random site subscriptions
-
Hi, I am not a huge follower of sites, but lately every time I login in (and sometimes when I don’t as things arrive via email), I have a dozen more sites as subscriptions. I know a little over a week ago my website was hacked through wordpress as I could trace the IP. I cleared up the website, changed my password to one of the ‘suggested’ passwords that Chrome suggested, and made sure 2 factor was on (although 2 factor had been on this whole time). However it’s still doing the same as before and I am still getting random subscriptions.
-
Hi there!
I have logged you out from all opened sessions so, if someone had access to your account, they would need to log in again. I’d suggest changing your password once again, here are some tips on selecting a strong password:
It doesn’t look like you have the two-factor authentication enabled so I strongly recommend that you do that as well:
https://wordpress.com/me/security/two-step
Please let us know if after that you still see unusual activity on your account.
-
Thank you for logging me out. How many open sessions were there? There should have been one through my iphone and one through my computer.
If I don’t have 2 factor, then why was I getting forced to put in a verification code? I had to do that just this morning when I contacted you.
My password is 15 characters long as of Monday as that was the first thing I did
Do you know why I still have a “ghost” post on my scheduled post list?
-
Thank you, but if I don’t have 2 factor enabled then why was I asked to put one in off my authenticator? My password was literally 15 characters long starting Monday.
-
If I don’t have 2 factor, then why was I getting forced to put in a verification code? I had to do that just this morning when I contacted you.
The first time you enabled the two-step authentication for your WordPress.com account (@melsmarsh) is today. Where were you receiving that verification code?
Do you know why I still have a “ghost” post on my scheduled post list?
On which of the sites under your account you’re seeing that post?
-
I was receiving a verification code through my cell phone and have been for a few weeks at the least every time I log in. So unless it was turned off but that still does not explain why I got one this morning.
The invisible post is under afterhourshypnotherapy.com under scheduled. At this particular moment, It lists 4 (and does so on two computers) but only 3 are visible. Cache has been cleaned just in case but still there.
-
Are you sure the codes are coming from us? What is the full text of the notification?
As for
afterhourshypnotherapy.comyour site is not hosted with WordPress.com. It is a site using the open-source WordPress software (from WordPress.org) but hosted with Siteground.Because WordPress.com and WordPress.org are two entirely separate entities, we cannot access files or data for sites that are hosted elsewhere, so WordPress.com staff can only assist with sites that are hosted on our servers. You can find more information here about the differences between WordPress.org software and WordPress.com: https://en.support.wordpress.com/com-vs-org/
https://wordpress.org/support/ is a great resource for sites using the open source WordPress.org software, and you can find support for that at: https://wordpress.org/support/forums/
Your hosting provider’s support team may also be able to assist.
-
I actually the difference between wordpress.org and wordpress.com since I have been on wordpress since 2005 which is near the beginning since you all started in 2003. I have already discussed this issue with siteground which has had 2 factor since I moved to them. I am using the google authenticator with Siteground. Both my wordpress accounts are listed as well as my siteground account in authenticator. They did an investigation (as I did as I am married to a security person as well) and they can’t find anything on their end.
The contact information I am sent for simply states WordPress.com verification code then gives a 7 digit code. 1-833-934-0563 and 1-844-905-0289 are the phone numbers they are coming from. Is that not what it is supposed to be? That’s what my friends get as well.
As far as how I know the issue is more likely coming from wordpress, Sucuri does some of my security as a just in case since last time it was a siteground issue. The post that was listed as scheduled was coming from Automattic. The other posts usually are listed as coming from Siteground but also usually list my ISP.
-
Yep, that would be us.
Did you recently change your phone number, or get a new number? I wonder if perhaps you inherited a phone number that someone else was using for authentication.
-
This has been my cell phone number since 1999 (2000?) . I am the first owner of the number since this area code was not in use prior to about the time of moving to my current state. My husband’s number is one digit off from mine and he is also the first owner of his.
I get the notification about 30 seconds after I attempt to login. I have never gotten a code verification without an attempt of mine to log into my wordpress account either by computer or by phone and the app 30 seconds or so prior.
Statistically speaking, I think that would be really unlikely to have two people log in the same time with the same code.
-
The codes you’ve received in the past 17 hours are from us, and should appear shortly after you try to log in. We don’t see anything previous in our system, so 2FA notifications you’ve received in the past could not have been from us.
I’m just glad you’ve got 2FA enabled now. You might also consider securing your email address, just in case.
-
Well then who did the others that are all from the same numbers and say the same thing and all were when I was trying to get in? Is it possible that something from your end turned it off? If so, that’s the issue.
My husband has seen situations where that has happened and that is his best guess. That’s what happened a few months ago with Liberty Mutual which, if you recall, was down for a few days. He was the one brought in to help with security and to do the restore for the website.
