Strange BPS Alert Emails

  • Resolved chronicsys

    (@chronicsys)


    4 years, 9 months ago

    Greetings,

    I have received 7 x BPS Alert emails in relation to renamed or deleted BPS (subject: /bulletproof-security/ plugin folder has been renamed or deleted) that appears to originate from a localhost WP installation in New Zealand, that has absolutely nothing to do with me (I am UK based).

    I am concerned how my email has apparently got into someone’s local installation.

    Would it be possible to have the raw headers checked if I forward one of these emails to you?

    Thanks in advance.

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Author AITpro

    (@aitpro)

    4 years, 9 months ago

    Checking the email headers would only tell you the domain or email server where the email was sent from. Most likely this is some kind of phishing email. Don’t click on any links in the email since malicious code could infect your Browser or PC by visiting that website. Hackers hack sites, which then become victim websites and then send email from those hacked victim websites. As far as finding and sending to random email addresses goes that is very simple to do. I receive somewhere in the neighborhood of 200 spam and phishing emails per day to my email addresses. Just delete the spam/phishing emails.

    • This reply was modified 4 years, 9 months ago by AITpro.
    Plugin Author AITpro

    (@aitpro)

    4 years, 9 months ago

    If you want to forward one of the email to me then send it to: info at ait-pro dot com. I won’t be able to view the original email headers, but I can at least let you know if the site in the email is a hacked victim site and if the site contains any malicious code. Note: You can safely view hacked websites by using the Tor Browser with maximum security settings (ie turn off all js scripts).

    Thread Starter chronicsys

    (@chronicsys)

    4 years, 9 months ago

    Hi,

    Thank you very much for chiming in. I am techy. 15+ years, build themes, etc. This is not a phishing email. There is only one link, and it is to http://localhost:8888. (And I have e checked the actual href) Hence me enquiring as to HOW my email address has got into their system.

    quote ..

    When the /bulletproof-security/ plugin folder is renamed or deleted this email alert will be sent to you every 5 minutes. To stop these email alerts from being sent, go to the WordPress Plugins page, click the Must-Use link, click the BPS MU Tools Disable BPS Folder|Deactivation Checks link.

    Website: http://localhost:8888

    … end quote

    No harm done. I was just seeking clarification as to how this might happen.

    Thank you 😉

    • This reply was modified 4 years, 9 months ago by chronicsys.
    Plugin Author AITpro

    (@aitpro)

    4 years, 9 months ago

    I was not sure if you were saying this was a local development site or a Live site using localhost (typically VPS and Dedicated host servers). That particular BPS feature (renamed or deleted BPS plugin folder check) was removed in BPS 4.2 (9-9-2020). The only logical guesses I can think of would be: at some point you used the BPS Setup Wizard Export|Import feature to export and import BPS plugin settings to a local dev site or someone got ahold of 1 of your old zip backup files and imported it into a local dev site or someone randomly used your email address or someone mistyped their email address and it just so happened that that typo matched your email address.

    Plugin Author AITpro

    (@aitpro)

    4 years, 8 months ago

    Assuming all questions have been answered – the thread has been resolved. If you have additional questions about this specific thread topic then you can post them at any time. We still receive email notifications when threads have been resolved.

Viewing 5 replies - 1 through 5 (of 5 total)

The topic ‘Strange BPS Alert Emails’ is closed to new replies.