random site subscriptions

  • Unknown's avatar
    melsmarsh · Member ·

    This is what appeared…. (I am going to remove the email address but it is the one I was listed as….

    from: Nemuritoarea de rând <(email visible only to moderators and staff)>
    reply-to: Nemuritoarea de rând <(email visible only to moderators and staff)>
    to: FORMER WORDPRESS EMAIL
    date: 29 Feb 2020, 18:34
    subject: [New post] Cristalul eteric – Bufnita
    mailed-by: b.wordpress.com
    Signed by: wordpress.com
    security: Standard encryption (TLS) Learn more
    : Important according to Google magic.

    Now the thing is most of them are just being added to my newsfeed without sending me any emails.

  • Unknown's avatar
    melsmarsh · Member ·

    Ugh it removed it

    comment-reply @ wordpress.com

  • staff-blorbo · Staff ·

    Oh, comment subscriptions. Your email address is subscribed to receive emails announcing new comments.

    I don’t see any comment email subscriptions under your account. What email address are they being sent to?

    Also, please keep in mind that in order to activate comment email subscriptions, an activation link must be clicked in a confirmation email that is sent with each new subscription.

    If you didn’t do these subscriptions, that would mean that someone has access to your email account.

  • Unknown's avatar
    melsmarsh · Member ·

    You just had me change my email address on the account just a few hours ago. Do you think me posting my email address on here publically would really be wise given all this? Now do you have a private way I can email you and give you that information?

    You actually can get things sent without confirming them. Usually it does ask which I never confirmed and sometimes that is how I knew something occurred which is why I logged into my account and found some were going email and some not. I did get a few emails though which is why I am reporting it. The other way is to log into wordpress and set things that way. I never confirmed subscribing to one of my friend’s feeds because I did it through wordpress itself.

    You can access through gmail a log of all your sessions including the where and information about the computers that were accessing gmail. There is no suspicious activity on the account, I already checked that. My gmail has a 15 character password and 2 factor on it. There are only two things with active sessions. I know which both of them are. Both also get regular virus scans as well.

    How am I getting subscribed to things through wordpress? Most stuff is appearing in my newsfeed and there is no email. I am not adding them.

  • fstat · Staff ·

    Do you think me posting my email address on here publically would really be wise given all this? Now do you have a private way I can email you and give you that information?

    The forum software will automatically redact your email address and it will only be visible to us (staff members).

  • Unknown's avatar
    melsmarsh · Member ·

    OK so the former email address is (email visible only to moderators and staff) the current is (email visible only to moderators and staff)

    And guess what… I have another set of new subscriptions that were added last night. This is now after I have changed my email address with you. This is after I have been logged out of previous sessions. This is after I changed my password. This is after I reput on 2 Factor. This is also after siteground scanned my website. This is now after I beefed up security and hired yet another security team.

    Here are the new ones which I will leave until staff members see them.

    asdhgfkj
    wtryuıuop
    dealsfortr.wordpress.com(opens in a new tab)

    Following
    Settings
    Affordable PBX Solution
    affordablepbxsolution.wordpress.com(opens in a new tab)
    updated 2 years ago

    Following
    Settings
    Fantasticity
    plusod’s universe
    plusod.wordpress.com(opens in a new tab)
    updated 4 months ago

    Following
    Settings
    RRB Vacancy
    All RRB NTPC, RRC, Result, Admit Card, Recruitment, Sarkari Jobs, Sarkari Naukri, Govt Jobs, vacancy, Application Form, Online Form, Date Sheet
    rrbvacancy.in(opens in a new tab)

    Following
    Settings

    maxxblog
    Your Source for Regular News Updates
    maxxblog.com.ng(opens in a new tab)

    Following
    Settings

    Positive note, the resync worked and there is no more “ghost post”

  • Unknown's avatar
    melsmarsh · Member ·

    A few more “sites” were just added to my newsfeed a few minutes ago.

