Random email to site administrator from WordPress installation

  • This is one of the weirdest things I’ve seen in years. A friend’s site has sent him a couple of random emails over the last couple of months, each email has a number in the subject line and another number in the body with a link to his wp-login.php.

    The emails look like this:

    Date: 9/15/10
    Subject: 56
    Body: 155 https://DOMAIN.DOM/wp-login.php

    Date: 11/17/10
    Subject: 54
    Body: 153 https://DOMAIN.DOM/wp-login.php

    There is a header in the second email that points me to the follow:
    X-PHP-Script: DOMAIN.DOM/index.php for 67.195.111.185

    The IP identifies itself as a Yahoo crawler. I took a look through the logs and it’s requesting some strange URLs for a crawler. Things like this:

    /tag/lenny-skutnick/ (404)
    /tag/wbur/ (200)
    /wp-content/themes/news/style.css (why does a robot want a stylesheet?)

    Has anyone seen anything like this? Any ideas? I’m officially stumped.

Viewing 6 replies - 1 through 6 (of 6 total)
  • wendizblog

    (@wendizblog)

    I’ve been getting the same emails for the past few months and I noticed someone else just posted about this 2 hours before you did. You’ve found more answers then I have, unfortunately.

    Thread Starter Matt McInvale

    (@mcinvale)

    What plugins are you running? I host a ton of WordPress powered sites and this is the only one that it’s happened on.

    wendizblog

    (@wendizblog)

    I’ve been getting it on all my sites…the only plugin I have in common is WP-Cycle.
    Do either of you use the Genesis Framework?

    Thread Starter Matt McInvale

    (@mcinvale)

    WP-Cycle 0.1.11 installed on this site. It is also running Genesis now, but I believe he’s received the emails with a different theme as well.

    wendizblog

    (@wendizblog)

    I searched the forums where I received the Genesis framework from. The found that it is a Genesis upgrade issue, but will go away as soon as you log into your website and upgrade. This was the final entry in a thread where others had this problem:

    We’ve located the problem. Not to worry, it’s not a hacker or anything ??

    You may see this bug again the next time an upgrade is released, but once you update to the next version (very likely 1.4) then this bug should be fixed for good.

    Thanks!

    PS – being completely up to date will make this problem go away for the current release cycle, needless to say.

    Thread Starter Matt McInvale

    (@mcinvale)

    Excellent. I’ll look into upgrading it. Thanks for the follow up.

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘Random email to site administrator from WordPress installation’ is closed to new replies.