Suspicious popup denies user login (8 posts)

  1. vegainthemirror
    Posted 3 years ago #

    Hey there,

    Yesterday I realized something strange, when I tried to login on my blog spiegelwelten.ch. Whenever I try to login (=click on "Anmelden") a popup prompt appears, telling me that authentification is required. The page has never done this before. I've seen this yesterday for the first time.
    The popup appears as this: http://spiegelwelten.ch/pics/login-prompt.jpg (btw. it's German and says: "Authentification required. http://spiegelwelten.ch requires a user name and a password. Prompt from website: 'Automatic Protection - Username: protected Password: wordpress | visit http://www.webhostingstatus.com for more info'."

    First of all. This popup appears on my other blogs as well (ravenport.ch and schwyzrocks.ch), so I suppose it doesn't have anything to do with plugins, because the plugin configuration is different on any site. If you want, I can give you the list of plugins I use.

    I struggled with this popup. I tried to fill in my admin username - which isn't "admin" btw. - and password but that didn't work. I tried a lot, including resetting pw through ftp and mysql. I could change it but the popup was still there. I even deleted the whole page on the webspace and restored an old backup to see, if the popup appeared there as well. The backup was from December 12 and the popup didn't appear. So, I restored my newest backup and the popup appeared again.
    Then I realized, when I fill in "protected" as username and "wordpress" as password in the prompt, I'm being forwarded to the login page and am able to login normally.
    However, now that I've read about the brute force attacks on wordpress, I'm a bit worried.
    I mean, I could work with the old backup from december 12 and restore the missing content manually (which wouldn't be that much of a disaster), but that probably wouldn't resolve the problem, would it?

    So, is this popup something wordpress implemented in the last update? Or have I become a victim of an attack? Does this popup snoop my admin password? And what the heck is "webhostingstatus.com"?

    I'm not sure, what to do and am really worried. Help is greatly appreciated. Thanks!


  2. WPyogi
    Forum Moderator
    Posted 3 years ago #

  3. vegainthemirror
    Posted 3 years ago #

    Woah, that was quick, WPyogi. Thanks for the links.
    I've heard about that. And that's why I was worried in the first place.

    However, that didn't answer my question. Is this popup something official from wordpress?

  4. Andrew Nevins
    Forum moderator
    Posted 3 years ago #

    It looks like it's from your hosting provider.

  5. WPyogi
    Forum Moderator
    Posted 3 years ago #

    Yeah, sorry about that, I reread it more carefully after I posted it. It's not from WordPress - more likely your hosting company has enabled tighter security. You really should contact them to see what's going on in your particular situation.

  6. vegainthemirror
    Posted 3 years ago #

    Hey Andrew and WPyogi,

    Thank you guys. I'll contact my webspace support then. It's not nice of them to just add additional security in the frontend without asking.

    I'll keep you posted

  7. cubecolour
    Posted 3 years ago #

    webhostingstatus.com is the status of services provided by Heart Internet, a UK web host. The page is white labeled & does not display a logo because many people using their services do not have a direct relationship with the host, but via a reseller.

    Your site is indeed hosted by heart Internet http://www.whoishostingthis.com/spiegelwelten.ch so be assured that the message is genuine and the change has been put in place for your protection.

    http://www.webhostingstatus.com/ should be your first port of call as a Heart Internet customer or a customer of one of their resellers to check server status. If you purchased your services via a reseller, the reseller can (and probably should) also display the content of that page on their own site, but with their own branding.

  8. vegainthemirror
    Posted 3 years ago #

    Hey cubecolour,

    Interesting. I didn't know my hoster was a reseller. But therefore it is. I've never heard of Heart Internet before, so that's good to know. I'll see what information I get from my hoster about that.

    Thanks again.

Topic Closed

This topic has been closed to new replies.

About this Topic