    They can’t be coming from this end anymore. There have been dozens of virus scans I have had several security people check all of my stuff (computers, phone), all of my stuff from siteground, all of my website. Every password I have connected to wordpress or my website has been changed. In some cases I have up to two 2Factor things running. WordPress has been completely eliminated from my phone. I even cleaned up some of the few plugins I have (I’m not a big plugin person since I feel it opens up security risks).

    The only thing I can possibly think of is something is being automated. While at this particular moment my computer is on, normally it happens when it’s off so I’m assuming it’s even less likely to be me. This is the only website where there has been weird activity.

    Are you able to see what is going on?

  • Unknown's avatar
    melsmarsh · Member ·

    And here is an email notification that was just sent to me. There is no reference anywhere in this email account (which note is the new email account I just changed to which no one has access to and no one knows it exists) to having to click to subscribe to email notifications. It just appeared.

    from: LOVE YOUR SPOUSE <(email visible only to moderators and staff)>
    reply-to: LOVE YOUR SPOUSE <(email visible only to moderators and staff)>
    to: (email visible only to moderators and staff)
    date: Mar 6, 2020, 7:00 AM
    subject: [New post] GUESS WHO IS WATCHING YOU ARGUE?
    mailed-by: b.wordpress.com
    signed-by: wordpress.com
    security: Standard encryption (TLS) Learn more
    : Important according to Google magic.

  • Unknown's avatar
    melsmarsh · Member ·

    And before anyone asks, yes I checked spam and trash, the only other emails are notifications from this forum post.

  • supernovia · Staff ·

    I’m logging you out of all locations again for a moment. Silly question but does anyone else have access to your computer that you use to log into WordPress?

  • supernovia · Staff ·

    Also, would you be willing to use something like Google Authenticator for your 2FA for a bit?

    You mentioned too you know who is doing this. Can you send more information? We can reach out over email if needed.

  • supernovia · Staff ·

    Noting too, you’ll only get email confirmations for subscription made with the email address.

    You won’t get them for following new WordPress.com sites through the account. Who else could have access to your account, or to the computers / devices you log into the account with?

  • Unknown's avatar
    melsmarsh · Member ·

    To answer your questions.

    My husband is the only one who would. The last time he used my computer was Jan 21, 2020 which was days after we purchased it. Once all my HIPAA stuff gets placed on it, no one but me can access it otherwise they are accessing patient data. Since he does not live in the same state as I do, that would be unlikely. My computer is never left unattended unless there are two (minimum) locked doors between me and it. Yes that means it comes into the bathroom with me and I usually sleep with it. I live alone most of the time. I suppose the other possibility is my dogs learning how to get into the computer, but their paws are way too big for the keyboard.

    I have Google Authenticator on my phone. If I access wordpress through siteground, that is the 2 factor which gets used. This used to be the 2 factor that even wordpress.com used but then it switched to my cell phone and a few minutes ago started pushing it through the app (which I hate). I have two accounts on Google Authenticator depending on if I am logging in as this user name or my other work email address and that is on top of using it to get into siteground. So if I have 2 factor and then another 2 factor, is it four factor cause that’s what it is getting into the wp-admin part of my site.

    I have suspicions it is one of three people behind it, which specific one I am not sure. Short story is I reported a HIPAA violation to my professional organization which three people were involved in. They in turn put false accusations about me. A few hours after my organization dismissed their investigation onto me, stuff started going haywire since apparently things really started around Feb 14, not Feb 22 which is when there was an issue.

    If you want to send me an email I can give you names. I can also tell you who hacked my website a few years ago too.

    So, according to one of the other staff members on this post the only way I could be getting email is if I clicked a confirmation for subscription. I have been told several times that this is how it worked and I told them it didn’t. Thank you for proving I am not crazy.

    And I only use my computers to work on wordpress. I only have one functioning computer and that is this one. I can’t even log into wordpress through my app since google made up some crazy password when you all asked me to change it.

    Is there a way you all can see when I am logging in? Can you see when I am being added to subscriptions because I just had these added…. since the last time I posted about having things added.

