Support » Plugin: Solid Security – Password, Two Factor Authentication, and Brute Force Protection » Receiving iThemes Notifications from Another Domain

  • Resolved amythyst34

    (@amythyst34)


    I’m getting email notifications and security logs (via iThemes Security) for a domain that does not belong to my client.

    The only domain name that my client owns is abetteralteration.com, but I am receiving notifications for destinationweddinghairstylist.com (which I noticed is hosted by the same web host). That domain does not belong to me or my client, but the iThemes emails are coming from “wordpress@destinationweddinghairstylist.com” instead of the usual “wordpress@abetteralteration.com”.

    I reached out to our web host and they suggested this was an issue on the side of the iThemes Security plugin, not their side (the host).

Viewing 9 replies - 1 through 9 (of 9 total)
  • Hi,

    Did you do any work for destinationweddinghairstylist.com where they created a user for you?

    Thanks,

    Matt
    iThemes.com

    You might find this info useful.

    Not only are both domains – abetteralteration.com and destinationweddinghairstylist.com – on the same web host, but they both also resolve to the same exact IP address – 146.66.70.124 and there are also many other domains / sites hosted on that IP, which would seem to indicate they’re on shared hosting and both sites are on the same server together.

    Another notable fact – both abetteralteration.com and destinationweddinghairstylist.com were both moved from GoDaddy hosting to their current hosting company SingleHopLLC 4 months ago in April 2019. This would seem to indicate the possibility that either:
    A.) The same person or organization owns both domains and moved them back in April on their own, OR…
    B.) The person that handles the hosting arrangements for both of those domains switched hosts back in April and is either still in charge of them or was possibly handling the DNS settings and has not made important changes that they should have (in some cases, the previous web designer for mutual / multiple clients).

    One big important clue – if you visit https://destinationweddinghairstylist.com it redirects to https://www.abetteralteration.com/

    So while I’m just speaking from experienced opinion here when I say this – it really looks like either the same person owns those two sites or that those two sites are/were managed by the same company at some point, and that some form of duplication was run to create one site based on data from the other site.

    The web host you spoke to should have been easily able to tell if those two sites / accounts are related, not just by the fact that they’re both hosted on the same server, but by the fact that https://destinationweddinghairstylist.com redirects to https://www.abetteralteration.com/ (which would seem to indicate that either the person who built one of the sites used it to duplicate and create a second site and set up a redirect, or that there’s a problem at the server level which is making one domain resolve to the other… in any case, seems like someone’s not telling you everything they know).

    It’s definitely no coincidence that both domains resolve to the same IP address, are hosting on the same server, and both were moved from old host to new host within a week of each other back in April of this year.

    Lots of clues in that info above.

    I’m not affiliated with iThemes at all. I’m just sharing the info that I would look at if I were you, in hopes that it helps.

    Thread Starter amythyst34

    (@amythyst34)

    Thanks @anotherdave – I appreciate the info. I had actually found most of the same information, myself, which is why I originally reached out to the host. Like you pointed out (in not so many words), I too feel like the issue lies with them and not with the iThemes plugin.

    I had not noticed the redirect, however, which is confusing because my client (abetteralteration.com) is not associated with the other domain (destinationweddinghairstylist.com) in any way. This isn’t just any client — I know her personally. She’s never been a hairstylist, never owned any other domain names, and wouldn’t even know how to set up a domain or a redirect even if she did (after all, that’s what she’s paying me for). I’m not entirely sure why an unrelated domain would be redirecting to my client’s website.

    And no, @beardedginger, destinationweddinghairstylist.com is not one of my clients. I’ve never done any work with that domain name and this is the first time I’ve ever used SiteGround as a host.

    Just for the sake of conversation, this is an example of the email headers I’m getting:

    Subject: [www.abetteralteration.com] Site Lockout Notification
    X-PHP-Originating-Script: 522:class-phpmailer.php
    Date: Thu, 25 Jul 2019 12:06:13 +0000
    From: WordPress <wordpress@destinationweddinghairstylist.com>
    Message-ID: <ec9411699154e6012cd2a06e637ac842@destinationweddinghairstylist.com>
    X-Mailer: PHPMailer 5.2.22 (https://github.com/PHPMailer/PHPMailer)

    If there’s any reason that I can’t think of, that would make anyone suspect this might be an issue with the iThemes plugin, I’m all ears. So far I’m still leaning towards this being an issue with the host, even though they told me to put a support ticket in with iThemes.

