possible account compromise

  • Unknown's avatar
    roseglace · Member ·

    i got email from a friend who received spam from an address claiming to be me. i’m wondering about (a) how they obtained his address and (b) how they made the connection between he and i. one obvious connection is the comments he has left on my blog and the spam contained a URL with the string “wp-content/themes/responsive” so my initial suspicion is that they made the connection here somehow.

    who would be the appropriate person to look in to this? after half an hour wandering through the support pages, i’m stumped.

    The blog I need help with is: (visible only to logged in users)

  • Unknown's avatar
    timethief · Member ·

    Who has access to your log-in information and/or email address?

    Did you use the same password for your email account and your blog?

    Are you sharing log-in information with anyone or leaving it where anyone can locate it?

    Are you remaining logged in on your computer so anyone can come along and access your blog through it?

    Go to your email program and change the password to a very difficult one because that’s how many hackers gain access to blogs.

    Then read this please knowing that blogs don’t get hacked when security protocols are followed. > http://en.support.wordpress.com/security/

    1. If you can log-in go here > Users > All Users and delete any user that does not belong there.

    2. Disable post by email > http://en.support.wordpress.com/post-by-email/

    3. Disable post by voice > http://en.support.wordpress.com/post-by-voice/

    4. Change your blog password to a very difficult one > http://en.support.wordpress.com/passwords/#change-your-password

    5. Use a secure, encrypted connection to connect to your Dashboard. Under Users → Personal Settings, check the box that says “Always use HTTPS when visiting administration pages, and click Save Changes.

    I tagged this thread for a Staff follow-up. Please subscribe to it so you are notified when they respond.

  • staff-blorbo · Staff ·

    When you say “an address claiming to be me” do you mean http://roseglace.wordpress.com/ ?

    If not, what do you mean?

  • Unknown's avatar
    jrod1957 · Member ·

    yeah, the man got a letter to his address claiming to be the other person…

  • Unknown's avatar
    timethief · Member ·

    @jrod1957
    Staff ie. macmanx is already posting to this thread thanks. If you are not roseglace logged in under another username account then please do not post here and confuse roseglace.

  • Unknown's avatar
    roseglace · Member ·

    > Who has access to your log-in information and/or email address?

    i think this is probably a red herring; i have seen no evidence of a compromise on any of my accounts and there is nothing in the spam that suggests their involvement. the issue is that Mr. L has received spam claiming to be (trivial forgery as far as i can tell) from me. there are very few places that i know of with a connection between mr l and i and one of them is here; i’m more concerned with his account than mine. the spam was sent to an address that he hasn’t used to comment with so i’m wondering if that address is associated with his wordpress account in any way. if not, then the connection was probably not made here.

    at first (and second) glance, it’s just spam for diet pills. but it implied that the spammer knows more than he ought to. so i’m wondering how he knows it. certainly accessing my account would not give it to him.

  • staff-blorbo · Staff ·

    I don’t see any sign of malicious activity on your account. If you don’t see anything being done to your blog, there isn’t really anything we can do about it.

  • Unknown's avatar
    roseglace · Member ·

    >When you say “an address claiming to be me” do you mean >http://roseglace.wordpress.com/ ?
    >
    >If not, what do you mean?

    the ‘From’ fiend in the spam message is/was

    From: Rose Glace <(email visible only to moderators and staff)>

    the address is forged, of course, but the name field is interesting — the spammer knew enough to use a ‘name’ that the recipient would trust to some extent. this is unusual for spammers (i was an email administrator for twenty years and, while i won’t claim to have seen it all, i’ve seen a lot). it appears that the spammer knows that there is a connection between rose glace and one of mr. l’s email addresses.

    > If you are not roseglace logged in under another username account >then please do not post here and confuse roseglace.

    confusing me is pretty easy.

  • staff-blorbo · Staff ·

    Yeah, so see above, we really can’t help with email forgeries.

    It sounds like you have a virus that just scraped your contact list on your computer, those are quite common.

  • Unknown's avatar
    roseglace · Member ·

    >I don’t see any sign of malicious activity on your account. If you don’t >see anything being done to your blog, there isn’t really anything we can >do about it.

    see above — i have seen no evidence of issues with my account. mr. l has the wordpress account ‘larsomatic’ which he’s used to make several comments but the spam was sent to an address that — as far as i can tell — is not associated with his account. perhaps it’s hidden or perhaps is WAS associated with his account; i can’t tell. all i really know is that the Bad Guy (who may or may not be in vietnam at IP 113.171.15.212) knows one of mr. l’s ‘hidden’ email addresses and appears to know that he knows me.

  • staff-blorbo · Staff ·

    Right, we don’t offer email services, so unless you see any sign that someone has hacked into your WordPress.com account, there is nothing we can do here at WordPress.com Support.

  • The topic ‘possible account compromise’ is closed to new replies.