Reveived a false admin login alert or my site is hacked

  • Resolved Air Dates

    (@air-dates)


    6 years, 10 months ago

    Hi,

    I received an email from Wordfence or WordPress login alert, but in fact it was an email from someone else, and the email looks so weird with lots of text formatting in it.
    The guy was a scammer, and I was afraid that my site is hacked, and he somehow reached my server, or email server.

    But it is an email from WordPress actually, the only difference is that it comes from [email protected] ( where xxxxxxxxxx is my website ) and in the subject column it says “[Wordfence Alert] https://www.xxxxxxxxxx.com Admin Login”

    and the message is like this:

    ----boundary_9132770_c55db526-92ff-4786-9748-f3cbeb95f022
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=UTF-8
.
.starts with above message
.there is a long text formatting in between with our email traffic back and forth
.ends with below message
.
----boundary_9132770_c55db526-92ff-4786-9748-f3cbeb95f022--

    is this s false positive? or is my site hacked by this scammer?

    Thanks

    • This topic was modified 6 years, 10 months ago by Air Dates.
    • This topic was modified 6 years, 10 months ago by Air Dates.
Viewing 2 replies - 1 through 2 (of 2 total)

  • @air-dates,

    I suggest you follow Wordfence’s site cleaning guide to check whether or not your site has been compromised.

    Hi @air-dates
    You don’t need to worry about the “from” email header that contains something like “[email protected]” as this is the default header that WordPress use when no other sender email is configured on your server, do you have a plugin that set the sender email for you? check this guide for more information.

    I would suggest following @yndmgo advice, and please forward this email to “alaa [at] wordfence [dot] com” so I can take a better look at the email body message.

    Thanks @yndmgo, your input is always appreciated.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Reveived a false admin login alert or my site is hacked’ is closed to new replies.