WordPress.org

Forums

Reset Password - Hacker Hi-jacked? (2 posts)

  1. jasperjames
    Member
    Posted 5 years ago #

    Hi all,

    Have searched for a similar thread but haven't managed to find one, apologies if this already covered.

    I have caught our WordPress install sending out password resets to numerous email addresses we are not affiliated with (we only use one anyway).

    To begin with I could not login to the backend, which I have read up is a common issue, with the usual username and password. I then chose the password reset as this normally turns up lightening fast in my inbox. The email never came.

    The next day, I noticed in the Spam folder for the domain email a MailerDaemon from the Server/Wordpress stating "I'm afraid I wasn't able to deliver your message to the following addresses.
    This is a permanent error; I've given up. Sorry it didn't work out." and list of all these undesirable email addresses.

    I know the reset wasn't delivered to those addresses stated, which have clearly since been deleted by their hosts, but can't be sure it hasn't been sent any where else.

    I realise we're on 2.8.4 and plan to update immediately but want to know what's causing this. I have checked .htaccess, DNS server settings, all emails listed within WordPress, checked myPHPadmin tables as well as contacting our hosts who suggested posting here.

    I will update forthwith but want to be assured this bug won't be assimilated into the lastest WordPress build.

    If anyone could shed some light on the occurance I would be very grateful.

    Kind regards,

    Jasper

  2. Samuel B
    moderator
    Posted 5 years ago #

Topic Closed

This topic has been closed to new replies.

About this Topic