Suspicious increase in traffic

  • Author
    Posts
  • #2929317

    jwittmus
    Member

    I haven’t been on my site in awhile (a few years) so it’s rare that I get any new users because I haven’t posted anything recently. However, in the last few days, I’ve had 12 new users, one after the other. Each user name is very similar, a name followed by a year (example: jim_witmer1980). I’m wondering if this is some kind of phishing scam? Why would I be getting so many at once, and so similar?

    The blog I need help with is highaltitudeattitude.wordpress.com.

    #2929445

    jwittmus
    Member

    Bump! I’m still getting continuous new users (even since I posted this), which is so odd. What is going on? How can I stop it?? HELP!

    #2929446

    timethief
    Member

    Does this help https://en.forums.wordpress.com/topic/please-someone-help?replies=7#post-2924842

    If it doesn’t type modlook into the sidebar tags on this thread for a Staff follow-up. How do I get a Moderator/Staff reply for my question? https://en.support.wordpress.com/getting-help-in-the-forums/#how-do-i-get-a-moderatorstaff-reply-for-my-question Also subscribe to this thread so you are notified when they respond and be patient while waiting. To subscribe look in the sidebar of this thread, find the subscribe to topics link and click it.

    #2929474

    jwittmus
    Member

    Thank you! I added that to the tags.

    #2929512

    kokkieh
    Staff

    Hi there,

    On which site is this? New user registration emails are generated by self-hosted WordPress sites when someone creates a new user profile on a site. WordPress.com sites don’t have this option and we haven’t sent you any emails to the address connected to your account recently.

    I don’t see any self-hosted sites in your account, only the WordPress.com site, http://highaltitudeattitude.wordpress.com/, and there has been no new users or followers added to that site – the last new follower on that site followed it almost 4 years ago.

    What is the email address the emails are coming from? It sounds like someone might be using your email to create new user profiles on random self-hosted sites – this has been happening a lot lately. As they’re doing it on sites that are not on our servers there is nothing we can do to prevent it. I suggest you set up a filter in your email account to automatically delete these emails when they come in.

    #2929528

    jwittmus
    Member

    Thank you for responding. Following is a copy of the emails I’ve been getting (I could only copy the content, not the whole email with headings):

    New user registration on your site High Altitude Attitude:

    Username: dima081985

    Email: (email redacted)

    The email is coming from: WordPress <(email redacted)>

    The subject says: [High Altitude Attitude] New User Registration

    After initially posting this, I went into my blog and took out the “Follow” link. I haven’t received any more emails like this since I did that. However, my question is, what is the act behind getting so many of these? Is it so I’ll click on that email address and get hacked or spammed? In the future, I’d like to add the Follow button back in (when I start doing blogs again; currently, other life has taken over) and I don’t want this to happen again. Am I the only one this has happened to? Thank you for your help.

    #2929529

    jwittmus
    Member

    For some reason (maybe security on your end?) the email addresses did not copy over. If you need them, I’ll be glad to spell them out in here. Thanks.

    #2929531

    kokkieh
    Staff

    I can see the email addresses, thanks :)

    This is as I suspected. Someone is using your email address to create new user accounts on self-hosted WordPress sites. The fact that the emails have “wordpress” in the address is meaningless in this case, as to see where an email is coming from you need to look at the domain after the @, not the word before it.

    Those emails aren’t coming from us (@wordpress.com), so we have no way of stopping them. Filtering them out in your email client is pretty much the only thing you can do, though you can also try reporting this to the domain owner, if their contact info is public in the Whois database, or you can report them to their email provider if you can find that info in the email headers.

    #2929532

    jwittmus
    Member

    The emails are coming from my domain (@HighAltitudeAttitude.com). It’s hosted by BlueHost. Should I contact BlueHost to try and correct this? This is confusing, but from what you’re saying, it sounds like someone has hacked into that email and is sending emails from it, like it’s coming from me? Thank you for explaining it’s not WordPress, now I just need to know who I need to go to to get it fixed. If you can kindly direct me, I’d appreciate it. Thank you so much for your help. (UGH!)

    #2929533

    kokkieh
    Staff

    So you have a Bluehost site? Please log into the WP-Admin dashboard, and go to Settings ->General. Check if the box next to Membership is checked. If it is, uncheck it and save.

    Then also go to Users ->All Users, and remove any users you see there that you didn’t add.

    I don’t know why someone would use your email address to create new user accounts on your own site, but people do strange things :)

    If you have email set up with Bluehost, also ask them to check no new addresses/aliases have been added. That’s all I can think of doing, but the folk in the self-hosted WordPress forums – the forums for the version of WordPress you’re using with Bluehost – might have more ideas:

    https://wordpress.org/support/

The topic ‘Suspicious increase in traffic’ is closed to new replies.