warnings.
In this specific example, it shows a script attached to a WordPress plugin.
This is a plugin that was intentionally installed on a certain site (not this site), and was verified to work as desired, without any known vulnerabilities that spammers could exploit. The warning from WHM/cPanel is appreciated, but can be safely dismissed. The email was deleted.
Go ahead, wipe the sweat off your forehead. You're probably safe.
And if you need a good host, see our non-spammy list: http://www.digitalfaq.com/forum/web-...-best-web.html