Support » Themes and Templates » Virus, external hacker or what? Security in local blog

  • Zambrano Sergio

    (@sergiozambrano)


    Yesterday, 12:41 AM, the emails say, I’ve got one email for each worpdress account I manage locally. Between 1 and 4 emails were sent for each blog, with the following message:

    Your new WordPress blog has been successfully set up at:

    http://localhost/SITENAME/website

    You can log in to the administrator account with the following information:

    Username: admin
    Password: XXXXXXXXXX

    We hope you enjoy your new blog. Thanks!

    –The WordPress Team
    http://wordpress.org/

    XXXXXX were random passwords. One different each time.

    There are different hours in the source code, all of them end with 41min, so I’m not so sure of the time they were sent/generated, but I installed a Chrome extension to manage the passwords that same day.

    Is there any chance it hacked my blogs?
    The extension is: LastPass.
    I don’t think someone outside trying to access my blogs since I’m behind a router and a modem. If my webserver (Mac) is serving pages is not outside this house.

    Now, what concerns to wordpress: What is what triggers those messages in a non hacked (e.g. accidentally damaged database or deleted files) blog? (Rather several blogs)

    Thanks

Viewing 3 replies - 1 through 3 (of 3 total)
  • Daniel Cid

    (@ddsucurinet)

    Sucuri.net Support

    This looks like due to a bug that was fixed on 2.9.1. What version are you using?

    christo101

    (@christo101)

    I had the exact same thing happen to one of my clients too. The only way I could tell is that the directory looked familiar. Here is the email I received. It actually sent me 4 emails at the same time with 4 different passwords. I can’t figure out what I should do now. I have WP 3.1 installed. Thanks for any help!

    ——————

    From: WordPress <wordpress@localhost.localhost>
    Subject: New WordPress Blog

    Your new WordPress blog has been successfully set up at:

    http://localhost/wp/portraits

    You can log in to the administrator account with the following information:

    Username: admin
    Password: XXXXXXXXXX

    We hope you enjoy your new blog. Thanks!

    –The WordPress Team
    http://wordpress.org/

    christo101

    (@christo101)

    As a caveat, I did not log in with the name and password it emailed me. I was afraid they were phishing my account.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Virus, external hacker or what? Security in local blog’ is closed to new replies.