    Thanks again for everyone’s input.

    There is only 1 setting (From Email) in the iTSec plugin where you can specify a different “From:” email address and it can be found in the Notification Center module.

    If “wordpress@destinationweddinghairstylist.com” is not specified there then this is probably not an iTSec plugin issue.

    To prevent any confusion, I’m not iThemes.

    • This reply was modified 4 years, 7 months ago by nlpro.
    Thread Starter amythyst34

    (@amythyst34)

    Thanks for your insight, @nlpro. I have not changed the “From” email address in the Notification Center. Additionally, I’m still receiving emailed security logs/digests/etc for abetteralteration.com — it’s just that I’m also receiving them for destinationweddinghairstylist.com.

    The response from SiteGround (the host) was this:

    I checked on the domain name destinationweddinghairstylist.com and it seems to be pointed to the same server your account is on.

    However it doesn’t seem to be hosted on it, rather it is simply pointed here. In such situations, it is possible for the request to be sent to the first domain name listed in the configuration of the server, which is sorted alphabetically, so yours is on the top.

    There is no way for us to change this, we have no control over the domain name itself, and if it belongs to another customer we have no access to make changes. It is best to ask iThemes how to proceed, as they are the ones sending you the notifications. From the server end, there is no kind of solution that can be done as the configuration does depend on a domain name to which we have no access to. The only thing I could do is to regenerate the server configuration which can help with the redirect issue.

    If anything on our end is further needed do not hesitate to check with us again.

    Ah, so you are receiving duplicate emails ?

    If so, are emails send by WordPress exhibiting the same behaviour ?

    Thread Starter amythyst34

    (@amythyst34)

    That’s the really odd thing – sometimes I’m getting emails from wordpress@abetteralteration.com (as expected) and sometimes I get them from wordpress@destinationweddinghairstylist.com (the domain I’ve never heard of up until this issue). Even the ones coming from the wrong email address, though, contain information regarding abetteralteration.com – which is why I don’t think it’s an issue of them inputting our email address in their settings (for whatever weird reason someone would do that).

    I really feel like this is an issue at the host level, whether the web host or domain host, I don’t know. My web host keeps pointing at this plugin, but i don’t think this plugin is the problem. I’ve used this plugin on multiple different hosts for multiple different websites and have never had this issue occur before.

    That being said, I don’t know everything. I’m making educated guesses, at best, based on the information I have available to me.

    Ok, now I see what is happening.

    THE SOLUTION is to find a way to fix the redirect from:

    https://www.destinationweddinghairstylist.com

    to:

    https://www.abetteralteration.com

    Find a way to stop that redirect and this issue is history.

    (Note that the NON SECURE http://www.destinationweddinghairstylist.com does not redirect.)

    So I’m 100% convinced this is not an iTSec plugin issue. The plugin actually helped uncover a deeper hosting/domain/SSL/redirect issue.

    SiteGround offered:

    … The only thing I could do is to regenerate the server configuration which can help with the redirect issue.

    I would recommend to make use of that offer.

    Thread Starter amythyst34

    (@amythyst34)

    I totally agree with you @nlpro — I definitely feel like the plugin isn’t the issue and that it only uncovered an issue.

    The web host seems to be dismissive of the problem, telling me I should just filter the emails. What they don’t seem to understand is that the emails are correct — they ARE MY security logs. It’s concerning that they are displaying another domain name in the email address.

    I’m tempted to just write some PHP — unrelated to WordPress — and see if I can get it to replicate the issue. Maybe then they will stop telling me that “the emails are not configured or sent from any SiteGround software but from an iTheme software”.

    Anyway, I’m going to close this as resolved. Thank you all for your input — I appreciate your help.

Viewing 9 replies - 1 through 9 (of 9 total)
  • The topic ‘Receiving iThemes Notifications from Another Domain’ is closed to new replies.