My gmail address has two factor enabled… in fact all of my emails do. Two use Duo as the 2 factor and the others do text. Since I work in healthcare it is a legal requirement to have multiple levels of security for everything regarding my website, email, notes, etc. People do try to hack into my email but we haven’t had a breakin for a few years now.
However this whole discussion over why I have a post hiding in my scheduled posts that I cannot see is a bigger problem. That means that something could be hiding which is another spam post which I can’t delete and stop.
-
I still have all these random site subscriptions…. which all were added since yesterday which is AFTER my password was changed, AFTER 2 factor was “turned on”. So please explain to me this as well!
Master Card с 19000р на счету
yzrqurr5aoubr7.wordpress.com(opens in a new tab)Following
SettingsDesertLilly
The land that was desolate and impassable shall be glad, and the wilderness shall rejoice, and shall flourish like the lily. Isaiah 53:1
desertlillyblog.wordpress.com(opens in a new tab)
updated 8 months agoFollowing
Settings
dzjobs
dzjobs.wordpress.com(opens in a new tab)Following
Settings
Soundtracks Tv
Download Soundtracks and Theme Songs of all Movies & Tv Series
soundtrackstv.com(opens in a new tab)
updated 25 days agoFollowing
Settings
oxuryjydy
4 out of 5 dentists recommend this WordPress.com site
oxuryjydy.wordpress.com(opens in a new tab)Following
SettingsNN ENTERTAINMENT
J~MAFIA, DON TAXY, DEMSTER & BAD BWOY
nnentertainment.wordpress.com(opens in a new tab)
updated a month agoFollowing
Settings
Table For One
Just another WordPress.com weblog
tableforonebiz.wordpress.com(opens in a new tab)Following
Settings
hfnnakvopz
hfnnakvopz.wordpress.com(opens in a new tab)Following
Settings
Logan Jackson Strength & Conditioning
ljackson2020.wordpress.com(opens in a new tab)Following
SettingsNefelibata
A cloud walker.
kucharietanefelibata.wordpress.com(opens in a new tab)
updated 4 months agoFollowing
Settings
kjfgbibnin.wordpress.com
kjfgbibnin.wordpress.com(opens in a new tab)Following
Settings
Memories of a Grrl Who Moved 48 Times before age 13!
poetry, world travel, USGS gypsy moves, autism (high functioning, diag. at age 67) manic-depression,, 50s, 60s etc.
dixielandpress.com(opens in a new tab)
updated 2 months agoFollowing
Settings
DrDayanandanAyurveda
The Science of Ayurveda-India’s Contribution to the World
drdayanandananiayurvedicwellnesscenter.home.blog(opens in a new tab)Following
Settings
mutating outsider art by David F J Woods
mutatingart.com(opens in a new tab)
updated 2 days agoFollowing
Settings
She writes.
ayzawrites.wordpress.com(opens in a new tab)Following
SettingsLoitering souls
Travel | Food | Photography
loiteringsouls.com(opens in a new tab)
updated 2 months agoFollowing
Settings -
Please also note that wordpress subscriptions are NOT controlled by siteground, only by wordpress.
-
More information….
The last time my site was accessed was by IP 162.247.87.112 112.87.247.162.dynamic.planters.net at three something this morning. I was asleep at three something this morning.
-
Have you ever set up any email forwarding by chance? Just trying to think outside the box here as to what is going on.
If so, it’d be a different email address being subscribed but then you’re getting those notifications.
Anyone can follow a blog by adding a random email address, so maybe someone is doing that. If they don’t have access to the email address then they can’t verify the subscription.
You could also try changing the email address on your user account here.
-
Nope, I don’t do forwarding. Last time I did forwarding it was in 1999. Yes I am old.
Some of the blogs are asking me to verify, but most are not. It is being linked to my username here melsmarsh and coming up in the feed flooding out the few subscriptions I actually do want to read… like my friend in the peace corps.
The only new information I’ve gotten in the 2+ hours I have been at work here is that there was an access at approximately 3 (or so) am March 5 2020.
IP Address: 162.247.87.112
Reverse IP: 112.87.247.162.dynamic.planters.net
Date/Time: March 5, 2020 1:42 pmIt is currently March 5 9:48 AM (my time) and at three something I was sleeping or trying to.
-
-
OK here is another thing that we also established. Going through siteground and looking at my scheduled posts, they show the correct amount of posts. Going through wordpress.com, there is one additional post reflected. So wherever this hidden post is, siteground doesn’t see it.
What’s bad is I know who hacked me and why, this actually is a deliberate attack.
-
I have issued a re-sync for
afterhourshypnotherapy.comwhich may take up to 24 hours to complete, but that should result in the missing post being found.As for the emails, so we’re on the same page, what email address are they being sent from, and what email address are they arriving at?
- The topic ‘random site subscriptions’ is closed to new replies.
WordPress.com Forums 