Forums

WordPress › Support » How-To and Troubleshooting

New user registration notification has spam addresser name (9 posts)

  1. tomcho
    Member
    Posted 5 years ago #

    The last few notifications I've had about new users for my site have come from the correct email address but the addresser name is something that goes along the lines of 'order (insert name of a particular enhancement drug that shall enhance your sexual stamina)'.

    The new users seem to be genuine new users and not spammers - this doesn't seem to be a problem. It's just the addresser's name for new user registration notification.

    I tried to search among the archives but couldn't find anything about this problem.

    Any help appreciated.

  2. maerk
    Member
    Posted 5 years ago #

    How can you be sure that they're genuine users? Have you tried registering yourself?

  3. whooami
    Member
    Posted 5 years ago #

    tomcho, I got 100 for your 10 that says you wont ever see a comment from them.

    http://wordpress.org/support/topic/78258?replies=6

  4. tomcho
    Member
    Posted 5 years ago #

    After I started receiving the registration notification with the spam addresser name, I changed the addresser name in my address book so that I wouldn't have the displeasure of seeing it. I changed it to 'Wordpress (tomcho.com)'.

    I just tried registering myself (thanks for the suggestion, maerk) and I received the notification via the correct email address (wordpress@tomcho.com) and with the addresser name displayed as I changed it in my address book.

    whooami, the users are genuine because they're people I know. They haven't commented yet but I know them and their email addresses. Just curious but what would be the point of them not commenting? Wouldn't they be registering so they can post comment spam?

    Thanks for the link to the other thread. I didn't understand all of it, to be honest. One prob I have is that I can't find a .htaccess file and I've tried to create one a few times before (for a diff purpose) but it doesn't seem to work.

    Tom

  5. lhk
    Member
    Posted 5 years ago #

    Hi,

    you might consider having been hacked.

  6. tomcho
    Member
    Posted 5 years ago #

    Having never been hacked before (to my knowledge), what would I do about this?

  7. lhk
    Member
    Posted 5 years ago #

    Hi,

    I'd contact your host first, cause it's also possible another account was hacked and is changing/adding scripts or manipulating files.

    Then I'd compare, file by file including filesizes, what you have on the server and what is in your original WP installation folder on your computer. If you discover any surplus files or find out that some where changed, you found the origin of what is happening.

    Just reinstalling probably will not suffice. Again I'd have a good talk with the host on how it was possible in the first place.

    What I'd do immediately and anyway is change the account password (for your hosting account).

    What makes me think this might be a hack:

    If I understand you correctly, your friends registered on your site, and the notification mail you received contained a spam message. This is not normal. And it can't be done by your registering friends, that has to happen serverside, as it's WP which puts that mail together and sends it.

    What I'd also ask is whether your friends also received notification emails with that spam message.

  8. tomcho
    Member
    Posted 5 years ago #

    Thanks for all of this advice.

    I have done everything you have said except the file-by-file comparison. I won't have time to do this just yet - I will do it in the next day or two.

  9. tomcho
    Member
    Posted 5 years ago #

    Just to update on this issue (and hopefully resolve it)...

    I don't think I have been hacked. I started doing a file-by-file comparison but then I got a spam message sent to my wordpress@tomcho.com address. I rarely use this email address for anything. But this is the email address that notifies me of new user notifications and comments. So I wondered whether spammers had found this email address, since "wordpress@" is hard-coded into the wp-includes/pluggable-functions.php file.

    So I edited pluggable-functions.php file to change the email address to something else and I also changed the file permissions for it so that only the owner has write permissions. (I couldn't change the read permissions on it without getting syntax error messages.)

    And I will ditch the wordpress@tomcho.com email address.

    Hopefully this will work.

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags