• I have the weirdest thing happening. The site’s domain is ‘creativeillusions.biz’. I also have another alias domain, ‘creativeillusionsproductions.com’, that is redirected to my site’s URL. There is no actual ‘site at ‘creativeillusionsproductions.com’. It is simply an alias that points to my site’s URL.

    I have iThemes Security plugin installed on my site. I have iTheme’s notifications being sent to my site’s admin email address, which is ‘[email protected]’. However, I’m getting notifications from iThemes Security from ‘[email protected]’. This email address, nor the alias domain ‘creativeillusionsproductions.com’ are found in my site at all. I’ve searched my database to see if it exists anywhere, but it isn’t. Any ideas where this is being pulled from?

Viewing 1 replies (of 1 total)
  • nlpro

    (@nlpro)

    It’s the result of a xmlrpc Brute Force attack.

    Brute Force (POST) requests to https://www.creativeillusionsproductions.com/xmlrpc.php are not being redirected to creativeillusions.biz

    So when the iTSec plugin generates a lockout on such request it will use creativeillusionsproductions.com ($_SERVER[‘SERVER_NAME’]) in the from (email) address for the lockout email.

    To prevent any confusion, I’m not iThemes.

    • This reply was modified 5 years ago by nlpro.
Viewing 1 replies (of 1 total)
  • The topic ‘Notifications being sent from non-existent email address.’ is closed to new replies.