    Traced Elements
    Unearthing Pemberton’s food culture
    tracedelements.com(opens in a new tab)
    updated 2 days ago

    Following
    Settings
    Random thoughts
    Random thoughts of an engineer
    cj3a.wordpress.com(opens in a new tab)
    updated 8 days ago

    Following
    Settings
    karen8pyjama
    karen8pyjama.wordpress.com(opens in a new tab)

    Following
    Settings
    Classi Auto
    Blogificado de Carros
    classiauto.wordpress.com(opens in a new tab)

    Following
    Settings

    Customer Insight Leader
    helping you master the people side of data & analytics
    customerinsightleader.com(opens in a new tab)
    updated 9 hours ago

    Following
    Settings
    Welcome
    lfq.kfh.mybluehost.me(opens in a new tab)

    Following
    Settings

  • Unknown's avatar
    melsmarsh · Member ·

    Did my last thing just post about the answers and the new subscriptions?

  • staff-mckluskey · Staff ·

    Thank you for the additional information. We have reported this to our developers and trying to get to the bottom of this.
    We will let you know once we have an update.

  • Unknown's avatar
    melsmarsh · Member ·

    More information for you if it helps.

    So, the last thing I did last night before I turned off my computer was check to assure I didn’t have anything weird in wordpress newsfeed.

    I powered my computer off at 10:36 pm EST. I turned it on at 7:47 am. I assumed if it was my computer, doing something in the background, surely it wouldn’t do anything when it was off. And my phone I can’t log into because I don’t know the wordpress password because I used google’s random generator. So that means I have nothing of mine that should have been able to do anything right?

    The first thing I did was check my email to see if you responded then I came right here. I checked my blogs following… guess what… we have new ones.

    zqsgertrude5799
    zqsgertrude5799.wordpress.com(opens in a new tab)

    Following
    Settings
    Maddy’s CTW Blog
    maddyctw.home.blog(opens in a new tab)
    updated a year ago

    Following
    Settings
    kidney disease
    Ckd
    kidneymedications.wordpress.com(opens in a new tab)

    Following
    Settings
    Вам зачислели 10000 оков которые можно поменять на деньги!
    hnuzlx5oabiwv.wordpress.com(opens in a new tab)

    Following
    Settings
    jhhh693240984.wordpress.com
    jhhh693240984.wordpress.com(opens in a new tab)

    Following
    Settings
    STORIES
    Shall I compare thee to a summer’s day?
    storiesofgirls1.wordpress.com(opens in a new tab)
    updated 6 months ago

    Following
    Settings

    mepacifica
    mepacifica.com(opens in a new tab)
    updated a year ago

    Following
    Settings

    MnWE
    A Minnesota Conference on Writing and English
    mnweblog.wordpress.com(opens in a new tab)
    updated a year ago

    Following
    Settings

  • staff-mckluskey · Staff ·

    That’s very odd, thank you for reporting that. As I mentioned, we’ll get back to you as soon as we know more.

  • Unknown's avatar
    melsmarsh · Member ·

    Wanted to send a bit of a bonus although I know you all are still working on this.

    1) Yes I have more subscriptions. One just appeared in the last 10 minutes. It’s religious which I am uncomfortable with.

    2) Most confusingly I was able to login twice without a 2 factor prompt. Once a few minutes ago and once just now. I did not check off a remember for 30 days option. No app push, no text, and no google authenticator. I could do everything and it only asked for 2 factor when I clicked on where the profile pick would be for My Profile.

    You might want to know.

  • staff-blorbo · Staff ·

    Thanks, we’ll let you know when we have something!

  • Unknown's avatar
    melsmarsh · Member ·

    Thanks.

    1) Your current update is that they get added approximately 1 site per hour. There were about 43 when I just deleted a bunch.

    2) Some of the things I am being added to are pretty offensive and I am still getting the emails.

    3) I am currently disabling every plugin on my site to see if I can plug the hole. But I don’t really have many plugins on the site. Still could not hurt.

1 2 3
  • The topic ‘random site subscriptions’ is closed to new replies.